Product: Cyber Observer
Company: Cyber Observer
Price: Core product is perpetual license – $40,000 and API connectors are annual-subscription based – $8,000 per connector.
What it does: Dynamically collects performance data from security technologies and translates it into risk scores
What we liked: Direct connectivity (via application program interface) to poll more than 75 industry-leading security technologies
The Bottom Line: This product takes a critical step toward addressing market demand for information security metrics.
Nearly every month online postings and LinkedIn discussions ask for details on information security metrics. This is a hot topic in the industry, with few concrete options for assistance. While organizations have armed themselves with a multitude of security technologies, many of them struggle with developing actionable responses to the data they generate. Metrics provide one piece of the equation as they offer a baseline from which progress can be measured, but they still do not address the challenge of what to do.
Cyber Observer has addressed this challenge with a unified dashboard that displays performance data and provides actionable recommendations. Labeled as a “single pane of glass,” the dashboard is an integrated awareness and visibility management tool designed to proactively identify security gaps. Cyber Observer connects to enterprise IT security technologies to collect, evaluate and display performance data. This information is used to build baseline network behavior so the patented analytics engine proactively can identify security gaps.
At its core, the Cyber Observer is organized around nine best-practice security domains that include areas like account management, malware defense and peripheral security. These domains provide a framework for segmenting information and delivering it to stakeholders based on their interests and needs. Each domain is further supported by pre-defined critical security controls (CSCs). Essentially, CSCs are key performance indicators for the domain that take direct feeds from the selected security technology. As the CSCs change and exceed defined risk thresholds, they have an impact on the risk scoring for the domain they support. Domains and CSCs can be customized to meet the needs of the organization, and there is no limit to the number that can be created. Ongoing data collection refines the parameters to adjust baselines for each domain and provide risk profiling across the enterprise.
The visually rich graphics provide an at-a-glance reference in order to help stakeholders, ranging from CISOs to midlevel managers, effectively identify areas of risk. With the ability to drill down from domains to CSCs, the tool displays areas of concerns, but also provides recommendations for remediation. This feedback provides actionable intelligence to help executives and operations teams proactively address risk, which is based on three types of available profiles:
- Tool Status – a health monitor for each cybersecurity tool providing input to Cyber Observer.
- Deviation from Normal – a visual gap analysis that displays deviations from the standard performance.
- Security Status – performance detail for CSCs along with the recommended steps for improvement.
This technology provides great insight into the often-obscure subject of security program performance. For organizations struggling to understand the value and impact of investing in security technologies, Cyber Observer provides both direct and relevant feedback. The insights it offers can help an organization transition to a truly proactive security program. Cyber Observer is available as a software package designed to be deployed into a virtual or cloud infrastructure. Configuration time varies from hours to days depending on the number of critical security controls and the varying user roles deployed. The base software is a perpetual license priced at $40,000 with ongoing maintenance of $8,000 annually. The API connectors are subscription based and priced at $8,000 each per year.