informa
/
Analytics
Quick Hits

Startup Arms CSOs With Heat Maps

Technology aims to help CSOs and other security pros translate security issues and risk for upper management
A security startup with a former corporate chief information security officer as its CTO came out of stealth mode today with a new tool that bridges the communication gap between the CSO and the executive suite.

Allgress’ new Business Risk Intelligence 4.0 application provides visual heat maps and data-heavy reports aimed at helping CSOs and other security pros translate security issues and risk for C-level executives and board members.

Chris Armstrong, CTO/CISO of the Livermore, Calif.-based Allgress, is the former CSO for Wyndham hotels, and says he’s seen firsthand how the changing role of the CSO. “The CSO today is really a business guy, a risk manager who’s business-oriented,” Armstrong says. “What we see is the concept of communicating that information to the c-suite -- where risk is in their organization. We give immediate, contextual views of it,” he says. “They want to understand the impact of security on their goals.”

Allgress’ technology basically replaces manual spreadsheets and pivot tables that many CSOs long have relied upon to make their case to upper management for security purchases and strategies.

eBay was one of the first customers of the software. Dave Cullinane, former CISO at eBay, says the tool let eBay see an organization-wide view of its overall risk posture, and that helped sell eBay’s decision-makers that security should be a top priority. “CSOs are struggling to manage risk and to communicate the impact it can have on business. Until they deploy solutions that give them immediate insight into where security gaps are, they are going to continue be plagued by incidents, be left out of the business decision-making process, and fail to gain the resources needed to effectively manage risk,” Cullinane says.

Armstrong says Allgress’ tool for CSOs runs as an app or in the cloud, and basically aggregates data from other security tools such as SIEM systems. It comes with modules that can be run separately or in an integrated way for risk analysis, security and compliance assessment, vulnerability management, incident management, and policies and procedures.

The company basically provides business risk intelligence, he says. “We facilitate the overall management of a security program” and helps CSOs demonstrate cost-justification for security buys, for instance. The software runs in a Microsoft .NET environment, and is priced at $200,000 for the Enterprise Edition, and is also available via month-to-month subscription.

“CSOs consistently comment that nothing gets board-level attention quite like regulatory compliance, or better yet, an actual security breach,” says Derek Brink, vice president and research fellow for IT Security and IT GRC at the Aberdeen Group. “But information security leaders don’t rely on more regulations, or more successful criminals, or the natural replacement cycles of corporate boards to be heard. The evidence from Aberdeen's research is that enterprise risk management technologies are in fact invaluable business tools, which leading companies are increasingly using to help manage successfully in the face of uncertainty and risk.”

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5