This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.
Gartner estimates that global spending on cybersecurity solutions exceeded $81 billion in 2016. The average enterprise with 1,000 or more employees spends about $15 million fighting cybercrime each year, according to the Ponemon Institute. Despite such heavy investments in all types of solutions, many CISOs still find it challenging to answer the questions, “How likely are we to have a breach, and if we do incur a breach, what will be the financial impact?”
The main obstacle to answering those fundamental questions is that much of the information needed to reveal an organization’s state of cyber risk is trapped in product silos, and it’s seldom fully mapped to the organization’s compliance policies.
Technical information about security events can be brought together in a SIEM tool, yielding threat information but not necessarily the organization’s overall security and risk posture. When the CISO gets called in front of the Board of Directors, these leaders want to know how effective the overall cybersecurity program is, not how many threats have been discovered in the company’s computing environment.
TechDemocracy hopes to change that. It says its Intellicta platform offers enterprises a real-time holistic assessment of the cyber risk, security and governance (CRSG) tools used across the enterprise to provide a consolidated view of the organization’s risk posture.
The goal is enable a company to see how well it is complying with regulatory requirements and security standards, including NIST, ISO, HIPAA, SOX, IRA and others necessary to create a risk-based assurance program. A dashboard also provides a “breachability” index; i.e., how likely the organization is to have a cybersecurity breach. This index is calculated by assessing the organization’s infractions of prescribed security controls and the extent of “risky situations” within the overall environment. An example of a risky situation would be an active case of malware in the enterprise network.
The Intellicta platform uses a proprietary CRSG control framework that correlates to four pillars of services:
- Informed – a Strategic Advisory Center of Excellence (COE) – This function assesses ongoing business needs and aligns cyber risk strategy for making informed security investments and maximizing resulting ROI.
- Secured – a Cybersecurity Technology COE – This function designs, implements and maintains integrated, informed, secure and compliant cybersecurity technology solutions, thus protecting business innovation and classified assets against known and emerging threats.
- Governed – a Cyber Risk Governance COE – This function maintains continuous visibility of cyber risk posture and security compliance adherence. It enforces agile threat prevention, risk awareness and effective cyber risk governance across the enterprise.
- Resilient – an Audit and Assurance COE – This function audits cyberattack readiness, response and restoration capabilities. It tests for known and emerging vulnerabilities, and recommends and manages inclusion of remedial actions and strengthening of recovery procedures.
TechDemocracy’s platform is said to work with tools you have already and maps them back to the CSRG control framework. Information that feeds into Intellicta can include security awareness completion rates from a learning management system, endpoint management information, anti-virus information, etc. Data can be fed from a SIEM and vulnerability scanners—whatever sources are already in place. The more sources, the better the data mapping from across the enterprise.
When the Intellicta platform receives the data, it is normalized and correlated back to the established framework as well as to any custom controls the organization wants to specify. The main dashboard, shown in Figure 1, gives a topline overview of the organization’s security posture.
The information that’s presented on the dashboard for any given user changes according to the person’s role in the organization. For example, the CFO might be most interested in viewing the “Estimated Financial Loss” value for that point in time, whereas the CISO might care more about the details of the technical issues behind the Breachability Index.
TechDemocracy says it assists with the onboarding of an organization’s information as well as setting up controls. Intellicta ships with a baseline set of controls that has an estimated risk index, and this is fully customizable by the customer organization. There might be some controls they place higher or lower emphasis on. The customer also adds some basic fiduciary information that goes into the calculation for financial loss exposure. For example, one metric would be the cyber insurance deductible the company is responsible for before any claim would be paid.
The result, the company claims, is a real-time situational awareness system that provides a holistic view of the company’s risk posture. Out-of-the-box as well as custom rules define different situations that would be considered risky; for example, a download of an excessive amount of data that isn’t consistent with what that person typically does. The absence or presence of these types of situations in the environment help drive the real-time scores shown in the dashboard.
The Intellicta platform includes an issue tracker where issues related to risky situations or compliance violations are put in a queue to inform an admin, and this starts the process to take that issue to closure. Intellicta can give an investigator all the intelligence about a risk in order to sufficiently take care of it. It’s a complement to, not a replacement for, other incident tracking and response tools the organization already has.
Intellicta is available as a hosted platform or as an on-premise platform. TechDemocracy says it helps with the implementation, which primarily consists of setting up the integrations with and data feeds from existing cybersecurity tools and configuring the policies and rules.
This platform is intended for boards of directors that are accountable for overall governance; senior business leaders (CEOs, COOs, CFOs) who are responsible for managing the company’s overall risk posture; and senior functional leaders (CISOs, CIOs, CROs) charged with helping their executive teams manage corporate risk. Intellicta provides a real-time assessment of the effectiveness of cybersecurity and risk controls in the enterprise.