ThreatConnect: The Brain of Security

Why Acquiring Nehemiah Security was the Right Decision

Since its inception, ThreatConnect has used the analogy that it wants to be the “brain of security,” to act as its central nervous system providing both decision and operational support. We use this analogy because of the relationship between decision making and taking action that the brain does naturally. What makes humans exceptional at decision making is the ability to review the logical options while simultaneously considering the risk with that particular decision path.

Think about the simple things we do on a given day. We calculate risk when driving a car, walking across the road, even making a decision on whether to get out of bed in the morning. And there is a risk of missing an important business opportunity by blowing off that early meeting should you decide to sleep through your alarm. Without us really trying, the brain is instinctively weighing the impact of each decision we make.

In cyber security, risk is a term we use A LOT, but we really get it wrong and most organizations don’t actually use risk in any meaningful way in their decision making: how much risk does my organization have today, how much risk is my organization willing to accept, how much risk am I minimizing with my security program? What if I changed something – then how much risk do I have? Can we honestly say that these are questions that we know the answers to – or that have been driving our decision making in security these past decades?

In fairness, at the security analyst level, I fully believe that they are seeking to make risk informed decisions, because as I said above the human brain does this instinctively. However,  they can only do that based on the information they are provided. I have not seen many security programs where business context was provided to the analyst to aid in decision making.

Recognizing this reality, organizations are seeking to quantify their cyber risk in order to better align security to the business, drive remediation and response activities, support investment decisions and demonstrate return on security investment. Many have already embraced the move to a quantified understanding of risk – only to be let down as current approaches require too much manual data collection, too much training and professional services support, don’t connect this new found understanding with the ability to take action, fail to meet the need for efficiently and cost-effectively mitigate risk, etc.

At ThreatConnect we believe that understanding and quantifying risk is critical to building an effective security program. For a decade now, we’ve been focused on making the job of security easier, to be the place where security comes to be effective. We began our journey focused on making threat intelligence actionable with our Threat Intelligence Platform (TIP), providing a platform to collect, enrich and prioritize intelligence. We evolved our capabilities to deliver an award-winning Security Orchestration, Automation and Response (SOAR) Platform to market, helping orchestrate and automate security actions with an intelligence-led approach. But we never lost sight of the belief that we needed to incorporate information about the business into all we do. We’ve watched with interest as the Cyber Risk Quantification (CRQ) movement has taken off, keeping an eye on evolving approaches and listening to the experiences of our clients.

We were already making analysts jobs easier, helping intelligence leaders provide value to the business, helping SOC and IR teams more quickly do their jobs.  We are really happy about the value we’ve added across all the people we support and we know we have advanced the state of the security program with an intelligence driven approach.  But, we knew we had  more to do to change the way security works.

The decision to acquire Nehemiah was an easy one as they are ahead of the market in terms of their ability to automate cyber risk quantification. Their vision to harness the power of the security ecosystem by integrating technologies and ingesting data fits perfectly with our vision for reducing complexity – and with market demand for a CRQ solution that actually works the way security needs it to.

In a holistic sense, the marriage of risk, threat and response is the only way to achieve the primary goal of cybersecurity – reducing risk to the organization. Therefore, it’s a no brainer that ThreatConnect would decide to acquire a company that built a cyber risk mathematical model and rules engine to quantify cyber risk.

Cyber risk quantification is the process of evaluating the cyber risks that have been identified and then validating, measuring and analyzing the available data using mathematical modeling techniques to represent the organization’s security posture.

What does this mean for our customers?

  • The ability to prioritize response activities based upon their efficacy in reducing the risk of financial loss or operational impact
  • The ability to more confidently apply security dollars for the greatest return on investment by seeing the risk you buy down
  • It will be easier to justify your spending decisions by talking in terms that CISOs and Boards will understand

Anytime we establish a new security process, integrate a new security product or configure a new control we are attempting to reduce the risk of being attacked or exploited.

With Threatconnect RQ™ we’ll be able to recommend which solutions, based on the native ThreatConnect Platform, are most effective at reducing the chance of certain threats or attacks succeeding against high value assets, targets, lines of business or missions, based on their value to the organization. That’s important because you don’t want to spend a substantial amount of money trying to mitigate risks of attacks that don’t cause as much harm as others may.

With the acquisition, ThreatConnect further delivers on its mission of revolutionizing the way organizations protect themselves by turning intelligence into action. For security executives, their teams and the stakeholders they support across the organization, ThreatConnect becomes a single source to support their mission of identifying and efficiently mitigating cyber risk.

Risk – Threat – Response…ThreatConnect

About the Author
Adam Vincent

Adam is an information security expert and is currently the CEO and a founder at ThreatConnect, Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, four children, and dog.