Balbix has integrated with ServiceNow to enable customers to automatically add business context to cyber risk data and integrate remediation actions into their existing security and IT workflows. CISOs can shave thousands of hours of the time it takes to operationalize cyber risk quantification (CRQ) dollars and bridge the gap between cybersecurity and the business.
Integration with ServiceNow’s Configuration Management Database (CMDB) allows Balbix customers to automatically ingest business context from their CMBD into the Balbix platform and compare it with asset, vulnerability and risk data from their other IT and security tools and Balbix Combine sensors to create a unit Cyber risk model shown in dollars.
Data is automatically deduplicated, correlated, and derived to reduce the manual work required for teams to add business context to cyber risks and prioritize and measure them. For example, with the integration, companies can now:
- Measure and report the amount of risk in dollars by business unit, manager, asset type, application, regulatory requirements and geographic location (cities, countries, regions).
- Quantify the dollar amount of risk associated with external assets, internal assets, assets managed by IT, and assets not managed by IT.
“Historically, Fortune 500 companies spent thousands of hours of manual work aligning business context with their risk data for board reports, risk analysis and cybersecurity decisions,” said Chris Griffith, chief product officer at Balbix. “Our integration with the ServiceNow CMDB has enabled us to greatly reduce the time it takes to quantify cyber risk. With Balbix, CISOs can continuously and automatically map risk to their business hierarchy and prioritize their highest-risk issues for response.”
Organizations struggle to report specific CRQ results, with 62% saying they can’t monetize their injury risk, according to Balbix’s own 2022 State of Security Posture Report. Additionally, according to the report, 51% of organizations said they that they lack ongoing visibility into asset inventories, making it difficult to correlate risk with business context, and instead rely on siled tools, manual workflows, and qualitative analysis to quantify risk.
“Cyber risk has become a frustrating business risk to manage as leadership teams struggle to accurately quantify their risk and prioritize mitigation initiatives,” said Ed Amoroso, founder and CEO of research and advisory firm TAG cyber. “These integrations address the growing demands that CISOs have to report on cyber risk in a way their business leaders can clearly understand in order to make the right investments and remediate their riskiest vulnerabilities faster.”
In addition to automating advanced CRQ functions, integration with ServiceNow IT Service Management (ITSM) further eliminates manual effort by allowing security teams to create ServiceNow remediation tickets from within Balbix.
This enables security and IT teams to increase productivity by using a familiar and shared remediation workflow system. In addition, security analysts can create vulnerability remediation tickets for a single affected asset or for a group of assets to more efficiently specify remediation tasks and reduce the mean time to remediation (MTTR) of risk issues.
