What is Continuous Controls Monitoring (CCM)?
CCM is an automated, always-on approach to checking your security posture. Instead of waiting for audit season to get a “point-in-time” snapshot, CCM provides round-the-clock proactive visibility into your systems. It replaces slow, manual, and sample-based testing with real-time insights.
Written by: Phil Massyn, Lead Security Consultant, and Felix Phillipose, Senior Information and Cyber Security Consultant
Does the question, “Are your controls working like they should?” make you picture endless spreadsheets and tangled email threads?
You’re not alone. In today’s fast-paced world, security reports often capture a snapshot of an environment at the moment they’re created. The problem? Security changes all the time. In a matter of moments, these reports can become obsolete. If you’re making business and security decisions based on these reports, then you’re making those decisions on outdated information.
This old way of doing things isn’t working anymore. That’s why we’re flipping the script with our Continuous Controls Monitoring (CCM) Accelerator.
The problem with the old way
Aside from the previously mentioned time sensitivity, the traditional approach to security monitoring is messy and doesn’t scale. We’ve seen the same problems again and again:
- Audit-driven fixes: Issues get patched just before an audit, only to re-emerge as soon as the audit is over.
- Manual work: Testing is resource-intensive and simply can’t keep up with a constantly changing threat landscape.
- Fragmented oversight: Security, compliance, audit, and risk teams are often disconnected, leading to gaps in oversight.
- Stale data: Leaders are forced to make decisions using information that is already out-of-date.
CCM changes all of this. If we liken a security breach to a bushfire, then CCM helps you shift from reactive firefighting to proactive prevention.
Introducing the Mantel CCM Accelerator
To help organisations adopt CCM quickly, we built the Mantel CCM Accelerator. It’s designed to give you key insights from day one, built on proven technology, and is easy to extend.
The core principles are simple:
- Host it anywhere. Deploy it in your own cloud environment (AWS, Azure, or GCP).
- Connect your data. Provide your read-only API keys.
- Get instant insights. Start seeing actionable data right away.
Don’t want to spin up a cloud environment? No problem. You can easily clone the open-source repository, configure a few variables, and run it locally on your machine.
What you get on day one
When you start with the Mantel CCM Accelerator, you’re not starting from scratch.
- Pre-built data collectors: We’ve included collectors for popular platforms like CrowdStrike, Tenable, Okta, Azure Entra ID, and KnowBe4. The design is modular, so adding more is a breeze.
- Metrics that matter: Get instant visibility into things like vulnerability posture, identity hygiene (e.g., dormant accounts and password age), and more. The data is modeled with dbt so your cyber and data teams can easily extend it.
- Dashboards for everyone: Our dashboards are designed for the people who use them. CISOs, engineers, and auditors can each see exactly what they need without getting lost in the noise.
“Under the hood, our accelerator runs on a lightweight Postgres-backed stack with data pipelines that flow through dbt for cleaning and modeling. All visuals are pre-built, but can be customised. Everything is built with Terraform, making deployments repeatable and straightforward.”
Phil Massyn | MantelLead Security Consultant
Make it your own
This is an accelerator, not a rigid, one-size-fits-all solution. It’s designed to be a starting point that you can easily tailor to your needs. We often help clients with:
- Integration: Connect to your SSO, your in-house data warehouse, or other reporting platforms like Power BI and Tableau.
- Customisation: Add new collectors and metrics to align with your specific security strategy.
- Deployment: Host it in your own environment with your preferred security controls.
The bottom line: your stack, your rules.
The Impact: what it feels like to switch it on
- Week 0: Your credentials are set and the environment is provisioned.
- Week 1: The first data pulls land. Your baseline dashboards light up, and control drifts start to appear.
- Week 2: Teams begin asking smarter questions because they finally have live evidence. You can decide what to alert on, automate, and track as KPIs. The accelerator becomes a way to steer your security posture, not just a tool for ticking boxes.
Why it matters now
Threat actors don’t book meetings. Controls drift quietly. And boards want live assurance, not a retrospective report from months ago. The number of Australian household names in the news due to security breaches over the last twelve months is cause enough for everyone to up their game.
CCM is the cheat code; it gives you always-on oversight so you can act early, often, and confidently.
Sound appealing to you? The Mantel CCM Accelerator is open-source and waiting for you in our Github repo. There is no catch—use it, make it your own, and contribute code to help others.
If you do need a little helping hand, the Mantel security team have the expertise to support you in building out your CCM platform, from compliance and governance to data engineering and infrastructure.
