Skip to main content
Request a Demo

Eliminate subjectivity, automate FAIR with ThreatConnect Risk Quantifier

TC Logo

Create Unlimited Data-Driven FAIR Scenarios FREE for 14 Days

A Better Approach To OpenFAIR

ThreatConnect Risk Quantifier

RQ’s Approach to OpenFAIR

  • RQ provides pre-populated loss magnitude data that’s based on industry losses. Users can choose our data or tune our values based on their environment
  • RQ computes how likely an attacker is to beat your defenses (Vulnerability node in FAIR) based on your actual defenses and attack path modeling
  • RQ provides outputs that show you which control, or defense, you should improve to mitigate the risk based on financial risk reduction, making FAIR actionable
FAIR Framework RQ Automated

FAIR with Automation

RQ is introducing semi-Automated FAIR Scenarios that use automation to compute the Loss Event Frequency (LEF) portion of the FAIR taxonomy. Combine that with your Loss Magnitude projections and you have the ability to compute the financial impact of risk scenarios rapidly and at scale.

Our Results


Most organizations don’t have a large corpus of loss data to work with, and when they embark on a CRQ journey, they have to execute a time consuming, subjective process. To use the semi-automated FAIR scenarios in RQ all you need to bring are your control ratings – we bring data to the table and combine them with our attack modeling. We analyze losses from across industry to build a “cohort” of loss data based on industry and company size that you can use in your FAIR scenarios – if you choose.


Gathering data for a CRQ effort can be time consuming. Customers who use RQ see results in hours, and spend time working on mitigating risk instead of modeling risk. Creating a semi-automated FAIR scenario in RQ is simple – all you have to do is use your control data or 3rd party scan data to run an automated analysis. Outputs are delivered in minutes and you can start communicating in a defensible manner the same day you start your analysis.


RQ provides actionable, data driven output both on the financial side and on the mitigation side. Using pre-analyzed loss data reduces the uncertainty in the output. And RQ’s approach to mitigations enables you to answer the question of “what should I do to prevent this incident” in financial terms, not subjective guesses.

RQ Automation + Machine Learning

Evolution, not Revolution

RQ enables OpenFAIR practitioners to leverage their existing data and processes to model risk as they have been doing while providing a way to automate and scale the most challenging parts of making the OpenFAIR standard.

RQ provides the ability to integrate with a variety of tools, including: GRC, Vulnerability scanners, CMBD’s and others. It gives you an aggregated view of risk by business unit, application and business process so you can manage your risk across the organization and at multiple levels. All of these features combined evolves your application of the OpenFAIR standard in a way that is scalable, whether you are looking to start your cyber risk quantification journey or expanding your program into other areas. RQ allows you to take a data driven approach to risk that is actionable and can be almost completely automated.