Here we go again β it’s BlackHat time! On your way to Las Vegas, you may be thinking about the recent discussions you had with your CFO after the Q2 board meeting.
First, the bucket of dark stuff in your head:
- Your company is reducing spending by 25% overall.
- The cybersecurity budget has not been reduced, but new spending will be very difficult.
- You have a hard time explaining why two of your new projects are really necessary.
- Of course, the recession memo hasn’t reached the cyber attackers yet, so they will be as active as they have been for the past 12 months!
And the beautiful item bucket:
- Cybersecurity vendors know you need a deal this year and are offering steep discounts. Similar to the situation in your “gloom and doom” board meeting, VCs ask their portfolio startups to grab customer logos and keep the momentum going no matter what.
- There will be many announcements and parties. You’ll hear about new strategies for getting in, and new ways to combat them.
- You’ll have 3-4 days of your favorite intellectual exercise, trying to figure out how exactly that shiny new tool can protect you from employee clicks that result in ransomware, or otherwise reduce your overall breach risk.
- The Balbix CISO party on Monday night at Minus 5Β° ice Barwhere you will have a good time… π
Balbix also has an announcement. Sorry, we do not have a newly assigned Gartner 5 letter acronym for this new Balbix capability. Here it is in simple terms: In this new update, your Balbix and SNOW deployments are now best friends. Balbix can pull detailed IT and business context from your ServiceNow CMDB and use that to build a more accurate model of your cyber risk. Balbix also pushes remediation information through ServiceNow Ticketing so that every operation owner has everything they need to fix or mitigate cyber risk issues as quickly as needed based on appetite your organization’s risk. These integrations are highly automated. That’s it.
IIf you care, here’s the obligatory link to our press release.
Back to Basics
As some of you may recognize, this latest Balbix capability attempts to strike at the heart of the enterprise cybersecurity problem. Because of the explosive attack, you have a gazillion security issues open at any time in your enterprise, 100s of 1000s, maybe millions, of known instances of vulnerability, and new ones coming up every week. Your teams can’t keep up.
Your biggest challenges in identifying and mitigating these issues quickly are a) manual workflows, b) organizational silos and c) lack of unified context. Cybersecurity teams take days and weeks to identify assets vulnerable to newly discovered issues and then throw things over the wall to IT and business risk owners. All this without the necessary context to drive the appropriate level of urgency for a quick fix. These security issues are not addressed in a timely manner, leaving the enterprise at high cyber risk for a long time.
We all want to blame IT. In IT’s defense, their worldview is imprecise and incomplete. It’s difficult to track vulnerabilities in affected apps, and then prioritize fixes based on the app’s business value. Much of the data in the CMDB is out of date. Mapping from vulnerable assets to appropriate risk and operational owners is also difficult.
Business risk owners do not actually “own” any risk. More often than not, they have no idea how to interpret the data the security team provides about vulnerabilities. How bad is it if the patching SLA is not met by 15 days?
What you need is unification of information from your various tools resulting in better context for all operational tasks. Prioritization of mitigation work is needed based on the expected financial impact of specific security issues, raw data is correlated and turned into actionable insights, with maximum automation of identify-prioritize-reduce workflows.
This is what the Balbix platform enables, and with this announcement we’re doing it even better.
What now?
With Balbix and SNOW now constantly talking to each other, what does success look like?
Because of the business context we bring from SNOW, Balbix does a better job of prioritizing CVEs and other types of vulnerabilities based on risk. If you have 3 SNOW groups, say material properties, Tier 2 Assets and Tier 3 Assets, you can prioritize all new CVE-instances for these assets in different ways based on Tier, as well as vulnerability severity, threat level, exposure and information on security controls .
With automated prioritization, owner mapping, shipping and ticketing, vulnerabilities are reduced faster. Thanks to Balbix’s dollar-based Cyber ββRisk Quantification (CRQ) capabilities, you can trade target time-to-mitigate speed with acceptable cyber risk limits. Your teams will be more efficient and effective. Our customers have been able to reduce the mean-time-to-mitigate risk issues from months to days.
Ultimately, this integration results in high-quality distributed decision-making and rapid action aligned with your overall cyber risk mitigation goals.
What now?
This August 2022, with the backdrop of this unique recession, is an opportunity to rethink your cybersecurity program. Instead of getting distracted by new and old (even discounted) shiny things, you can choose to go back to winning basics and invest in better context-powered automation. Besides reduced risk and efficiency, this approach will allow you to consolidate and eliminate unnecessary spending. The ROI is immediate.
Maximum automation is the only way forward in cybersecurity. Can you think of another practical approach?
See you at Mandalay Bay! If you want to meet, please ping us here or visit www.balbix.com.