The Silicon Review
For a company’s Chief information security officers (CISOs), there might be more than hundreds of cybersecurity metrics to manage. Out of this, only a fraction will be relevant to C-suite and the board. A good CISO is expected to distill data to make it understandable and communicate the risks to a board that doesn’t want intricate details about the technicalities. Data is incoming from all directions, and the leadership is reliant on the CISO to make sense of all the data and choose the metrics that can align with the organization’s goals. A CISO must ensure that the cybersecurity risk is considered a strategic business opportunity, instead of treating it as an operational risk. Navigating the technology and cybersecurity markets is becoming more frustrating and confusing every day. At Consortium, they connect you with like-minded technology professionals to leverage their combined knowledge to add clarity and ease the frustration of choosing the right products and solutions.
“At Consortium, we connect technology and cybersecurity professionals and leverage their combined knowledge to add clarity and ease the frustration of choosing the right products and solutions,” says Tim Murphy, CEO, and President of Consortium. Built on the proven notion of crowd-sharing intelligence, Consortium X—the company’s no-cost, no-risk information exchange platform—fosters a learn-from-peers approach to help security experts and enterprise leaders address the predicaments in choosing the right security solution for their enterprises. Participants on this platform share their intelligence on established companies, new start-ups, and the emerging risks and problems they solve. Consortium X maintains up-to-date lists of technologies, solution providers, business prophecies, or best practices that can help a company quickly and effectively address any cybersecurity issue. This unique concept has helped Consortium Networks establish itself as a frontrunner in the cybersecurity space, catering to more than 300 CISOs and IT professionals within just a few years.
Metrics That Matter
While the Consortium X witnessed immense success, the team at Consortium Networks decided to further move the needle in the cybersecurity space by helping companies understand their cybersecurity maturity level, risk profile, and the gaps in their security posture and product expenditures. As such, they have designed the Metrics that Matter (MTM).
MTM will help organizations identify risks and understand ways to thoroughly mitigate them in a cost-effective way. It will carefully study an organization’s IT infrastructure and assets based on the National Institute of Standards and Technology (NIST) standards. The tool will then map the outcomes to the MITRE CAPEC ( Common Attack Pattern Enumeration and Classification) a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations)) methodology to help organizations understand the level of risks and then map a dollar amount to risk profile. Subsequently, enterprises will understand how to spend effectively to stay safe not only today but also for the future. “Revealing the gaps in an enterprise’s cybersecurity posture, MTM will be able to align risks to dollars. This will also help the procurement officers who need a clear understanding of the requirement and prioritize the purchasing process accordingly,” says LarryPfeifer, Founder of Consortium. Further, following the NIST framework, MTM will enable businesses to be more compliant than ever.
In a nutshell, MTM will show a clear picture of an organization’s entire IT ecosystem and define the best way to channelize the budget to help enterprises stay secure. “This is a solution that the market is starving for. With MTM, IT teams and cybersecurity operators can sit down for merely two hours and know what is going on in their environment or what is going to happen. Also, managing risks would no longer be CISO-specific responsibility; instead, the entire organization would be responsible for it. We call it the Holy Grail for cybersecurity that cybersecurity insurance companies, regulators, security operators, and CISOs are going to be interested in,” Murphy mentions.
While the benefits of MTM are enormous, there is still a pertinent question: is it going to burden the in-house IT teams with additional tasks? Murphy, whose previous role was the Deputy Director of the FBI and spent 35 years in both private and public sectors, assures, “It will not, in fact, help IT teams refactor their current risk management processes in a more expeditious way. MTM follows a simple automated procedure. By understanding an organization’s entire IT infrastructure, the solution will measure the ‘likelihood’ of threats and their financial impact. So, it’s not always a breach versus the dollar. MTM can go into a plethora of different avenues to understand risk factors and present those in a streamlined manner. Following this, it will create a comprehensive risk impact number and categorize the risk factors under three different sections: red (high), yellow (medium), and green (low). Each of these will be associated with a probable estimation of aggregated annual loss for the organization. Not stopping there, Consortium Networks is trying to make the visualization of risks and the dollar amount associated with it more comprehensive for those who have a proper understanding of their IT environment. In such cases, MTM will walk users through a Wizard-based workflow where it will ask users specific questions on the efficiency of their IT ecosystem. The software will then generate a risk impact estimation based on the responses and associate it with the overall risk quantified score. The dollar amount will be calculated considering the company’s size, annual revenue, and impact on the market. So, the risk score might be different even for the entities that are operating in the same vertical. The process will be fast-paced and deliver a reliable outcome to all the concerned members. Interestingly, the information will be presented through a user-friendly interface that everyone can understand (even without a comprehensive knowledge of cybersecurity) in a single session. “With our product, companies can have a full threat matrix—including the map of the entire IT environment, products associated with it, the prevailing security gaps, and the dollar amount—that can be presented to the c-suite and board,” Murphy says. More importantly, MTM will be entirely free for Consortium X members.
We have tested the beta version of MTM with Consortium X portal members and have witnessed tremendous outcomes. “We are excited to launch the full version of this product in August 2020,” says Murphy. “It truly reflects Larry’s altruistic viewpoint on cybersecurity,” he adds. At the end of the day, Consortium Networks’ mission is to continue building solutions, unlike anything the industry has ever seen.
Meet the leader behind the success of Consortium
Larry Pfeifer is the Founder of Consortium. With over 26 years of experience in IT and cybersecurity, Larry Pfeifer is recognized as a leader in helping people and organizations to solve their IT and security-related issues.Larry started Consortium with one goal—helping people. His altruistic views came from organizing a feeding the homeless program in Camden, NJ. From there, he founded Consortium Networks as an avenue to continue to help its members, partners and others.
Tim Murphy is the CEO and President of Consortium. He leads Consortium Networks’ strategic direction, operations, cybersecurity solution development and client services.