Safe Security CEO Saket Modi delivered a keynote address to the 2024 FAIR Conference (FAIRCON24), that staked out the leading position for Safe Security in automating FAIR analysis – and confirmed that leadership with a product introduction, the SAFE X GenAI-powered mobile app providing CISOs with FAIR insights at their fingertips.
Safe Security is the technical adviser to the FAIR Institute.
Watch the video of Saket’s FAIRCON presentation to learn our viewpoint on where cyber risk management has been and where it’s going. (Platform demo at the 17:00 mark)
As Saket posed the question, with $200 billion a year spent on cybersecurity and some 4,000 products on the market, why are the hackers still winning, and the hacks only getting worse?
Saket identified a root problem for chief information security officers (CISOs). Those thousands of cybersecurity tools each have a piece of a puzzle that must be assembled manually and subjectively, and in the end produces a picture that’s little more accurate than waving a wet finger in the wind.
What’s worse, they treat cybersecurity as a series of technical problems, not a business problem. But for the business, cybersecurity comes down to managing risk, limiting the organization’s exposure to loss from cyber events, as expressed in financial (not technical) terms.
“There hasn’t been one single platform that CISOs can truly rely on for day-to-day decision-making,” Saket said, particularly to answer the basic questions of the business on risk management, such as:
-Where to most effectively invest our time and budget?
-How much risk did we burn down last year?
-How secure are our crown jewels?
Solutions on the market that claim to measure risk for a CISO don’t measure up, he said.
-SRS tools give an outside-in, partial view of an organization’s defenses
-GRC products have become little more than risk diaries
Maturity assessments don’t directly measure risk
FAIR does indeed enable risk assessment in quantitative terms that business organizations demand – and with the trustworthiness of a widely recognized, open-source model. But it has been manual, difficult to scale and requiring expert training – the problems that Safe Security is addressing in its SAFE One platform.
A risk scenario analyzed in FAIR terms of Likelihood and Loss Magnitude on the SAFE One platform
SAFE One Automates FAIR Cyber Risk Quantitative Analysis
FAIR analysis quantifies the factors shown on the FAIR model representation below and rolls them up into overall numbers for probable likelihood and financial impact giving decision makers a clear picture of the range of outcomes they face.
The innovation of Safe Security’s SAFE One platform is to 1) quantify in FAIR terms those factors you see circled and 2) importantly, quantify them in real time with automation for quick guidance on cyber risk management decisions:
–Threat Event Frequency. Safe has integrated over 25 daily threat feeds and integrations with ISAC intel and takes into account threat intel from dark web – for an outside-in view of risk posture.
–Susceptibility (to successful attack). 100-plus API integrations from vendors like Wiz or CrowdStrike with deeply embedded AI for processing signals on a daily basis, plus analysis with the FAIR Controls Analytics Model (FAIR-CAM) – for an inside-out view of risk posture.
–Loss Magnitude. The SAFE One platform provides default values for a wide range of loss drivers, based on data from some of the largest insurance companies, all filtered through the FAIR Materiality Assessment Model (FAIR-MAM). A GenAI assistant reviews any custom data from your organization to keep everything aligned.
Key points for riding this data flow:
–Safe’s FAIR solution constantly updates your risk status based on feeds from your integrations. Safe ingests over 7 billion signals a day.
–What we call the Cyber Risk Singularity displays your top risks in FAIR terms of frequency and magnitude, in one view on the platform with visual alerts if a risk scenario crosses a red line for risk appetite.
–You can click through on any risk display to see the underlying drivers, even down to the findings from your telemetry.
–The platform alerts you to significant changes, such as the emergence of a new threat actor attacking companies like yours.
–Turn awareness into action. What-if analysis enables you to change variables in your FAIR analysis, such as increasing the capability of data backup or other controls, to see the effect on a risk scenario outcome.
–Generate board-ready reports with one click.
Only one platform is built ground-up to answer all of a FAIR CISO’s questions: SAFE One.
Introducing SAFE X – the Power of FAIR Risk Management at Your Fingertips
Now imagine the functionality we just described in a mobile app, running on GenAI and responding to your voice queries.
As Saket showed the FAIR Conference in a live demo of SAFE X, you might receive an alert that a new known hack has been identified, you click through to see the details on that hack, and check on what’s the probable likelihood and impact if the threat actor attacks you.
Or you are considering a new vendor, and through voice commands, you ask SAFE X to add a new third party to track. The application shows you probable risk depending on the third-party’s access to your data, revenue or network. Then it runs an outside-in assessment of the third party’s controls stack.
“Not only am I asking questions,” Saket said, “that’s reactive, but if something has changed, I get a notification, prompting me to take action.
“The most exciting thing is that this is not an app that shows you things only. It actually allows you to do things. This is the future of GenAI.”
Watch Saket Modi’s Keynote Address to the 2024 FAIR Conference (See the live demo at the 17:00 minute mark)
Watch the introduction video for SAFE X.
CISOs React to SAFE X at FAIRCON24
Mike Elmore, CISO at the giant pharmaceutical company, GSK, tried out SAFE X and stopped by Saket’s presentation for a reaction. GSK operates in 100 countries, making Mike a very frequent flier. “We are already starting to see a lot of value if you ask SAFE X the right questions,” he said. “This will give me the opportunity when I am in flight and my other teammates are not in the same time zone to ask questions and make a better decision. On that, it is absolutely invaluable for us.”
For more positive reactions to a first look at SAFE X from CISOs attending FAIRCON24 - watch this video.
See for yourself! We made the SAFE X mobile assistant for CISOs available for anyone on a trial basis. Download SAFE X for iOS or SAFE X for Android now.
