Balbix is integrated with ServiceNow so customers can automatically augment cyber risk data in the business context and integrate remediation efforts into their existing security and IT workflows. CISOs can shave thousands of hours off the time it takes to perform cyber risk quantification (CRQ) in dollars and close the gap between cybersecurity and the business.
Integration with ServiceNow’s configuration management database (CMDB) enables Balbix customers to automatically import business context from their CMBD into the Balbix platform and combine it with asset, vulnerability and risk data from their other more IT and security tools, and Balbix sensors to create a unified cyber risk model presented in dollars.
Data is automatically deduplicated, correlated and predicted to reduce the manual labor required for teams to add business context to cyber risks, and prioritize and measure them. For example, in merging businesses it is now possible to:
- Measure and report the dollar value of risk by business unit, business leader, asset type, application, regulatory requirement and geographic location (cities, countries, regions).
- Determine the dollar amount of risk associated with externally facing assets, internal assets, assets managed by the IT department, and assets not managed by the IT department.
“Historically, Fortune 500 companies spend thousands of manual labor hours mapping business context to their risk data for board reporting, risk analysis and cybersecurity decision making ,” said Chris Griffith, chief product officer at Balbix. “Our integration with ServiceNow CMDB, has allowed us to dramatically reduce the time needed to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk across their business hierarchy and provide -prioritize their issues with the highest risk for response.”
Businesses struggle to report concrete CRQ results with 62% indicating they cannot calculate their risk of breaching financial regulations, according to Balbix’s own 2022 State of Security Posture Report. Furthermore, according to the report, 51% of organizations indicated that they do not have continuous visibility into asset inventories making it difficult to relate risk to the business context, and instead rely on siled tool, manual workflow, and qualitative analysis to quantify exposure.
“Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize initiatives to mitigate it,” said Ed Amoroso, Founder and CEO of research and advisory firm TAG Cyber. “These integrations address CISOs’ growing need to report on cyber risk in a way that their business leaders can clearly understand, to make the right investments and to more quickly resolve their most dangerous weaknesses.”
In addition to automating advanced CRQ capabilities, integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by enabling security teams to create remediation tickets of ServiceNow from within Balbix.
This allows security and IT teams to increase productivity by using a familiar and shared system for remediation workflow. Additionally, security analysts can create tickets to fix a vulnerability for an affected asset or for a group of assets to define remediation tasks more efficiently and reduce mean time to remediate (MTTR ) risk issues.