How Brinqa Brings Actionable Insights to Cyber-Risk Management

SECURITY PRODUCT REVIEW: Cybersecurity has become a complex endeavor, requiring advanced analytics and data science to bring relevance to the massive amounts of data collected. Brinqa slays the beast of data analytics with a platform approach that brings actionable insight to the data.

Brinqa.Risk.Mgt

Defining context and performing risk analysis have become the cornerstone of building effective cybersecurity. After all, today’s ideology of risk avoidance has become one of the major methodologies for eliminating the threats posed by the latest attack vectors. Yet identifying attack vectors—as well as building resilient systems—takes a witch’s brew of analytics, data science and insight to create the potion of risk avoidance. This is something many enterprises have struggled to concoct in a speedy manner.

Go here to see a listing of eWEEK's Top SIEM Companies.

Go here to see a listing of eWEEK's Top Predictive Analysis Companies.

Austin, Texas-based Brinqa—that spelling is indeed correct—is offering a prescription for mitigating cyber risk. The company’s cyber risk management ecosystem bundles together the technologies needed to bring forth context and relevance from security data, which is used to create knowledge driven insights to create effective risk avoidance and mitigation policies.

The Platform Approach

Brinqa uses a platform approach that combines data discovery using a data connector framework with an intelligence engine and an automation engine to create visual dashboards that highlight cyber risk. A data design studio offers administrators the ability to build and customize hierarchical models of business functions, processes, infrastructure, and applications.

The company’s ideology of giving administrators the power to access hundreds of heterogeneous data sources, as well as bring big data style analytics into the picture may prove to be a game changer in the evolving cyber risk market. The more data that is fed into the system brings forth more precise insights, building an actionable model for risk analysis and risk avoidance, allowing enterprises to incorporate all feeds from data in motion, further fueling the ability to identify outliers and potential chinks in the data protection armor.

It is important to note that a platform approach that integrates with existing ecosystems will prove to be one of the most important methodologies to deal with cyber risk, which evolves rapidly, meaning that using intelligent processing will be critical to expose previously unseen risks in heterogeneous environments.

VMDashboard

Brinqa is all about centralizing the data and exposing the relevance of that data in a meaningful fashion. The product uses dashboards to visually represent actionable insights around risk. The primary dashboard (left) is designed to present important risk and performance measure that require constant oversight and also highlights any immediate actions necessary. Dashboards can be customized and tailored for specific roles, such as business users, InfoSec professionals, analyst, remediation teams and so on.

Customization is used to show the information that is most relevant to specific users when they first log in to the system. All dashboards and reports support drill-down capabilities driven by user-selectable metrics, which can surface additional information that is the most relevant to the user, making it easier to take action.    

VMScopeReport

Ultimately, Brinqa brings visualization to risk measurement and relays the uncovered risk statistics via reports and dashboards, making it easier for security professionals to assess systems and determine relevant risk. What’s more, the platform is able to quantify the existing coverage of the vulnerability management programs, determine how many assets exist in the program and how many of those assets have been scanned recently, what is scan coverage for individual locations, data centers, etc. This report (right) is used by programs to ensure that their scanning coverage meets set goals.

Hands on with Brinqa Cyber Risk Management Platform

Deploying Brinqa can be a complex endeavor because of the number of data sources with which the platform can interact. However, the company provides pre-built risk/data models, one-click connectors, pre-defined data mappings, libraries of reports and metrics and other tools to ease the configuration burden and help businesses get up and running quite quickly.

The company also offers components for on-premise data gathering, as well as cloud connectors and some hosted elements. These include the Brinqa server, which can be deployed on Google’s cloud services, as well as AWS and other hosts to deliver a true SaaS experiance.

Ultimately, all the analysis and actionable insights are delivered to the Brinqa web application client, which is manifested as a browser-based console accessible from an internet connected PC. The web application runs the dashboards and acts as the interface between the user and the Brinqa server.

It is important to note that processing takes place in the cloud, meaning that no latency is added to applications from Brinqa’s analytical processing and data gathering tasks. What’s more, much of the complexity can be hidden from the end user; Brinqa engineers are available to assist on setup and provisioning of the platform. Once provisioned, most users can quickly come to grasp with everything offered by the platform.

By hosting the platform on a cloud and using agents to gather data, Brinqa has eliminated one of the biggest concerns of those managing network and operational security, the ability to scale. The cloud-based deployment reduces the complexities of scaling up or down by providing on demand provisioning of more resources or the ability to quickly de-provision un-needed resources. That proves important to businesses who have cycles of high application use due to seasonal or other events

One specific area that Brinqa differs from other cyber-risk analysis products is in the concept of building an ontology. Simply put, an ontology in the world of cybersecurity consists of organizing a set of concepts and categories that reveals data properties and surfaces the relationships between those data properties. An example would be creating a category that consists of transactions related by data elements, such as time, source, or location, and then additionally finding relationships between other data elements, such as metadata and network movement.

Ontology as an information science brings value to any ETL (Extract, Transform, Load) process used for data science and analytics. For Brinqa, the company’s solutions are built on a comprehensive, standardized data ontology that clearly defines, delineates and represents the common IT, security and business assets that comprise a typical enterprise technology infrastructure, and the relationships between them.

BrinqaCyberRiskDataOntology

Brinqa’s default ontology is built on cybersecurity best practices, industry standards and the company’s growing experience with real-world customers. Customers have complete access to the data modeling capabilities used to define and develop the default ontology and can further tune the risk models to accurately represent their unique environments.

The ability to adjust risk models is crucial for effective risk analysis. What’s more, most organizations do not rely on any industry standards for implementing technology and security environments. Customization of the risk models allows organizations to leverage custom standards and account for areas where standards have changed over time. Customization allows users to derive better risk insights and better adapt the ontology to meet their specific needs.

Ultimately, Brinqa is able to deliver risk insights that are relevant to an organization, and account for any unique characteristics that have an impact on risk analysis, which can be reflected in a businesses’ cybersecurity data models. Customization is also essential to keep pace with the constant change in the IT and cybersecurity landscape.

The insights and orchestrated data that Brinqa provides can prove critical for organizations seeking to gain control of their data while also establishing compliance and protecting privacy. What’s more, the vulnerability assessment process lends itself well to defining policy and enforcing security rules. The ability to uncover relationships, behaviors and norms is quickly becoming one of the most important abilities of any AI-powered security system. Yet, the challenge has always been one of representing that information is a fashion easily understood by humans. Brinqa’s dashboards, reports and consoles readily accomplish that, allowing humans to take action where needed, before a vulnerability becomes an insurmountable problem.

VMOverviewReport

Categorizing and assigning levels of importance to vulnerabilities help system administrators deal with rapidly evolving cybersecurity challenges. Brinqa does a lot of the heavy lifting by calculating levels of risk, displaying the potential exploits and bringing forth additional data to help teams react proactively. What’s more, the concept of teams is heavily embedded in the Brinqa nomenclature and the company has instituted reports that help in team management.

The package also offers the ability to automate and manage the risk remediation and validation process, which constitutes a natural progression from developing risk insights and prioritizing risks.

The platform can transform the data science of risk detection into remediation tickets. Those tickets can be built using pre-defined rules (policies) that govern determinations of ownership, escalation chains, SLAs and other critical elements, consolidating relevant data into actions, vastly improving effectiveness, efficiency and consistency of threat mitigation.   

ServiceManagementTeamReport

By offering a visual representation of team progress, managers can quickly assess what vulnerabilities are being dealt with and the resources assigned to remediation. That helps to prevent issues from falling through the cracks and provides information that can be relayed to upper management.

All things considered, Brinqa helps to simplify the onerous task of vulnerability management and brings forth the insights and tools needed to deal with vulnerabilities as quickly as possible. The product’s use of a defined ontology furthers cybersecurity professionals to deal with what may be considered unusual situations that may normally go unnoticed.

Brinqa follows a subscription pricing model based on the number of assets in a deployment, with per asset prices starting at $24/asset/year.

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.