This is, perhaps, the most unusual of the products we looked at this month. While we certainly do characterize this tool as a threat intelligence tool - and a very good one at that - it has a special capability, as one might guess from the name: SurfWatch C-Suite. This tool was born and bred to provide the types of cyber threat intelligence that executives need in a format they can use. The C-Suite portal is the front-end for an impressive intelligence gathering and analysis framework.
This orientation is obvious. Fom the moment you fire up the SurfWatch portal you are shown the types of questions that executive leadership needs to have answered: What is the cyber risk to my industry sector? What cyber risks are trending? Who's being affected? How does my cyber defense strategy align with the leading risks to my industry? What is the full picture of cyber risk to my industry? And are there breaking events for my sector that I should pay attention to right now? This approach is not surprising since the founders came from the intelligence community and are focused on actionable intelligence at various levels within the organization.
AT A GLANCE
Product SurfWatch C-Suite
Company SurfWatch Labs
Price Starts at $10,000 for a single license based on annual subscriptions.
What it does Provides a distilled view of cyber threat intelligence in a format useful to executive management.
The upshot of the tool's simplicity is that executive users need to consume all of the critical information and none of the chaff in a brief scan of resources. In short, they need to be equipped to ask the right questions of the right people in their organizations. C-Suite admirably provides that level of knowledge. One of the important keys in executive boardrooms is that one size does not fit all. Some leadership may be sufficiently technical and interested enough to dig a bit deeper than the surface. Some may prefer the 40,000-foot level. C-Suite offers both extremes and a lot in the middle.
Drill-downs are the key element of a system that is sort of self-customizable. By that we mean that the user - who may be more or less technical depending on the individual - can set the level of detail deciding how deep a dive they want to take. It is not necessary to call the IT department just to slightly alter a dashboard.
The process starts with the development of your profile. That means information about your business, what industry you are in, who your customers and end-users are, and the role of brand and recognition. Once that is done the tool starts to gather information that is useful to you. One of those is the Cyberfact Timeline. This shows what is happening - relative to your profile - as events on a timeline. Besides showing clearly when activity is happening, this timeline allows you to drill down and see details, such as the top 10 related actors, targets or effects.
Further drill-down, if you are interested, brings up the individual cyberfacts. These represent an event that has potential impact on organizations with your profile. You can drill down even deeper for increased granularity. Another dashboard contains trending risks. These are detailed such that you can understand where your emphasis needs to be. These are simple examples. However, there are some not so simple tasks that C-Suite performs that are of significant value to leadership.
For example, you can see how your security budget fits with trending cyber risks. This is available as a graph that shows clearly how money is being spent relative to where risks that could impact your organization are. Various budget units - such as the IT department - can perform the same analyses. Setting up custom dashboards is straightforward and you can create your own specialized dashboard or you can use specialized dashboards created by SurfWatch for your industry sector.
OUR BOTTOM LINE
This is a very good threat intelligence tool where almost all of the threat sources and analytics are under the covers. It is particularly designed for executive management and contains only the types of information and risks that these folks need to make important decisions. Addressing such things as budgets relative to cyber risk is the core of what top executives need to be able to do. In our experience, there is nothing else containing this focus and delivery currently available.
If you need to communicate key indicators of cyber risk to management in a way that not only makes sense at the executive level but allows managers to tune what they get to suit their own needs, take a long look at C-Suite. We tend to want to take a deeper dive and were tempted to look for a bit more technical depth until we realized that SurfWatch has done a good job of keeping all of that hidden - which, of course, does not mean it's not there.