How security risk is making sense to the corner office

Posted September 10, 2020 by Ken Pfeil, Chief Security Architect

Risk Analysis

As Big Data continues to get bigger, data volume is only one aspect of the expansion. Just as critical for CDOs and business leaders to get a handle on are the growing sources of data. Data sources are expanding, and becoming important as businesses look to capture data from every conceivable end-point – from IoT and fog computing networks to non-transactional records, from cloud object storage to the ever-burgeoning sources of traditional business data.

While there’s Big Data opportunity in these new and emerging data sources, there’s also an obvious security risk that goes far beyond conventional IT security concerns. IT security is just as essential as ever. But the Security Information Event Management (SIEM) systems designed to guard against that risk are 99% IT security related, and not business focused.

At TechDemocracy, we focus on a holistic assessment of a business’s cyber risk. We’re proud that we’ve been included for the first time on Gartner’s magic quadrant for IT Risk Management – for a product that’s only three years in development. And while our system, Intellicta, is only in its infancy, we believe it offers a view of cyber risk that the other players on that Gartner MQ don’t necessarily provide.

Going beyond the SIEM

Consider the acronym for Gartner’s category, ITRM. The “T” of course stands for “technology,” as in IT. But when you start branching out into all the areas of risk management associated with information, you find plenty of other systems that are not even monitored by IT-oriented SIEMs. An anti-money laundering system, for example, is used to monitor business risk at a bank; it doesn’t “run” banking operations, but the data it ingests needs to be presented as part of the bank’s total risk equation.

Which is why we believe we’re in the vanguard of IRM – “information risk management.” Business risk comes from too many data sources these days, not just the technical, core IT aspect of risk. What’s at stake here is the overall health of the business, beyond its core operational components.

One of our key differentiators is that we don’t rely on any one standard or framework. Instead, we developed our own security framework based on what we’ve seen that works best in the industry. It allows us to do an efficient mapping of just about any regulatory standard or compliance measure, including one-to-many mappings of specific controls across the board. A typical use case: An insurance performs an assessment of risk before they underwrite and insure a client.

Risk assessment designed for the C-suite

I invite you to check out our risk assessment framework, which offers twenty-four intersections that we use for correlation and measurement. What’s important for this discussion is how it all maps to three-tiered matrix metric model, as follows:

  • Implementation: This is the bottom layer. How many vulnerabilities, how many attacks, basic minutiae.
  • Management layer: The whole purpose of collecting this data is to answer certain questions, which is how a business derives its key performance indicators (KPIs). This is interpretation of the minutiae from the bottom layer, answering mid-level management questions, like “am I adequately staffed?” “Am I responding to things on a timely basis?”
  • Executive insights: At this layer, the top-level executives and board of directors learn how secure the business is, and how secure it is in relation to their competitors? Are we responding properly? Are we adequately funded?

This last part is another key differentiator for us: The ability to bring a holistic, technical risk assessment into the realm of high-level decision making for a business. Executives get an enterprise-wide view of the risks they face.

And they can drill down to lower levels of technical insight if they want to.

Looking at a dash board, decision-makers can see, for example, that yesterday the cyber risk assessment number was 2.1 and today it’s 4.9. Why? You can drill down to associate the change with certain events – failures, overloads, poor load balancing, etc. Then your “chain of command” can do whatever is needed to bring risk back in line.

Vertica and ArcSight – the underpinnings of TechDemocracy’s Intellicta solution

As I’ve mentioned, our product Intellicta can handle information from just about any device or data source. It examines the data to see if certain infractions are occurring, controls are being violated, and if trends are developing around these anomalies. Micro Focus ArcSight allows us to pull the data into our platform, and then we take that data into the Vertica Analytics Platform, which allows us to crunch large data sets.

If we’re ingesting a large volume of data, Vertica allows us to examine it properly and efficiently. And consequently we can do predictive analytics around that data as well. For example, here’s what we think your estimated financial risk is today. And, based on certain new events, your financial liability is going to go up or down, your breachability is going to go up or down. I think this is the most innovative capability within the ITRM space, and I don’t know anyone in this space, besides us, who are doing this right now.

Take for example a large insurance company. The way of the past was to use large, and I mean LARGE, Excel spreadsheets and ask potential customers to fill our forms, with the understanding that “we’ll take it from there.” But as data companies evolved to direct import of data, we now have the ability to use APIs and direct import from our databases. These same data ingest routines allow our system to do the corollaries via automatic input and visualize the risk. This particular use case involves insurability and adequacy of the insurance – if there’s a really high risk, the company can see the linear progression, and how high the deductibles need to be raised.

From ITRM to IRM – with predictive analytics

The ITRM market has been around for a while, and will continue. But what we are trying to do is get to IRM – the difference being that a business’s vulnerability extends beyond its IT systems to all its information systems, including email, transactions, etc.

This creates more of a business focus for risk management. This is an evolution toward a holistic assessment of business risk, not simply technical risk. And we believe this is an important capability for business decision makers that we are pushing into the limelight.


Acknowledgement: Vertica blog team says, “Thank you!” to our partner and guest blogger, Ken Pfeil, for sharing his insights.

Learn More:
Techdemocracy Case Study
Techdemocracy Data Disruptors Webinar: Delivering Continuous Cyber Risk Assessment

Related Posts:
Data-Centric Security Rules
Vertica Test Results for MDS Security Patches

Related Pages:
Secure Data Analytics
Fidelis Cybersecurity