Q&A: Syed Abdur of Brinqa on Cyber Risk Management Platform, Securing Cloud Infrastructures, Trends and MoreMay 14, 2019
It’s 2019 and cybersecurity is top of mind for organizations, doesn’t matter if they are small, medium or large. Regardless of their industry and their sizes, organizations are learning that they are in need of establishing a vulnerability management program to support their security best practices and compliance-driven requirements. To find out more, we spoke with industry expert, Syed Abdur, director of products at Brinqa.
CloudCow: We haven’t spoken before, so can you please provide a brief background on Brinqa?
Syed Abdur: Sure. Brinqa was founded in 2009 by cybersecurity industry veterans Amad Fida and Hilda Perez. In their extensive experience working with enterprise cybersecurity customers, one thing that struck both of them was the increasing complexity of enterprise technology ecosystems and cybersecurity infrastructure charged with protecting it. They founded Brinqa to address the urgent need for a solution to connect and synchronize siloed cybersecurity products, processes and teams towards the unified goal of reducing cyber risk and improving an organization’s cybersecurity posture.
We are the creators of a Cyber Risk Management Platform focused on the modeling, analysis, prioritization, remediation and reporting of cyber risk across traditional and emerging enterprise technologies. With integrations to 100+ security and business data sources, we deliver solutions for those cybersecurity challenges that require a knowledge-driven and risk-centric approach.
CloudCow: Thanks for that update. But it feels like other companies have been doing this before, is that not the case?
Abdur: There certainly have been various technologies in the past that have been applied towards the goal of effectively deriving knowledge and insights from the various tools that comprise an organization’s cybersecurity infrastructure. Governance Risk and Compliance (GRC), Security Incident and Event Management (SIEM), Configuration Management Database (CMDB), IT Service Management (ITSM) are some classes of cybersecurity tools you have heard of that have tried to address this problem. The Brinqa solution differs from these systems in its approach to modeling and representing the technical and business data necessary for effective cyber risk analysis. Our unique “Knowledge Graph” approach makes it possible to seamlessly collect, normalize, correlate and analyze asset, vulnerability, context and threat data. It integrates the various relevant data sources into a single authoritative source of truth that can be utilized by different stakeholders involved in the Cyber Risk Management process.
CloudCow: Can you describe the key benefits enterprises might realize with your solution?
Abdur: Brinqa gives customers everything they need to kick-start the creation of their Cyber Risk Management program with packaged connectors, risk models, standard risk scoring, remediation workflows, and dashboards and reporting. Most of Brinqa’s customers are quickly expanding the scope of their Cyber Risk Management programs to incorporate vulnerability management, application security, cloud and container security, mobile security, configuration management, and identity and access management. Establishing a consistent cyber risk strategy that spans all security solutions and attack surfaces brings teams together to turn their collective knowledge-driven insights into targeted, automated and tracked outcomes that vastly improve the company’s overall security posture.
Our customers use Brinqa to automate many components of their risk management programs – from the collection of all relevant risk data, to the building of risk knowledge, to the communication of risk to all stakeholders, and the risk remediation processes. A true benefit of our automation capabilities is the ability to orchestrate better hygiene in our customers’ asset management solutions. Brinqa reconciles asset management data with live data (network scans, vulnerability scans, other asset databases, 3rd party risk rating scans) and can be used to automate continuous checks and corrections. Corrections can be executed directly or by initiating processes within external sources through API calls and script execution. The result is a consistent understanding of assets that factor into determining their associated risk, better knowledge of their risk posture based on accurate asset information, and the ability to deprioritize false positives in risk while highlighting the most critical risks for remediation.
CloudCow: What is the current state of Enterprise Cyber Risk Management for cloud and virtual infrastructure?
Abdur: While most organizations have well defined policies and processes for responding to vulnerabilities, findings, alerts, and other security gaps in their network and software infrastructure, these practices often don’t extend to newer technologies such as cloud and virtual infrastructure. This can happen for various reasons. For example, InfoSec policy-making is a time-intensive process and for many organizations the development of cybersecurity controls, policies, and processes for newer technologies has significantly lagged behind their adoption rates. Also inventory, discovery, management, assessment and monitoring practices and tools for cloud infrastructure are different from those for traditional infrastructure and are often owned by teams not fully integrated in the InfoSec ecosystem.
With the continued growth and popularity of cloud infrastructure within the enterprise, the need to address these challenges is more urgent than ever.
CloudCow: Talk about some of the biggest challenges that organizations must address in order to secure their cloud infrastructure if you would.
Abdur: Due to some of the organizational and operational challenges I just mentioned, enterprises often struggle to ensure that cloud infrastructure vulnerabilities, alerts and other security gaps are analyzed in context of business impact and exploit likelihood to identify and address the risks that pose the biggest threats. This makes it difficult for cloud risk and security posture to get deserved representation, communication, and visibility on par with other important technology infrastructure components such as network and software infrastructure.
CloudCow: And what major trends do you expect in this area in 2019?
Abdur: We expect organizations to become more engaged and proactive in the design and implementation of their cyber risk management programs. Those that are successful in their efforts are the ones that really understand their technology and cybersecurity ecosystems and are motivated to make the best use of this knowledge. These organizations will continue to extend the scope of their cyber risk management policies and programs beyond network and software infrastructure to cloud, containers, IoT, and mobile devices.
CloudCow: And finally, what can we expect to see from Brinqa later this year?
Abdur: In a few months, we are coming out with our biggest release in more than a year and are very excited about some of the new platform capabilities. The one that I’m personally most excited about is our new Graph Visualization interface which will give Brinqa users direct access to an interactive, visual representation of their Cyber Risk Graph – a Knowledge Graph that connects all relevant security and business data, establishes a common risk language, and powers cybersecurity insights and outcomes.
CloudCow: Thank you for your time, this has been very informative. Is there anything you’d like to add that we may have missed before we end our interview?
Abdur: I would just like to say that we’re very excited to be part of a new and emerging cybersecurity discipline in Cyber Risk Management, and have great expectations for its potential to help solve some of our biggest InfoSec challenges. I would also encourage those of your readers that found this conversation informative, to check out Brinqa’s channel on BrightTalk where we discuss many of the ideas covered here in more technical detail.