This is solving one of the biggest challenges in security today – trusted and timely business context into an organisation’s technology risk. For the first time, enterprises will be able to continuously monitor total security risk, segmented to critical operations. Panaseer’s customers can now use its platform to understand their security risk for any business function and process.
The ability to continuously view risk across all security areas and asset types, personalised for any stakeholder, business process, or business function, paves the way for effective prioritisation and remediation of an organisation’s most critical risks. Views can be seen and reported within any preferred security framework, such as NIST and CIS.
McKinsey’s report, ‘Perspectives on transforming cybersecurity’ outlines that identifying business value and context as it relates to a process or function is a key guiding principle to enable organisations to take a unified approach to prioritising digital assets and risk. The report states, “The CISO’s team, particularly when it is part of the IT organisation, tends to begin with a list of applications, systems, and databases, and then develop a view of risks. There are two major flaws to this approach. First, it often misses key risks because these can emerge as systems work in combination. Second, the context is too technical to engage the business in decision-making on changes and investments.” That is what Business Risk Perspectives set out to address.
Technology powers all facets of business, but previously it has been hard to relate the technology’s security risks to different areas of a business. Risks usually stem from people, processes and technologies, both on-premise and on the cloud – at a faster rate than can be addressed by security and risk teams. This makes linking risk to different mission-critical parts of the business a strategic priority.
Andrew Jaquith, industry veteran, CISO of QOMPLX Inc and author of Security Metrics: Replacing Fear, Uncertainty, and Doubt commented, “Every security team operates in a unique business environment, with unique risks, regulatory pressures and internal perspectives. Security measurements and data need to be shown in customised, contextual and concise ways that allows audiences to make effective decisions about the risks they manage.”
Panaseer was founded in 2014 to address the security measurement market. It recognised the old, manual, consultant driven way of doing risk assurance was unfeasible, so it pioneered a new category of Continuous Controls Monitoring, with its platform that gives visibility of assets and insight into whether controls are in place and working effectively across them. It also enables automated production of metrics and measurement, which tailor insights to stakeholders at every level, enhancing decision-making from the boardroom to the analyst.
Nik Whitfield, CEO, Panaseer, said: “Today marks a major milestone in our strategy to become the de facto automation platform for security measurement. Enterprises are struggling with an explosion in data, too many security tools, increasing scrutiny from external bodies and no let-up in the exploitation of control gaps by adversaries. In a world where there’s too much of everything, we have to be smart and make effective decisions which best protect the business.
“One CISO summed this up perfectly, “Nobody cares about a vulnerability on a Linux server but everyone cares about a vulnerability in our payments process. Those are the same thing, just described differently.” In the past, the technology didn’t exist to give us business aligned insight on a continuous basis – another CISO recently told me, ‘Security metrics are the bane of my life’. With our latest platform release, security and risk teams now have an automated way to prioritise and view risk through the perspective they need, empowering the business to operate with confidence and control.”
For more security news visit here.