For the enterprise, dealing with cybersecurity risk is a bit of a no-win situation. It’s something they must do, but it is an expensive investment with a return that is difficult to measure. Moreover, security professionals are often flying blind when it comes to prioritizing security remediation activities from a business value perspective. It’s one thing to know which vulnerabilities pose the highest risk in an abstract sense, but understanding — and quantifying — that risk in the specific context of your organization is a much more difficult task.
As a result, most enterprise security functions manage risk either without any attempt at quantifying it or using industry averages, which are rarely useful in establishing budget or prioritizing security actions. Nehemiah Security thinks that it can change this dynamic. The company engineered its cyber risk platform to bridge the gap between security and business needs. The company’s platform, which they call RQ, is focused on producing what they call verifiable intelligence and helping enterprise leaders answer four key questions: what’s the risk, where’s the impact, how might it happen and how should I respond?
While you may argue that all security systems attempt to answer these questions, what makes RQ different is that it looks at these questions through a business and financial lens. Its risk engine models both the organization’s business model as well as the technology stack that supports it and uses threat intelligence data to model likely attack vectors.
Using this three-tier model, the platform then runs offensive simulations to identify the likelihood of various attacks and the business impact of those attacks, should they occur. The platform combines the results of these simulations into a conceptual risk model that enables enterprise leaders to understand cyber risk in a business context. With that information, the company believes that leaders will be better able to make the right decisions concerning cybersecurity investments, meditation activity prioritization and general business decisions and then adjust them on a real-time basis as the organization’s risk profile changes over time.
Copyright © Intellyx LLC. Intellyx publishes the Agile Digital Transformation Roadmap poster, advises companies on their digital transformation initiatives, and helps vendors communicate their agility stories. As of the time of writing, none of the organizations mentioned in this article are Intellyx customers. To be considered for a Brain Candy article, email us at firstname.lastname@example.org.