Companies Should Assess Their Risk Profile and Align it to a Security Solution

Companies Should Assess Their Risk Profile and Align it to a Security Solution

San Francisco-based Bay Dynamics bills itself as a cyber risk analytics company focused on helping large enterprises measure, communicate and reduce cyber risk. The company is a rising contender in the “threat intelligence” space.

Founded in 2001 as a security and IT consulting firm, Bay Dynamics shifted in 2006 to creating its own security products, and in 2013 launched its current flagship product offering—Risk Fabric.

I had the chance to sit down with Steven Grossman, vice-president of program management, to discuss how Bay Dynamics’ customers are using Risk Fabric to identify and understand vulnerabilities more productively and thus improve robustness of network defenses. Give a listen to our full discussion in this podcast.

Risk Fabric is designed to help companies “contextualize, prioritize and mitigate high severity threats and vulnerabilities to their most valued assets,” Grossman says. It takes the approach of making cyber threats everyone’s business, from line workers to board members and everyone in between.

We discussed how cyber security is no longer an arcane techie task focused on blocking and quickly mitigating live attacks. The complex and complicated digital world we live in is getting more so each day. Bay Dynamics and other vendors focused on extracting useful intelligence from existing security systems advocate taking a risk-focused approach toward operating a company network.

Others pursuing this line of defense include user and entity behavior analytics (UEBA) vendors, like Exabeam and Securonix, and vulnerability analytics vendors, including RiskVision and RiskSense.

Grossman contends Bay Dynamics is the only vendor that provides a “holistic view of cyber risk, with threats, vulnerabilities and assets tied together with the analytics to make it all make sense.”

Business is growing because customers are realizing the value of “simplifying cyber risk management through analytics, automation and prioritization,” and “making cyber risk everybodys business,” he says.

More stories related to risk and information security:
Underwriters, InfoSec officers must close gap on risk management
Organizations must see cyber security as a business risk, not just a technology issue
A network’s ‘vital signs’ offer insight into security risks