The philosophy behind Dashi USM™

Security doesn't need to be complicated, but if you want to beat the hackers at their game you need to get organized. Read on to learn more about the ideas behind Dashi USM™, or jump to:

Security before GRC Freedom within a framework Continuously adapting to change Trust and verify Accessible to all Use the tools that hackers use Blameless by design Unifying SecOps and Management
Get started for free Read on
Philosopher statue

Security before GRC

Dashi USM™ is designed to help you manage your information security program from a security perspective first and foremost, in alignment with the ISO 27001 Information Security Management System standard. ISO 27001 complements and aligns with Governance, Risk and Compliance (GRC) principles and will find a natural home in your GRC framework if you have one. We believe in the value of a good security framework, but were disappointed by the focus on box-ticking compliance over actual security that most ISO 27001 ISMS tools have. If all you want is the certificate, there are plenty of tools that will help you get there. If you want to actually be secure, Dashi USM™ is the tool for you.

We've had great feedback from multiple ISO 27001 auditors who have been impressed with our security-first ethos and how well our security framework is adapted to our actual needs. If this sounds like the kind of approach you'd like to take, we'd love to support you in your journey.

How Dashi USM™ helps

  • Workflow starts with security events, which then feeds into risks, assets and controls.
  • Tightly integrated SecOps and ISMS framework means you're looking at real data, whether you are a developer, system administrator or manager.
  • Pre-populated risk register, risk assessment matrices, asset management, controls, policies, classifications and enforcements structured in line with ISO 27001 best practices give you the best possible starting point for building a quality, bespoke system that works for your organization.

Freedom within a framework

Dashi USM™ does not require you to use any specific hardware, software, cloud services or mobile device management systems. It is an agnostic tool built around the industry standard ISO 27001 Information Security Management System structure, which gives you the framework you need to manage security holistically and effectively without dictating how controls should be implemented.

The structured nature of Dashi USM™ means you can get started quickly and easily, knowing you are following best practices. The flexibility means you can adapt the system to your organization's unique needs and requirements and grow with it as your organization evolves.

How does this work in practice?

  • Cross-linked, pre-populated risk register, risk assessment matrices, asset management, controls, policies, classifications and enforcements structured in line with ISO 27001 best practices
  • Built-in scanning tools are provider and platform-agnostic.
  • Easily ingest data from your own systems.
  • Guided event triage process results in accurate and repeatable risk impact scores and follow-up actions.

Continuously adapting to change

Risk and change are tightly intertwined. A system in pure stasis is not at risk, but we all know all Internet connected systems cannot be in stasis. Hardware can fail, new vulnerabilities are discovered, and changes are constantly deployed. The key is to manage change in a way that minimizes risk while maximizing utility.

Some organizations have a culture of winging it and fixing problems as they arise. Some are so risk-averse that they are almost paralyzed. We don't believe either end of the spectrum is right or wrong. Each organization must weigh the risks and benefits of their approach and make decisions that are right for them. Giving a little thought and consideration and coming up with an approach that fits your organization is the key to success.

How Dashi USM™ helps

  • Simple, pre-populated organizational risk assessment guidelines and risk tolerance thresholds are customizable to your individual requirements and will guide and inform your team as they assess the impact of information security events.
  • Track corrective actions as you methodically treat your highest risks.
  • Proactively scan for vulnerabilities and changes to your environment to stay one step ahead of the hackers and address issues before they can be exploited.

Get started today

Why wait? It's free, including your first 5 vulnerability scans.

Get started

Trust and verify

We believe it is important to trust the people you've hired to do their jobs well. However, even the best qualified and most experienced team members can and will make mistakes. That's why it's important to have a structured, systematic approach to managing security risks, with mechanisms in place to verify that controls are working as intended and your data is as secure as you think it is.

How Dashi USM™ helps

  • Automated scanning tools to catch common configuration and coding errors.
  • Easy cross-referencing of controls, policies, risks and event data to sense check your performance.
  • Get another set of eyes: add comments to events, peer review incidents and corrective actions.

Accessible to all

Information security is not just for big organizations with a lot of resources. Every organization that uses computers and the Internet has information security risks that need to be managed. Dashi USM™ is designed to be accessible to organizations of all sizes and industries, with our free plan allowing you to get started with unlimited users, endpoints and data, and up to 5 free vulnerability scans run monthly.

How we make it accessible

  • We made it free to get started.
  • We built the platform on best of breed open source technology.
  • We made pricing for extra scans and additional services as affordable as possible.
  • Our structured approach means you can get started quickly and easily, even without prior knowledge of the subject, knowing you are following best practices.

Use the tools that hackers use

Hackers are not superhuman. They use tools and techniques that are freely available on the Internet. Dashi USM™ is built on numerous open source security scanning tools, and we're constantly tweaking, updating, and adding new tools to keep up with the latest threats.

By using the same tools that hackers use, we can help you understand your attack surface and identify vulnerabilities before the hackers do. Plus, we've made them simple to use via a web interface, so you don't need to be a command line guru to use them.

Bundled utilities

Dashi USM™ comes with a number of tools built in to help you understand your attack surface and identify vulnerabilities. These include:

  • Host availability checker: ping
  • Port scanner: nmap
  • Vulnerability scanner: OpenVAS
  • Web application scanner: Burp Suite
  • Subdomain scanner: subfuz.py
  • URL checker: curl

Get started today

Why wait? It's free, including your first 5 vulnerability scans.

Get started

Blameless by design

When you assign blame for a failure, you stop looking for the root cause. We believe that when something goes wrong, it's an opportunity to learn and improve, so you can reduce the risk of recurrence.

We've designed the workflows in Dashi USM™ to be blameless, so you can focus on fixing the problem, not on finding someone to blame.

This approach is not just about being nice to your team members. It's about creating a culture of continuous improvement and learning, which is critical to the success of your information security program. Of course there may be times when you need to take disciplinary action, but that should be a separate process from the incident response process. There's room in Dashi USM™ to document your disciplinary process in your policy for those rare cases when it really is necessary.

Facilitate learning

Dashi USM™ facilitates learning by:

  • Highlighting repeat events
  • Creating corrective actions from events
  • Documenting root cause analysis for incidents
  • Having a clearly defined process for triaging events that emphasizes analysis over blame

Unifying SecOps and Management

To be effective, your information security program requires support and buy-in from the top down. Relying on technical measures to protect data without adequate understanding of the threat landscape leave your organization vulnerable to social engineering, insider threats, and other non-technical attacks. To beat the hackers, you need to think like a hacker, which means thinking outside the box and understanding the human element of security.

Dashi USM™ is designed to bring together your technical teams and management, so everyone is looking at the same data and working towards the same goals. This alignment is critical to the success of your information security program.

How Dashi USM™ helps

  • Graphical representation of complex data helps management and technical teams understand each other.
  • Give technical teams the tools they need to scan the environment.
  • Give managers a dashboard view and reporting tools to see a high level overview of the landscape.
  • Allow managers to drill down and see exactly what their technical teams are up to, giving them visibility and oversight capabilities.