ThreatConnect risk quantifier (RQ - formerly Nehemiah risk quantifier) enables the identification of the risks that matter most to the organisation by quantifying them based on potential financial or operational impact, unifying security and the business to a common goal. This quantification relies on generally accepted risk models such as the popular factor analysis of information risk (FAIR) model, among others. It is also established in part by, and continuously informed by, threat intelligence, vulnerability management, operations and response data found within ThreatConnect and other integrations. Using this risk-led approach to cybersecurity makes prioritisation easy for security teams, enabling them to filter out noise and focus on what matters most. With CRQ, TIP and SOAR capabilities combined, ThreatConnect unifies the actions of the security team around the most critical risks, supports their response with streamlined and automated workflows and strengthens the entire security ecosystem through powerful technology integrations.
With the acquisition, ThreatConnect further delivers on its mission of revolutionising the way organisations protect themselves by turning intelligence into action. Adding CRQ to the ThreatConnect Platform creates the most powerful decision and operational support system in cybersecurity. For security executives, their teams and the stakeholders they support across the organisation, ThreatConnect becomes a single source to support their mission of identifying and efficiently mitigating cyber risk.
“For a decade now, we’ve been focused on making the job of security easier, to be the place where security comes to be effective,” said Adam Vincent, chief executive officer at ThreatConnect. “We began our journey focused on making threat intelligence actionable with our TIP solution, providing a platform to collect, enrich and prioritise intelligence. We evolved our capabilities to deliver an award-winning SOAR platform to market, helping orchestrate and automate security actions with an intelligence-led approach. But we never lost sight of the belief we articulated in 2015 that risk mitigation should drive all action in security. We’ve watched with interest as the cyber risk quantification movement has taken off, keeping an eye on evolving approaches and listening to the experiences of our clients. The decision to acquire Nehemiah was an easy one as they are ahead of the market in terms of their ability to automate cyber risk quantification. They help overcome much of the pain felt by early CRQ adopters where manual data collection and lengthy professional services engagements are the norm. Their vision to harness the power of the security ecosystem by integrating technologies and ingesting data fits perfectly with our vision for reducing complexity. With this acquisition, we believe ThreatConnect stands alone in cybersecurity as the only partner that can deliver a true decision and operational support platform for cyber risk management.”
Nehemiah’s approach to CRQ has won the confidence of some of the largest organisations in the world and recognition by leading industry analyst firm, Gartner. In May of this year, Gartner named Nehemiah Security to its list of “cool vendors” in the area of integrated risk management. In 2018, Gartner recognised the growing trend towards cyber risk quantification and helped fuel interest by adding it to its list of core pillars required for effective integrated risk management.
“ThreatConnect has a vision for security that encompasses the most critical elements - risk, threat and response,” said DJ Goldsworthy, director of security operations and threat management at Aflac. “This acquisition strengthens their offering and increases alignment to our core strategic objectives with one platform to assess our risk and automate and orchestrate our response to it.”
“Organisations are seeking to quantify their cyber risk in order to better align security to the business, drive remediation and response activities, support investment decisions and demonstrate return on security investment,” said Wade Baker, partner at Cyentia Institute and member of the board of advisors at the FAIR Institute. “The movement behind CRQ has grown rapidly, as evidenced by the thousands that are now FAIR Institute members. But the pain among early adopters is pronounced and loudly vocalised. Current approaches require too much manual data collection, too much training and professional services support, too much time to realise outputs which means that assessments are often old before the ink dries. ThreatConnect is in a tremendous position to help overcome that pain given the breadth of their platform, their knowledge on technology integration and the foundation built by Nehemiah. I, for one, am very excited about the prospect of a stronger connection between the cyber threat and risk management spheres."