Innovative New Work Plan Feature Enables IT Auditors to Centralize and Automate Audit Procedures and Reporting

November 21, 2010 – Application Security, Inc., the leading provider of database security, risk and compliance solutions for the enterprise, today announced the release of AppDetectivePro™ 7 for auditors and IT advisors. The latest version of AppDetectivePro automates and streamlines the database audit process, providing enhanced contextual scanning and reporting capabilities that allow auditors to standardize their extensive processes.

With the AppDetectivePro Work Plan Manager, IT auditors, consultants, and assessors can now centralize and automate their existing audit procedures. The new capabilities significantly reduce the manual effort and man-hours necessary to analyze audit findings, and provide the ability to map audit control objectives to scan policies prior to running the scan. For organizations that require DIACAP compliance, AppDetectivePro 7 provides a built-in DISA-STIG (Defense Information Systems Agency Security Technical Implementation Guide) work plan framework that includes scan policies and questionnaire definitions for each database-specific version. This framework simplifies audits and reduces the time to compliance by consolidating all reporting requirements including CoBIT, COSO, and ISO 27002.

“We’ve removed the painstakingly slow method of manually uploading information from DBA interviews as part of the database assessment and audit process,” said Josh Shaul, vice president, product management, AppSec. “With this release, we’re delivering a level of automation not previously available by integrating automated and manual checks into a single process.”

New AppDetectivePro 7 Capabilities:

Work Plan Manager – Enables organizations to standardize the database audit process and control objectives, including the management of all questionnaires and scan policies.
Questionnaire Editor – Allows users to pair business risk context with database scans.  The questionnaire editor allows users to map control objectives to specific checks within their scan policies.
Audit Findings Report – Delivers a comprehensive database audit report, providing consolidated results for a complete audit that includes manual interview answers and scan results.
SHATTER Knowledgebase Update – Built upon the most comprehensive knowledgebase in the industry, AppDetectivePro provides built-in knowledgebase updates of vulnerability and configuration checks from Team SHATTER, the industry’s preeminent database security research team.
DISA-STIG Compliance – Provides a complete DISA-STIG Checklist Assessment, eliminating the need to run DISA’s SRR’s (Security Readiness Scripts), condensing all findings into one single report for maximum efficiency.
Meets Regulatory Requirements – Meets compliance needs for regulations including HIPAA, SOX, FISMA, PCI-DSS, Mass 201 and more.
“Automating processes that are time-intensive is critical to successful IT audits, said Ilya Zherebetskiy, Senior Manager, Information Protection and Business Resiliency, KPMG. “Knowing that I can let an automated tool scan databases that map across multiple regulatory requirements dramatically improves the overall audit process, regardless of the scale or complexity of that database environment.”

Auditors, IT advisors, and Federal Government OIGs have made AppDetectivePro their database scanning and vulnerability assessment solution of choice. Deployed in over 130 countries, AppDetectivePro has been used to assess hundreds of thousands of databases in every vertical market.