Kovrr launched Cyber-Sphere within its Quantum CRQ platform. Cyber-Sphere is a self-populating framework for financial quantification of cyber risk by asset groups, which are groups of devices and resources sharing the same network topology and business function.
This helps large corporations with complex company networks share necessary information for CRQ analysis and provides a more actionable view of security posture for cyber risk management decision-making.
Despite the growing need for financial CRQ, enterprises struggle with mapping and communicating the structure of company networks to third-parties to provide the most complete and accurate depiction of a company’s critical business assets. With traditional CRQ frameworks, like FAIR, the process is tedious, resource intensive, and often lengthy even with the help of advanced asset inventories and mapping tools.
Kovrr’s Cyber-Sphere solves this challenge by offering CISOs a powerful view of the company’s security posture without compromising on accuracy or requiring as much information to perform the quantification. The Cyber-Sphere reflects the main characteristics and properties of an organization to allow for an on-demand and tailored cyber quantification assessment with an unprecedented level of granularity into asset groups and business units.
“Financially quantifying cyber risk is critical for large organizations,” said Yakir Golan, CEO of Kovrr. “In order to do it properly, risk professionals need to perform these assessments continuously instead of quarterly or annually. Cyber-Sphere enables security professionals to routinely assess cyber risk in their organization and provides a view of the financial risk that aligns with the way a company actually operates, making it more understandable to key stakeholders like the C-suite and Board.”
Key benefits of the Kovrr Cyber-Sphere include:
- Asset visualization: Offers a comprehensive view of all data types across an organization including internal and third-party technologies, network architecture, configurations, compliance with regulations and cloud environments. Allows companies to allocate budget more efficiently per business unit and asset groups.
- Autonomous data integration: Automatically integrates key internal data sources into a single view of an organization map including internal security controls such as EDR, SOAR, SIEM/SOC and endpoint protection, as well as asset inventories.
- Asset group financial quantification: Communicate financially quantified cyber risk insights from a macro view of an organization’s exposure down to highly granular asset and security control level insights. Organizations can isolate asset groups and identify interdependencies between them for the first time.