Good question! The Nixon platform is not static, like most CMDB’s. It actively scans for changes and updates and once a change is detected, the Nixon platform will trigger the responsible team. For example: An online form that processes personal information is detected on a website which was classified as zero privacy risk. The platform can send a trigger to the privacy team to conduct a privacy impact assessment (PIA). These triggers are configurable to fit your needs. When our scanners detect a potential risk (for example a SSL certificate will expire shortly), the Nixon platform can automatically create a support ticket in your favorite ticket system and assign it to the responsible person.
The platform has a three phase approach:
1. The first phase is named “Input and Enrich”.Input: Based on a list that is uploaded by the customer the Nixon platform runs scans to make an inventory of all the behavior of your domains and subdomains. Active webapplications, error pages and domain redirects are presented. Enrich: You review the results so that we don’t add domains to the Nixon platform that aren’t yours. Per application you have the opportunity to provide details of the teams responsible
2. The second phase is named “Analysis”.The Nixon platform performs different type of scans on all your applications and checks for security and privacy risks.
3. The third and last phase is named “Communicate”.All results are presented in your dashboard, providing in-depth insights into risks and problems. Based on the responsibility data provided, we can enable the action by sending an alert to your favorite channel or by opening a ticket in the ticket system that has been configured.