Consortium Networks: Metrics that Matter from Security Operators to the Boardroom
Driven by the zeal to help such companies select the right cybersecurity tools, Larry Pfeifer—with 26 years of experience in IT and cybersecurity—laid the foundation for Consortium Networks. “At Consortium, we connect like-minded technology professionals and leverage their combined knowledge to add clarity and ease the frustration of choosing the right products and solutions,” he says. Built on the proven notion of crowd-sharing intelligence, Consortium X—the company’s no-cost, no-risk information exchange platform—fosters a learn-from-peers approach to help security experts and enterprise leaders address the predicaments in choosing the right security solution for their enterprises. Participants on this platform share their intelligence on established companies, new start-ups, and the emerging risks and problems they solve. Consortium X maintains up-to-date lists of technologies, solution providers, business prophecies, or best practices that can help a company quickly and effectively address any cybersecurity issue. This unique concept has helped Consortium Networks establish itself as a frontrunner in the cybersecurity space, catering to more than 300 CISOs and IT professionals within just a year.
“We call it the Holy Grail for cybersecurity that cybersecurity insurance companies, regulators, and security operators, and CISOs are going to be interested in”
While the Consortium X witnessed immense success, the team at Consortium Networks decided to further move the needle in the cybersecurity space by helping companies understand their cybersecurity maturity level, risk profile, and the gaps in their security posture. As such, they have designed the Metrics that MattersSM (MTM).
Ideating the Metrics That Matter
MTM is backed by the rigorous interaction that Larry, along with Tim Murphy, the President and CEO at Consortium Networks, had with their Consortium X portal members. They realized that the complex task of directing strategy, operations, and the budget for filling up the cybersecurity gaps has always been perceived as a CISO’s responsibility. Most of the time, C-suite and board members do not have a clear understanding or visibility into the entire process. This reliance on a single person leads to many human-induced errors, and worse, companies go astray in prioritizing risks or allocating budgets accordingly.
MTM Opening up a New Avenue
With our product, companies can have a full threat matrix—including the map of the entire IT environment, products associated with it, the prevailing security gaps and the dollar amount
To solve this issue, MTM will help organizations identify risks and understand ways to thoroughly mitigate them in a cost-effective way.
It will carefully study an organization’s IT infrastructure and assets based on the National Institute of Standards and Technology (NIST) standards. The tool will then map the outcomes to the MITRE ATT&CK (a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations) framework to help organizations understand the level of risks and then map a dollar amount to risk profile. Subsequently, enterprises will understand how to put spend effectively to stay safe not only today but also for the future. “Revealing the gaps in an enterprise’s cybersecurity posture, MTM will be able to align risks to dollars. This will also help the procurement officers who need a clear understanding of the requirement and prioritize the purchasing process accordingly,” says Larry. Further, following the NIST framework, MTM will enable businesses to be more compliant than ever.
In a nutshell, MTM will be able to show a clear picture of an organization’s entire IT ecosystem and define the best way to channelize the budget to help enterprises stay secured. “This is a solution that the market is starving for. With MTM, IT teams can sit down for merely two hours and know what is going in their environment or what is going to happen. Also, managing risks would no longer be CISO-specific responsibility; instead, the entire organization would be liable for it. We call it the Holy Grail for cybersecurity that cybersecurity insurance companies, regulators, security operators, and CISOs are going to be interested in,” Murphy mentions.
An Automated and Simplified Process
While the benefits of MTM are enormous, there is still a pertinent question: is it going to burden the in-house IT teams with additional tasks? Murphy, who has previously played the role of the Deputy Director in FBI and spent 35 years in both private and public sector, assures, “It won’t.”
To illustrate, organizations often fail to fully implement a cybersecurity solution that might affect the risk profile. Take a firewall, for instance. As a network security system, it monitors and controls the incoming and outgoing network traffic based on certain predetermined rules. But, if an enterprise fails to deploy it in the right manner, it could lead to several vulnerabilities, such as the intrusion of unauthorized traffic or unpermitted information sharing with third-parties. Needless to say, there will be systems that need remediation on a prioritized basis— which IT teams might unknowingly ignore as they are either unaware of the systems that are exposed to higher risks or lack the experience to prioritize. In this scenario, MTM will allow businesses to schedule their plan based on high or low-risk factors.
Not stopping there, Consortium Networks is trying to make the visualization of risks and the dollar amount associated with it more comprehensive for those who have a proper understanding of their IT environment. In such cases, MTM will walk users through a Wizard-based workflow where it will ask users specific questions on the efficiency of their IT ecosystem. The software will then generate a risk impact dollar amount based on the responses and associate it with the overall risk score. The dollar amount will be calculated considering the size of the company, their annual revenue, and impact on the market. So, the risk score might be different even for the entities that are operating in the same vertical. The process will be fast-paced and deliver a reliable outcome to all the concerned members. Interestingly, the information will be presented through a user-friendly interface that everyone can understand (even without a comprehensive knowledge of cybersecurity) in a single session. “With our product, companies can have a full threat matrix— including the map of the entire IT environment, products associated with it, the prevailing security gaps, and the dollar amount—that can be exhibited to the board,” Murphy says. More importantly, MTM will be entirely free for Consortium X members.
“We have tested the beta version of MTM with Consortium X portal members and have witnessed tremendous outcomes. We are excited to launch the full version of this product in August 2020,” says Murphy. “It truly reflects Larry’s altruistic viewpoint on cybersecurity,” he adds. At the end of the day, Consortium Networks’ mission is to continue building solutions, unlike anything the industry has ever seen. “As we always say, things are going to get bigger and better,” Murphy concludes.