“There hasn’t been one single platform that CISOs can truly rely on for day-to-day decision-making” – until now
Safe Security CEO Saket Modi recently delivered a keynote address to the 2024 FAIR Conference (FAIRCON24), that staked out the leading position for Safe Security in the cyber risk management market – and confirmed that leadership with a product introduction, the SAFE X GenAI-powered mobile app.
FAIRCON24 is the yearly gathering for users of Factor Analysis of Information Risk (FAIR), the gold standard in cyber risk quantification. Safe Security is the technical adviser to the FAIR Institute, and developer of the SAFE One platform, the only solution that fully automates FAIR cyber risk analysis.
We highly recommend you watch the video of Saket’s FAIRCON presentation to understand where cyber risk management has been and where it’s going.
As Saket posed the question, with $200 billion a year spent on cybersecurity and some 4,000 products on the market, why are the hackers still winning, and the hacks only getting worse?
Saket identified a root problem for chief information security officers (CISOs). Those thousands of cybersecurity tools each have a piece of a puzzle that must be assembled manually and subjectively, and in the end produces a picture that’s little more accurate than waving a wet finger in the wind.
What’s worse, they treat cybersecurity as a series of technical problems, not a business problem. But for the business, cybersecurity comes down to managing risk, limiting the organization’s exposure to loss from cyber events, as expressed in financial (not technical) terms.
Saket Modi demos the SAFE One platform at FAIRCON24
“There hasn’t been one single platform that CISOs can truly rely on for day-to-day decision-making,” Saket said, particularly to answer the basic questions of the business on risk management, such as:
- Where to most effectively invest our time and budget?
- How much risk did we burn down last year
- How secure are our crown jewels?
Solutions on the market that claim to measure risk for a CISO don’t measure up.
- SRS tools give an outside-in, partial view of an organization’s defenses
- GRC products have become little more than risk diaries
- Maturity assessments don’t directly measure risk
And then there’s FAIR, that does indeed enable risk assessment in the quantitative terms that business organizations demand. But it has been manual, difficult to scale and requiring expert training – until now.
A risk scenario analyzed in FAIR terms of Likelihood and Loss Magnitude on the SAFE One platform
Safe Security Automates FAIR Cyber Risk Quantitative Analysis
FAIR analysis quantifies the factors shown on the FAIR model representation below and rolls them up into overall numbers for probable likelihood and financial impact giving decision makers a clear picture of the range of outcomes they face.
The innovation of Safe Security’s SAFE One platform is to 1) quantify those factors you see circled and 2) importantly, quantify them in real time with automation for quick guidance on cyber risk management decisions:
- Threat Event Frequency. Safe has integrated over 25 daily threat feeds and integrations with ISAC intel and takes into account threat intel from dark web.
- Susceptibility (to successful attack). 100-plus API integrations from vendors like Wiz or CrowdStrike with deeply embedded AI for processing signals on a daily
- Loss Magnitude. The SAFE One platform provides default values for a wide range of loss drivers, based on data from some of the largest insurance companies, all filtered through the FAIR Materiality Assessment Model (FAIR-MAM). A GenAI assistant reviews any custom data from your organization to keep everything aligned.
Key points for riding this data flow:
- Safe’s solution constantly updates your risk status based on feeds from your integrations. Safe ingests over 7 billion signals a day.
- What we call the Cyber Risk Singularity displays your top risks in one view on the platform with visual alerts if a risk scenario crosses a red line for risk appetite
- You can click through on any risk display to see the underlying drivers, even down to the findings from your telemetry.
- The platform alerts you to significant changes, such as emergence of a new threat actor attacking companies like yours.
- Turn awareness into action. What-if analysis enables you to change variables, such as increasing the capability of data backup or other control, to see the effect on a risk scenario.
- Generate board-ready reports with one click.
Only one platform is built ground-up to answer all the CISO’s questions: SAFE One.
Introducing SAFE X – the Power of Safe Security Risk Management at Your Fingertips
Now imagine the functionality we just described in a mobile app, running on GenAI and responding to your voice queries. As Saket showed the FAIR Conference in a live demo of SAFE X, you might receive an alert that a new known hack has been identified, you click through to see the details on that hack, and check on what’s the probable likelihood and impact if the threat actor attacks you. Or you are considering a new vendor, and through voice commands, you ask SAFE X to add a new third party. The application shows you probable risk depending on the third-party’s access to your data, revenue or network. Then it runs an outside-in assessment of the third party’s controls stack.
“Not only am I asking questions,” Saket said, “that’s reactive, but if something has changed, I get a notification, prompting me to take action.
“The most exciting thing is that this is not an app that shows you things only. It actually allows you to do things. This is the future of GenAI.”
Watch Saket Modi’s Keynote Address to the 2024 FAIR Conference (See the live demo at the 17:00 minute mark)
Watch the introduction video for SAFE X.
CISOs React to SAFE X
Mike Elmore, CISO at the giant pharmaceutical company, GSK, tried out SAFE X and stopped by Saket’s presentation for a reaction. GSK operates in 100 countries, making Mike a very frequent flier. “We are already starting to see a lot of value if you ask SAFE X the right questions,” he said. “This will give me the opportunity when I am in flight and my other teammates are not in the same time zone to ask questions and make a better decision. On that, it is absolutely invaluable for us.”
For more positive reactions to a first look at SAFE X from CISOs attending FAIRCON24 – watch the video.
See for yourself! We made the SAFE X mobile assistant for CISOs available for anyone on a trial basis. Download SAFE X for iOS or SAFE X for Android now.