2023 SC Awards Finalists: Best Risk/Policy Management Solution

Balbix, a cybersecurity risk management firm, has developed a platform that helps organizations understand their cyber risks and communicate them effectively to board members and senior executives. Balbix’s cyber risk quantification (CRQ) capabilities leverage available data, continuously calculating risk from asset-level data ingested from existing tools, including vulnerabilities, threats, exposure, applicable security controls, and business criticality. Users can analyze risk by business unit, by application, by owner, and trace underlying issues driving risk, while gaining actionable insights for risk reduction. The platform provides executives and the board with a clear understanding of cyber risk in dollars, helping to prioritize cybersecurity initiatives and daily mitigation tasks based on monetary risk, instead of relying on ad-hoc scores. Balbix’s platform is differentiated from competitors by being data-driven, maximally automated, accurate and concrete, providing monetary risk computations based on business context, and highly actionable. The Balbix Security Cloud is licensed to customers via an annual subscription based on asset count and use case coverage, with no hardware or software deployment required. Balbix is currently experiencing significant revenue growth, supporting dozens of customers across numerous verticals and geographies.

FireMon has developed a platform that helps organizations manage network security policies effectively. The platform provides real-time policy configuration change detection and alerting, giving customers the visibility and control they need across on-premises, cloud, and hybrid networks. FireMon uses innovative security concern indexing, continually reviewing the entire rule repository and delivering a real-time list of prioritized rules that violate custom business rules or industry best practices, or are identified as critical vulnerabilities. The platform provides customers with real-time visibility of their risk posture by policy rule and asset, and customizable alerts can notify policy administrators of vulnerabilities and automatically provide risk mitigation suggestions. FireMon’s platform is updated quarterly, and modules are updated as needed to keep up with the rapidly evolving cybersecurity landscape. The total cost of ownership varies according to each customer’s unique instance, but on average, customers achieve significant savings with FireMon, including efficiency gains and reductions in misconfigurations and compliance audit preparation time.

OneTrust Third-Party Management extends across security, privacy, ethics and ESG business units, as well as sourcing and procurement, performance management, finance, legal and others to encompass all the operational risks an organization may encounter when working with third parties. Customers can streamline third-party onboarding, auditing, and monitoring; experience fewer business resilience issues and adapt quickly to disruptions; and improve overall program performance. OneTrust Third-Party Management offers one central dashboard for visibility across the third-party inventory; automates risk assessments with out-of-the-box and custom templates; offers ongoing compliance checks, daily updates, alerts and actionable data; generates reports to align to global standards, frameworks and laws; and centralizes historical data and real-time risks in a dashboard. Based on interviews of OneTrust Third-Party Management customers, the solution reduced the time to fulfill a third-party risk assessment by 76%, on average, and decreased the cost to fulfill a third-party risk assessment by 70%, on average.

Qualys has launched a new cloud-based service that aims to revolutionize risk and policy management for organizations amid the rising tide of cyberattacks. The Qualys Vulnerability Management Detection and Response (VMDR) solution provides visibility into internal and external assets, identifying vulnerabilities and prioritizing them based on the risk of exploitation. By enforcing policy actions and remediating vulnerabilities, VMDR reduces organizational risk. The system features out-of-the-box hardening policies based on industry standards and compliance frameworks such as PCI and HIPAA, while integration with ITSM solutions like ServiceNow and Jira fosters collaboration among security, risk management, and IT teams. VMDR has detected 85% fewer vulnerabilities posing the highest risk, enabling organizations to focus on fewer vulnerabilities and take decisive action. VMDR’s ease of use, scalability, and cost-effective pricing make it an attractive option for organizations seeking a robust risk management solution.

Tenable, a leading cybersecurity firm, has launched its Tenable One exposure management platform to help organizations manage their cybersecurity risks in a more unified and effective way. As companies have increasingly adopted new technologies in the past 25 years, their attack surface has expanded beyond traditional IT into areas like the cloud, web apps, and operational technology, making it harder to quantify and act on exposure to risk. Tenable One aims to address this need by offering a comprehensive view of all assets and vulnerabilities to help organizations anticipate and prioritize potential cyber threats. The platform uses machine learning algorithms to enable innovations like Predictive Prioritization, which helps organizations identify which vulnerabilities to mitigate first, and Asset Criticality Rating, which daily rates each asset across the organization. Tenable One also offers cost-saving benefits like complexity reduction and improved integrations, as well as a single licensing model to lower costs. With Tenable One, organizations can communicate cyber risk more effectively and make better decisions to improve their security posture.