This past December, we launched a preview of Risk Manager, a new solution for Cloud Pak for Security, designed to help security leaders with a persistent challenge: how to make sense of their organization’s risk areas and prioritize them for remediation.
“Risk” can be a fairly broad concept, so to clarify, when it comes to security risk, what we’re really talking about there is an organization’s exposure to potential business impact. A security risk event can have major negative consequences for a company’s bottom line. A data breach, for example, that leaks customer or employee P.I.I. can result in substantial fines and lost revenue due to a loss of customer confidence. Similarly, a denial-of-service attack can bring down a company’s website, causing lost opportunities to gain new customers.
There are, of course, many other types of threat events, and many organizations end up deploying numerous security and IT tools in order to avoid, identify and/or block such an event from impacting their organization. Many of these tools come with their own tool or metric to qualify some version of risk. The problem is that each of these tools has their own subjective definition of risk, requiring security leaders and teams to compare apples to oranges to pineapples to grapefruit, and on and on.
Risk Manager was purpose-built to eliminate this problem. Available on Cloud Pak for Security, Risk Manager pulls the security risk data from the IT and security tools linked to the Cloud Pak instance, process that data using a common risk engine, and displays the results in an intuitive set of dashboards to facilitate decision making and remediation.
Using the risk map, a security leader can quickly identify the most impactful risk areas to their business, investigate the types of assets exposed or potential sources of risk. Integration with Cases allows for the analyst to initiate a response without the need to leave the app.
Risk Manager (currently in Beta) of Cloud Pak for Security and is a standard feature on Cloud Pak for Security v1.5. Future releases of the solution will expand on its integration with Cases, adding a new recommendations engine to further facilitate remediation, and will add new capabilities to quantify risk, allowing security leaders to translate their organization’s risk posture into dollars and cents, which will help enhance strategic decision making at the highest levels of an organization.
To learn more about Risk Manager, visit its webpage or explore the data sheet. To find out more about IBM Security’s product and services offerings for risk quantification and management, make sure to register for our upcoming webinar on June 15th.