Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/7/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Balbix Launches Predictive Breach-Risk Platform

The company announces the general availability of its AI-based platform and reveals details of powerful outcomes achieved by design partners and early customers.

SAN JOSE, CA -  Balbix today announced its official launch and general availability of its products. Balbix has built the security industry's first predictive breach-risk platform. Created for CISOs and CIOs, the platform calculates and visualizes an enterprise's cyber-breach risk and resilience across all devices, users and apps in its extended network. This system can be used to predict top breach scenarios, prioritize security mitigations and provide risk insights to prevent security incidents before attacks happen. The company also announced that it has received $8.6 million in investor funding from Mayfield.

"Building cyber-resilience is key in the post-hacked world where it's a matter of when, not if, an enterprise is hacked as the attack surface has increased through the adoption of IoT devices, BYOD and the cloud," said Navin Chaddha, Mayfield Managing Partner and Balbix board member. "Balbix resolves the critical need of CISOs to get ahead of the adversary by enabling them to understand their cyber risk and act to limit the likelihood and impact of attacks. Gaurav has drawn upon his entrepreneurial and deep security expertise and assembled a world-class team that has delivered the industry's first predictive and prescriptive breach risk assessment platform. I look forward to the journey and watching Balbix grow into a leading cybersecurity player."

A number of security firsts
Balbix has built the market's first platform to use predictive analytics and AI to automatically measure breach risk and calculate resilience. Specialized sensors deployed across the enterprise continuously discover and monitor all devices, apps and users across hundreds of attack methods and indicators of business impact. This telemetry data is analyzed by advanced self-learning algorithms and used to build a bottom-up risk model. Within minutes of installing a few sensors, security teams can visualize their breach risk and use this to prioritize operations and projects.

Distinguishing industry-first features include:

  • Comprehensive risk heat-map: The system automatically monitors and analyzes the enterprise network 24/7/365 across hundreds of attack vectors to provide a real-time, searchable and clickable color-coded map of the enterprise. This helps over-burdened security teams prioritize mitigation projects by identifying areas of highest risk and surfacing actionable insights.
  • Predictive risk analytics: Balbix predicts breach scenarios by analyzing indicators of risk, factors that point to the future likelihood of occurrence of security incidents, e.g., user clickthrough behavior indicating high phishing risk. In contrast, existing products rely on indicators of attack or compromise based on security events that have already happened.
  • Effectiveness of mitigations and cyber-resilience: Balbix can compute the effectiveness of security mitigations already implemented and help prioritize planned security projects. The system also measures organizations' cyber-resilience -- the ability to limit the impact of security incidents. 

Risk management is a growing market -- and top-of-mind with the C-suite
The industry need for risk-management solutions, including analytics that predict the impact of business risk, is growing. According to a March 2017, Gartner report, "Definition: Integrated Risk Management Solutions," by John Wheeler, "Gartner also notes a shift to greater investment in risk-based approaches designed to respond more effectively to the growing cybersecurity and related digital business demands facing organizations today. With this shift in investment, Gartner forecasts that the IRM solution market will grow from $3.9 billion in 2015 to $7.3 billion by 2020, representing a compounded annual growth rate (CAGR) of 13.4 percent1." We feel these findings validate a recent survey conducted by Balbix, which included 600 participants, including 250 from the Fortune 500, in which nearly 100 percent of respondents expressed concern about the rapidly expanding attack surface, while 87 percent said they were worried about lateral movement by attackers.

Automate risk assessment to reduce costs
In addition to proactively identifying risk and thwarting attack spread, Balbix addresses the increasingly relevant issue of security spend versus value with its automated risk-measurement capability. Enterprises with 10,000 devices typically pay around $250,000 for two penetration tests (pen tests) a year2. Relying on pen testing to find vulnerabilities or validate compliance is not ideal because the state of the enterprise changes every day. Balbix significantly increases the ROI on enterprise spend by offering comprehensive and continuous risk measurements at annual costs comparable to or lower than a single pen test.

"Today, it is incumbent upon us to assess our risk environment and protect ourselves from advanced threats targeting new technologies and devices, so that we don't suffer a breach, lose our intellectual property or get hit with compliance penalties down the road," said Abe Smith, director of enterprise security at Cavium, Inc. "Balbix allows us to get ahead of our threat environment by proactively identifying the most significant sources of risk in our network and prioritizing those gaps for remediation, enabling us to tightly -- and accurately -- focus our security spending and reduce costs."

Focus on cyber-resilience
"By now it should be clear to anyone that attackers are able to routinely breach enterprises as environments become more complex and new threat vectors emerge constantly," said Anthony Belfiore, SVP and CSO of Aon, a leading global professional services firm. "It is imperative that businesses are able to fully understand and assess their organization's resilience against cyber-attacks, and the risk posture of their key third-party partners."

"Today, security teams are forced to rely on a set of reactive security tools, with no real way to predict how or where a breach is most likely to hit next," said Gaurav Banga, CEO and founder of Balbix. "It is very difficult for security practitioners to assess the true risk posture of an enterprise and communicate this to senior management or the board of directors. By automating predictive risk calculations and providing clear visualization, we let companies know what's most important, so they may channel their security spending where it's needed most. This is key to improving cyber-resilience." 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Sure you have fire, but he has an i7!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27217
PUBLISHED: 2021-03-04
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aes_remove_padding() can crash the running proce...
CVE-2021-22128
PUBLISHED: 2021-03-04
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below versions may allow an authenticated, remote attacker to access internal service such as the ZebOS Shell on the FortiProxy appliance through the Quick Connection functionality.
CVE-2021-23126
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
CVE-2021-23127
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
CVE-2021-23128
PUBLISHED: 2021-03-04
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.