Announcing Emergent’s Dynamically-Driven Cybersecurity Risk Model

The lightning speed of hackers and cyber criminals creates a highly-dynamic risk environment that makes it difficult for business impacts to be well-defined, quantified, or measured. Most organizations use manual spreadsheet methods that cannot scale or support complex simulations to solve this problem. Adaptive techniques should incorporate Bayesian statistics and artificial intelligence based machine learning — necessary to manage this dynamically changing environment. The only way to stay ahead of digital risk is with an automated system for calculating exposure and impact.

That’s why Emergent is announcing the availability of our latest Instinct Engine™ — a first-of-its-kind self-learning, top-down driven engine that incorporates our Dynamic Driven Cybersecurity Risk Model. This approach allows organizations to dynamically define and construct a top-down model for cybersecurity risk, and implement a bottom-up approach to monitoring it.

Our risk model helps executives answer five key questions:

1. What is our tolerance for cyber loss? (Risk Appetite)

2. In what ways can our business be harmed? (Financial Impact)

3. How can these losses occur? (Scenario Exposure)

4. What contributes to these scenarios? (Dynamic Key Risk Indicators)

5. Does the data suggest they are behaving within expectations? (Nervous Metrics)

Since cyber risks are constantly changing, a static model is insufficient to provide an accurate representation.

Nervous Metrics

A good risk analyst can look at a handful of tactical tools and get a feeling for whether they should be “nervous” about an impending attack or other incident. Our model simulates that instinct by looking at what data you have available and learning about risk exposure in your unique environment.

It uses light-touch data integration to query for summary or metadata from your existing tools and other data sources to see if the conditions for risk exist in your enterprise. Let your first-line cyber and operational tools do what they do best and let our system ask them simple questions. No anomaly detection. No user-activity pattern recognition. Data is compared to established thresholds to see whether your enterprise is operating as expected — to tell you if you should be “nervous” about lurking exposures.

Our clients often ask if they even have the right data necessary to measure risk. Our answer is an emphatic “yes!” The challenge is making sense of it, and keeping up with a constantly-changing environment. You have more data than you know, and you also need less data than you might think.

Scenario Exposure

The revolutionary breakthrough of the Emergent model is the use of a consistent structured scenario-based approach. This enables the dynamic generation of risk exposure and measurement. Emergent also maintains a large repository of ontology objects to enable organizations to accurately describe cybersecurity and other digital incidents.

Each model scenario is a combination of three discrete objects (a Threat Actor, Vulnerability, and a Target) that result in one or more Consequences, creating an Impact on the organization.

Our machine-readable ontology means scenarios can be created dynamically — on the fly — based on changes in your organizations existing risk environment. That means you don’t have to create new scenarios to identify new risks — they are identified through the Instinct Engine™ AI system and represented to a human for review.

Dynamic Key Risk Indicators

The scenarios that are assessed to be the most exposed can be drilled-into to see what data is contributing to their likelihood to occur in the environment. Taken holistically, the system dynamically updates Key Risk Indicators for board reporting.

Projected Financial Impact and Risk Appetite

Based on the scenario approach, business units can understand the potential loss range projecting the financial impact. Scenarios are then aggregated to represent the overall impact at the organization level and for each associated risk category.

All projected financial impact can be aggregated and ascribed to the business units that are exposing the company to higher levels of risk. This is compared against board-approved risk appetite.

To learn more contact Emergent for a demo today!