Balbix Unveils CIS Benchmark Automation

Press Release —

Adds key capability to help businesses comply with new SEC regulations

Balbix, the leader in cybersecurity posture automation, has introduced a new capability that automates CIS Benchmark requirements. With Balbix, compliance teams can not only access current and up-to-date CIS Benchmarks reports but also understand their most significant and critical assets and take steps to mitigate security risks. With Balbix, security and compliance teams can align, improving overall security outcomes for the business.

Although automating parts of CIS Benchmarks isn’t new, businesses often undertake them once a year and don’t understand how these controls reduce security risks. Often compliance teams gather data about assets using a manual scanning tool or through audits or assessments. They add any reported vulnerabilities, misconfigurations, and control information associated with those assets and compile reports in a spreadsheet for auditors to address their requirements. Usually, these steps can take several weeks or months to complete.

As the new Security and Exchange Commission (SEC) regulations take effect, businesses have to identify & disclose incidents after they are deemed ‘material’ within 4 days. Put another way, security and compliance teams must proactively understand their most significant assets and applications, determine if incidents were material, and create disclosure reports within days instead of weeks or months.

Balbix enables security & compliance teams to work in alignment. To start, compliance teams can easily validate if their assets comply with required CIS Benchmarks and other standards.  These reports are always up-to-date and available on real-time dashboards. But it doesn’t stop there. Balbix highlights the most critical assets to a business, plus all vulnerabilities, misconfigurations, control failures, and security issues associated with them. Security teams can use these insights to implement CIS-recommended best practices or go beyond CIS to harden critical assets against additional attack vectors. Compliance & security can use Balbix to be continuously compliant while mitigating security risks most important for the business.

Additionally, Balbix customers can use compliance reports to strengthen risk quantification. Today, Balbix offers a risk quantification product that analyzes millions of data points from assets, vulnerabilities, misconfigurations, threat feeds, and business contexts to show security risk expressed in dollars. With the addition of compliance posture, cyber risk expressed in dollars becomes more accurate.

Daniel Gisler, CISO of Oerlikon Group, stated, “Every year, we spend several weeks manually compiling customer security or security assessment audits. CIS controls are a critical part of this requirement. With Balbix, we can automate CIS benchmarking and reporting for all major technologies: Windows, Linux, and AWS, and continuously comply with 75% fewer resource requirements. Not only can we automate reports but ensure that we efficiently reduce the attack surface.”

Gaurav Banga, CEO of Balbix, added, “Our mission at Balbix is to empower organizations in enhancing their cybersecurity posture through automation and AI. We’re elevating that mission, equipping compliance & security teams to address their concerns holistically, keeping businesses ahead in an ever-evolving threat & compliance landscape.”

To learn more about Balbix, visit

About Balbix

Balbix enables businesses to reduce cyber risk by quickly identifying and mitigating their riskiest cybersecurity issues. Our SaaS platform, the Balbix Security Cloud™, ingests data from businesses’ security and IT tools so they can understand every aspect of their cybersecurity posture, build a unified cyber risk model and obtain actionable insights for risk reduction. With Balbix, businesses can automate their cloud and on-premise asset inventory, conduct continuous risk-based vulnerability management and quantify cyber risk in dollars. Executives and operational teams can make cybersecurity decisions based on data, not opinions.

A rapidly growing set of Fortune 500 companies trust Balbix as the “brain” of their infosec programs and are realizing the benefits of maximally automated workflows and reducing cyber risk. Balbix was recognized in CNBC‘s 2022 list of Top 25 Startups for the Enterprise and ranked #32 on the 2021 Deloitte Fast 500 North America.