Quantifying a 9x ROI on Greenhill’s Security Program

The Dilemma

John describes the cybersecurity team that supports his state-of-the-art infosec program as “small and mighty.” But there are still a couple of things John was looking for: “I wanted to unify the data from our tools into one place, and in the same format, using the same semantics with accurate prioritization of action items. And perhaps even more importantly, I wanted to measure the effectiveness of my security program and do it over time to show that the program was maturing and improving month over month.”

Enter Balbix

Right from the first moment when he saw a demo of the Balbix platform, John was impressed by the technology. Balbix discovers and inventories all enterprise assets, no matter where they reside, in near real-time. Assets are then continuously monitored for over 100 attack vectors and over 400 asset attributes.

“Annual penetration testing and quarterly vulnerability scans are a legacy way of thinking for me,” muses John. “A lot can happen between today and tomorrow if you’re waiting for 90 days. So, the continuous monitoring offered by Balbix is a huge plus.”

Owning an accurate asset inventory and continuously monitoring all the assets on the network is key to a successful program. The ability to continuously identify and prioritize risk from this information and to act upon is what elevates the program and makes it truly successful. This is the beauty of Balbix.

John Shaffer,
CIO, Greenhill & Co.

“The comprehensive, real-time visibility is unprecedented. Balbix can find needles in the haystack for us. And it gives us the ability to drill down from an enterprise-wide view right into a single CVE at the individual asset level within 2-3 clicks. As a result of this visibility, in 6 months we reduced our mean time to patch by 55% and I am now proud to say that we are in the top 10 percentile of patching posture by industry standards.”

Cyber risk quantification

But even more than the improvements he’s seen to his vulnerability management program, John appreciates Balbix’s ability to ingest data from dozens of existing IT and security tools to automatically quantify his cyber risk.

“Pieces of critical cyber security data are typically scattered all over the place. Until correlated, coalesced and understood contextually, it is just another piece of data—there is no actionability. I got the whole picture from Balbix.”

With Balbix, Greenhill was able to consolidate the data from their security controls like CrowdStrike, Duo, Illumio and others and compute their contribution in risk reduction. “Balbix showed me that the ROI for my entire cybersecurity program was 9x,” says John. “We have invested a lot of money and effort in our security initiatives. With Balbix, for the first time, I was able to see the overall effect of the cybersecurity program and understand the overlapping functionality of various controls, which helped us streamline and optimize cybersecurity spend,” says John.

Reporting to the board made simple

John talks about how Balbix has made his reporting to the board simpler and easier. “In the end, we report to people, and they want to know how we’re doing,” declares John. “These folks aren’t necessarily cybersecurity experts. They read what’s in the paper, they get nervous when they hear top brands being breached. I wanted a system to produce an executive summary of our cybersecurity posture and say to the board “hey, this is what we’re doing” and “we’ve done better over time.” That’s what Balbix gives me.”

Balbix shows the ROI of my entire cybersecurity program. We have invested a lot of money and effort in our security initiatives. With Balbix, for the first time, I am able to see the overall effect of the cybersecurity program.

John Shaffer,
CIO, Greenhill & Co.