theDocumentId => 1329086 Balbix Launches Predictive Breach-Risk Platform

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/7/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Balbix Launches Predictive Breach-Risk Platform

The company announces the general availability of its AI-based platform and reveals details of powerful outcomes achieved by design partners and early customers.

SAN JOSE, CA -  Balbix today announced its official launch and general availability of its products. Balbix has built the security industry's first predictive breach-risk platform. Created for CISOs and CIOs, the platform calculates and visualizes an enterprise's cyber-breach risk and resilience across all devices, users and apps in its extended network. This system can be used to predict top breach scenarios, prioritize security mitigations and provide risk insights to prevent security incidents before attacks happen. The company also announced that it has received $8.6 million in investor funding from Mayfield.

"Building cyber-resilience is key in the post-hacked world where it's a matter of when, not if, an enterprise is hacked as the attack surface has increased through the adoption of IoT devices, BYOD and the cloud," said Navin Chaddha, Mayfield Managing Partner and Balbix board member. "Balbix resolves the critical need of CISOs to get ahead of the adversary by enabling them to understand their cyber risk and act to limit the likelihood and impact of attacks. Gaurav has drawn upon his entrepreneurial and deep security expertise and assembled a world-class team that has delivered the industry's first predictive and prescriptive breach risk assessment platform. I look forward to the journey and watching Balbix grow into a leading cybersecurity player."

A number of security firsts
Balbix has built the market's first platform to use predictive analytics and AI to automatically measure breach risk and calculate resilience. Specialized sensors deployed across the enterprise continuously discover and monitor all devices, apps and users across hundreds of attack methods and indicators of business impact. This telemetry data is analyzed by advanced self-learning algorithms and used to build a bottom-up risk model. Within minutes of installing a few sensors, security teams can visualize their breach risk and use this to prioritize operations and projects.

Distinguishing industry-first features include:

  • Comprehensive risk heat-map: The system automatically monitors and analyzes the enterprise network 24/7/365 across hundreds of attack vectors to provide a real-time, searchable and clickable color-coded map of the enterprise. This helps over-burdened security teams prioritize mitigation projects by identifying areas of highest risk and surfacing actionable insights.
  • Predictive risk analytics: Balbix predicts breach scenarios by analyzing indicators of risk, factors that point to the future likelihood of occurrence of security incidents, e.g., user clickthrough behavior indicating high phishing risk. In contrast, existing products rely on indicators of attack or compromise based on security events that have already happened.
  • Effectiveness of mitigations and cyber-resilience: Balbix can compute the effectiveness of security mitigations already implemented and help prioritize planned security projects. The system also measures organizations' cyber-resilience -- the ability to limit the impact of security incidents. 

Risk management is a growing market -- and top-of-mind with the C-suite
The industry need for risk-management solutions, including analytics that predict the impact of business risk, is growing. According to a March 2017, Gartner report, "Definition: Integrated Risk Management Solutions," by John Wheeler, "Gartner also notes a shift to greater investment in risk-based approaches designed to respond more effectively to the growing cybersecurity and related digital business demands facing organizations today. With this shift in investment, Gartner forecasts that the IRM solution market will grow from $3.9 billion in 2015 to $7.3 billion by 2020, representing a compounded annual growth rate (CAGR) of 13.4 percent1." We feel these findings validate a recent survey conducted by Balbix, which included 600 participants, including 250 from the Fortune 500, in which nearly 100 percent of respondents expressed concern about the rapidly expanding attack surface, while 87 percent said they were worried about lateral movement by attackers.

Automate risk assessment to reduce costs
In addition to proactively identifying risk and thwarting attack spread, Balbix addresses the increasingly relevant issue of security spend versus value with its automated risk-measurement capability. Enterprises with 10,000 devices typically pay around $250,000 for two penetration tests (pen tests) a year2. Relying on pen testing to find vulnerabilities or validate compliance is not ideal because the state of the enterprise changes every day. Balbix significantly increases the ROI on enterprise spend by offering comprehensive and continuous risk measurements at annual costs comparable to or lower than a single pen test.

"Today, it is incumbent upon us to assess our risk environment and protect ourselves from advanced threats targeting new technologies and devices, so that we don't suffer a breach, lose our intellectual property or get hit with compliance penalties down the road," said Abe Smith, director of enterprise security at Cavium, Inc. "Balbix allows us to get ahead of our threat environment by proactively identifying the most significant sources of risk in our network and prioritizing those gaps for remediation, enabling us to tightly -- and accurately -- focus our security spending and reduce costs."

Focus on cyber-resilience
"By now it should be clear to anyone that attackers are able to routinely breach enterprises as environments become more complex and new threat vectors emerge constantly," said Anthony Belfiore, SVP and CSO of Aon, a leading global professional services firm. "It is imperative that businesses are able to fully understand and assess their organization's resilience against cyber-attacks, and the risk posture of their key third-party partners."

"Today, security teams are forced to rely on a set of reactive security tools, with no real way to predict how or where a breach is most likely to hit next," said Gaurav Banga, CEO and founder of Balbix. "It is very difficult for security practitioners to assess the true risk posture of an enterprise and communicate this to senior management or the board of directors. By automating predictive risk calculations and providing clear visualization, we let companies know what's most important, so they may channel their security spending where it's needed most. This is key to improving cyber-resilience." 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3663
PUBLISHED: 2021-07-25
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
CVE-2021-23413
PUBLISHED: 2021-07-25
This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...