The thesis behind Balbix is simple— cybersecurity is hard because organizations have a massive and rapidly growing attack surface. There is a myriad of ways by which our networks can be breached. Many organizations lack visibility into their cybersecurity posture and have a poor understanding of their breach risk. Consequentially, the right decisions don’t get made, and the correct actions don’t get prioritized, leaving them wide open to attack and compromise.
To better understand the cybersecurity problem, let’s take a quick look at this picture of the enterprise attack surface.
On the x-axis we have all the different places in your world where things can go wrong. These are your assets— the thousands of devices, apps and users. On the y-axis, we have 100s of attack vectors, ranging from simple things like weak passwords, to more complex things like phishing, unpatched software, encryption and configuration issues, etc.
Every point on this graph represents one way for the adversary to attack the enterprise.
Both x and y axes are very large, growing sets—practically infinite. For example, programmers inadvertently introduce a security bug every few thousand lines-of-code and this guarantees a constantly churning set of zero-days and unpatched vulnerabilities in your environment. Similarly, the number of items on the x-axis grows as we adopt new technologies in the digital transformation of our businesses.
To answer the question—”what is our risk?”, we need to do a complex calculation for each point of this attack surface, and in this calculation we need to take into account information about inventory, vulnerabilities, active threats, exposure, ease of propagation, compensating controls, and business criticality.
This calculation cannot be done using human scale methods anymore. For a medium sized enterprise, there are over a hundred million time-varying state variables that determine its breach risk. For larger organizations this number is several hundred billion or more. Our systems are simply not able to scale with the size and complexity of the enterprise attack surface and deliver the right information to stakeholders.
The Equifax breach and wannacry are excellent examples of this. Leading indicators of vulnerabilities exploited by attackers in these attacks were drowning in a sea of unprioritized security data and were not acted upon.
Software may be eating the world, but cyber-insecurity is the sh*t of software!
Measure, measure, measure…
There is an adage— without measurement there can be no improvement.
Legacy techniques like vulnerability management and penetration testing only look at less than 5% of your attack surface. Security teams today have no way to measure the enterprise’s overall breach risk, or to predict how and where you are most likely to be hit next. Even with an army of people, analyzing the myriad of attack vectors is very difficult. Security operations are mostly reactive, preoccupied with a constant stream of indicators of attacks (IoAs) and compromise (IoCs) relating to past security attacks— a never-ending game of whack-a-mole.
This is the trillion-dollar challenge—how do we secure the enterprise when we can’t see properly?
To get ahead, we need an automated and intelligent way to map our changing attack surface. Also, given the fragility of software, we need to constantly evaluate our cyber-resilience, the ability to limit the overall impact of security attacks— and focus on improving it by deploying the right mitigations.
Imagine … if you could use automation and self-learning techniques to discover all risk related attributes about each network entity, including their business impact. Also, imagine if you could reason about all that could possibly go wrong in the enterprise, understanding your massive attack surface with AI algorithms that closely mimic how human experts analyze risk and mitigations. You would then be able to understand your risk, and organize security activities to improve cyber-resilience, and stop attacks.
This is exactly what we do! Balbix uses deep learning and other specialized AI algorithms to continuously analyze your attack surface and business context and produce relevant insights. Balbix is able to predict where and how breaches are most likely to happen and provides actionable prescriptions to improve cybersecurity posture, avoid breaches and improve cyber-resilience.
Balbix focuses on three broad technical capabilities:
- Gathering of security related information about the enterprise, inside-out and outside-in at massive scale. This includes network traffic, endpoint state, configuration, standard and proprietary cybersecurity data sources, and threat data.
- Real-time analysis of this security information, for breach risk and cyber-resilience, taking into account business criticality.
- Visualization and consumption of this analyzed output, using natural language search, rich clickable heatmaps, insights and prescriptions prioritized by risk, plus integrations and APIs for various enterprise workflows.
We envision that Balbix can be used by organizations to get ahead of the adversary. You can systematically discover weaknesses in your defenses, then transform (or maintain) your organization’s cybersecurity posture and avoid breaches.