August 8, 2022

Balbix brings Snow and Ice to Vegas @ BlackHat 2022

Here we go again – it’s BlackHat time! As you head over to Las Vegas, you might be mulling over recent discussions you have had with your CFO after the Q2 board meeting. 

First, the bucket of gloomy items in your head: 

  • Your company is trimming spending by 25% across the board. 
  • The cybersecurity budget has not been cut, but new spending will be very difficult. 
  • You are struggling to explain why two of your new projects are absolutely necessary. 
  • Of course, the recession memo has not yet reached cyber attackers, so they will be just as active as in the last 12 months! 

And the good items bucket: 

  • Cybersecurity vendors have figured out that you need a deal this year and are offering steep discounts. Similar to the situation at your “gloom and doom” board meeting, VCs have asked their portfolio startups to pick up customer logos and continue momentum no matter what. 
  • There will be lots of announcements and parties. You will be hearing about new techniques to get in, and new methods to counter them. 
  • You will have 3-4 days of your favorite intellectual exercise, trying to figure out how exactly that shiny new tool will protect you from the employee click that will result in ransomware, or otherwise decrease your overall breach risk. 
  • The Balbix CISO party on Monday evening at the Minus5° Ice Bar, where you will have a great time… ?  

Balbix has an announcement too. Sorry, we don’t have a new Gartner-designated 5 letter acronym for this new Balbix capability. Here it is in simple terms: With this new update, your Balbix and SNOW deployments are now best buddies. Balbix can ingest detailed IT and business context from your ServiceNow CMDB and use that to build a more accurate model of your cyber risk. Balbix also pushes fix information via ServiceNow Ticketing such that each operational owner has everything they need to fix or mitigate cyber risk issues as quickly as required based on your organization’s risk appetite. These integrations are maximally automated. That’s it.

Two supeheroes have become buddies

If you care, the obligatory link to our press release is here.

Back to the Basics

As some of you will recognize, this latest Balbix capability attempts to strike the heart of the enterprise cybersecurity problem. With the exploding attack surface, you have gazillion security issues open at any time across your enterprise, 100s of 1000s, perhaps millions, of known vulnerability instances, and with new ones arriving each week. Your teams simply can’t keep up. 

Your biggest challenges in identifying and mitigating these issues quickly are a) manual workflows, b) organizational silos and c) a lack of unified context. Cybersecurity teams take days and weeks to identify assets vulnerable to newly discovered issues and then throw stuff over the wall to IT and business risk owners. All this without the necessary context to drive an appropriate level of urgency for a quick fix. These security issues don’t get addressed in a timely manner, leaving the enterprise at high cyber risk for extended periods of time. 

We all like to blame IT. In IT’s defense, their view of the world is inaccurate and incomplete. Tracing vulnerabilities to the affected apps, and then prioritizing fixes based on the business value of the app, is hard. A lot of data in the CMDB is simply out-of-date. Mapping from vulnerable assets to the appropriate risk and operational owners is also hard. 

Business risk owners don’t really “own” any risk. More often than not, they have no idea how to interpret the data being provided by the security team about vulnerabilities. How bad is it if the patching SLA of 15 days is not met?   

What you need is unification of information from your various tools resulting in better context for all operational tasks. Prioritization of mitigation tasks need to be based on expected financial impact of specific security issues, raw data correlated and distilled into actionable insights, with maximal automation of identify-priortize-mitigate workflows.

This is what the Balbix platform enables, and with this announcement we are able to do this even better.     

Block diagram for Balbix + ServiceNow integration
Balbix + ServiceNow

So what? 

With Balbix and SNOW now continuously talking to each other, what does success look like? 

Because of the business context we bring over from SNOW, Balbix is able to do a much better job of prioritizing CVEs and other types of vulnerabilities based on risk. If you have say 3 SNOW groups, say Material assets, Tier 2 Assets and Tier 3 Assets, you can prioritize all new CVE-instances for these assets differently based on the Tier, as well as vulnerability severity, threat level, exposure and security controls information. 

With automated prioritization, mapping to owners, dispatching and ticketing, vulnerabilities are mitigated a lot faster. Due to Balbix’s dollar-based Cyber Risk Quantification (CRQ) capabilities, you can trade off target time-to-mitigate speed with acceptable cyber risk thresholds. Your teams will become more efficient and effective. Our customers have been able to reduce mean-time-to-mitigate risk issues from months to days. 

Ultimately, this integration results in high quality distributed decision making and quick actions that are aligned with your overall cyber risk reduction objectives. 

Now what? 

This August 2022, with the backdrop of this strange recession, is an opportunity to rethink your cybersecurity program. Instead of being distracted by new and old (even discounted) shiny objects, you can choose to go back to the basics of winning and invest in automation powered by better context. Besides reduced risk and efficiency, this approach will allow you to consolidate and eliminate unnecessary spending. The ROI is instantaneous.  

Maximal automation is the only way forward in cybersecurity. Can you think of any other viable strategy?

See you at the Mandalay Bay! If you want to meet up, please ping us here or visit