Elevate Security unveils human attack surface management platform

Elevate Security launched a new platform that addresses one of cybersecurity’s biggest unsolved problems – human error – with an intelligent, customized and automated response to employee risk across an organization.

Pioneering a new category in cybersecurity, human attack surface management, the Elevate Security Platform ingests the entirety of an organization’s data to gain benchmarked visibility into human error, enabling CISOs to proactively tailor security controls and create ‘safety nets’ for the riskiest employees.

Two-thirds of data breaches are tied to human error, yet organizations lack meaningful visibility into what is causing the breaches and the controls to reduce them. Enterprises continue to invest millions of dollars on technologies to combat breaches but they fail to protect the human attack surface.

Human attack surface management takes a holistic approach to human risk, aggregating data across an organization’s technology to build a Human Risk Score for each employee and measure the security strength and inherent risk across an organization.

The scores enable security teams to proactively tailor real-time security controls for the riskiest employees, continuously providing feedback on how they can improve, while also loosening controls or training requirements on employees who are lower risk.

“With human attack surface management, we’ve created an entirely new approach to cybersecurity – one that allows enterprises to turn existing security data into deep insights on employee risk including access levels, security decisions and frequency of attack,” said Masha Sedova, co-founder and chief product officer of Elevate Security.

“The Elevate Security Platform gives CISOs unprecedented visibility and control into how different employees, departments, regions and groups across the organization rank for cybersecurity vulnerabilities, enabling companies to strengthen their overall cyber defense strategy.”

Enterprises typically address employee risk by implementing more technology and generic awareness training programs. However, as a report released today by Cyentia Institute reveals, traditional cybersecurity risk mitigation efforts, such as employee training and phishing simulations, fail to actually reduce risk and have no significant effect at the organizational level.

For example, while a small percentage of users (~7%) execute or download malware, this grows to 31% among departments and to 100% certainty of someone executing malware at the organizational level.

“Using the Elevate Security Platform, CISOs get unique insight into their riskiest employees and can set tailored security controls focused on those employees, as opposed to resorting to broad and excessive restrictions that introduce more friction into the business” said Robert Fly, Elevate Security’s co-founder and CEO.

“The Elevate Security platform uses real-world attack and access data to give companies a back-to-basics understanding and visibility into human error and allows CISOs to translate the security team’s efforts into the language of business risk.”

Developed for enterprises, the Elevate Security Platform provides:

• Benchmarked visibility that gives CISOs insights into human risk within the organization and analytics that allow them to compare their risk score relative to their peers, competitors and different industries
• Proactive tailored security controls that enable security teams to limit or expand access to sensitive company data, loosen or restrict internet browsing policies, set appropriate authentication policies and control other activities depending on the employee’s risk level
• Employee feedback, which fosters dialogue between security teams and employees and shares key insights with employees on their security performance so they know where they are falling short and where they are improving or doing well