Building Predictive Cyber-Risk Assessment in the Post-Hacked World
Cybersecurity remains a top concern for enterprises. Fears of hacking and data loss are constantly making news around the globe. On the front pages of major media outlets, anxiety-stoking news made internet security a constant presence this past year. From Target, Department of State, Heartbleed, Sony, DNC, Disney, WannaCry, Yahoo!, the U.S. elections … the drumroll continues unabated. We are now in a world, where it’s a matter of when, not if, an enterprise is hacked. I call this the post-hacked world. Hence building cyber-resilience has become a key priority for the C-suite.
Investors have poured over $13B into hundreds of cyber-security startups over the past five years, and yet, the pace of breaches keeps increasing. The cyber-security problem is clearly one of the hardest and most important problems facing us, but do we really need yet another security company?
We got a thought-provoking answer to this question when we met with Gaurav Banga in the fall of 2015. Gaurav is a proven entrepreneur, technologist, and a security expert, having previously co-founded cyber-security company Bromium. Under his leadership, Bromium saw rapid adoption by a large number of Fortune 500 companies and key government agencies.
A new approach
The modern enterprise has a massive and fast-growing attack surface. Every new technology, every new application or device that we deploy — IoT, BYOD/BYOA, cloud, — comes with an incremental attack surface — i.e., new ways for the adversary to strike. We need to measure this attack surface with a predictive risk lens, in order to pick, and execute, the right security projects.
Organizations today don’t have a good idea of their security posture. Too many new threats emerge every day, making it very difficult for C-level executives to get a good handle on their digital risk. The enterprise security practice is very reactive, constantly dealing with a relentless stream of security events — corresponding to attacks that have already happened — and is unable to get ahead of attackers.
Deploying additional new products for better analyzing or reacting to the exhaust fumes of attackers is not going to help. Corporate leaders across the board are now looking for a way to change this game. Companies need a way to proactively understand their evolving attack surface, and how their digital defenses will hold up under attack. Being able to accurately measure predictive risk is critical to getting ahead of attackers!
During the last 18 months, Balbix has built a platform that does exactly this — delivering automated and comprehensive calculations of enterprise risk -using AI — drawn from continuous observations of the extended enterprise network, combined with a really cool visualization system — to allow enterprises to accurately measure and understand cyber-security risk.
Balbix emerged out of stealth today, announcing the general availability of the industry’s first predictive cyber-risk assessment platform. The Balbix platform can be used to predict top breach scenarios, prioritize security mitigations, and provide risk insights, to prevent security incidents before attacks happen.
We also know this is just the beginning — an accurate measurement of risk is just a precursor to the “risk aware” self-defending enterprise networks that Gaurav envisions. As lead investors in Balbix, we are proud to announce our Series A investment and share our excitement in helping Gaurav and his team build the next big cyber-security company!
Originally published at www.mayfield.com on June 6, 2017.
Navin Chaddha on Building CyberResilience in a Post-Hacked World was originally published in Mayfield Viewpoints on Medium, where people are continuing the conversation by highlighting and responding to this story.