At this week’s RSA Conference, Bay Dynamics is receiving the Most Innovative Risk Management Solution for 2017 presented by Cyber Defense Magazine.
Since launching our flagship cyber risk analytics platform in 2013, Risk Fabric®, has increasingly become the risk management centerpiece inside some of the largest enterprises worldwide. In its early years, Risk Fabric primarily focused on User and Entity Behavioral Analytics (UEBA) to help enterprises identify and stop insider threats. However, as the threat and vulnerability landscape evolved, we quickly realized that UEBA was just one slice of the cyber risk management problem. That without additional business context such as the value of the asset at risk, associated vulnerabilities and indicators of attack, UEBA just added more, albeit qualified, alerts to the pile.
We evolved Risk Fabric so that it focused first and foremost on protecting high value assets. The platform pulls together cyber risk data from siloed security tools across the enterprise environment, adds a layer of its proprietary UEBA as well as the value of the asset at risk and additional business context from application owners and delivers a prioritized list of the most critical vulnerabilities and threats to stakeholders responsible for mitigation.
In 2015, Risk Fabric won the Cyber Defense Magazine award for Best Risk Management Product.
Which brings us to today. This year’s Most Innovative Risk Management Solution win is particularly notable because it was driven by another significant evolution of our Risk Fabric platform. At RSA, we are unveiling our new Application Value at Risk module, which is a part of Risk Fabric.
The module is the first-of-its-kind to continuously quantify the financial impact of cyber risk based on actual threats and vulnerabilities detected in the enterprise environment. Because Risk Fabric has been collecting, analyzing and correlating threat and vulnerability information across the enterprise environment since its infancy, the next natural step was to use that data to continuously calculate the financial impact of cyber risk.
Value at Risk is not a new concept for other parts of the business. For years, CFOs, CEOs and other enterprise leaders have used the metric to drive decision making. Yet, the concept has yet to be applied to cyber security. Attempts in the past of fallen short with experts guesstimating probabilities based on point in time estimates that do not reflect the situation on the ground on any given day.
A more practical method for calculating Value At Risk is based on actual threats and vulnerabilities detected in the environment and then prioritizing remediation actions based on those that reduce financial impact the most.
That’s exactly what Risk Fabric is doing, and it’s enabling security executives to speak the board’s language – dollars and cents – by also showing how much risk was removed from the business due to actions taken.
Stop by our booth – South Expo Hall #1607 – this week to see for yourself! We would be happy to show you a demonstration.