Consortium Networks: Metrics that Matter from Security Operators to the Boardroom

Follow Consortium Networks on :

Tim Murphy, President & CEO and Larry Pfeifer, Founder Cybersecurity is much more than just implementing expensive, cutting-edge tools; it is about selecting the right tool at the right moment with proper knowledge. However, even today, several organizations fail to understand this aspect, and they continue to make hefty investments in cybersecurity tools and solutions. Needless to say, these unwanted expenses never pay off, and companies fail to secure their IT infrastructure holistically.

Driven by the zeal to help such companies select the right cybersecurity tools, Larry Pfeifer—with 26 years of experience in IT and cybersecurity—laid the foundation for Consortium Networks. “At Consortium, we connect like-minded technology professionals and leverage their combined knowledge to add clarity and ease the frustration of choosing the right products and solutions,” he says. Built on the proven notion of crowd-sharing intelligence, Consortium X—the company’s no-cost, no-risk information exchange platform—fosters a learn-from-peers approach to help security experts and enterprise leaders address the predicaments in choosing the right security solution for their enterprises. Participants on this platform share their intelligence on established companies, new start-ups, and the emerging risks and problems they solve. Consortium X maintains up-to-date lists of technologies, solution providers, business prophecies, or best practices that can help a company quickly and effectively address any cybersecurity issue. This unique concept has helped Consortium Networks establish itself as a frontrunner in the cybersecurity space, catering to more than 300 CISOs and IT professionals within just a year.

“We call it the Holy Grail for cybersecurity that cybersecurity insurance companies, regulators, and security operators, and CISOs are going to be interested in”

While the Consortium X witnessed immense success, the team at Consortium Networks decided to further move the needle in the cybersecurity space by helping companies understand their cybersecurity maturity level, risk profile, and the gaps in their security posture. As such, they have designed the Metrics that MattersSM (MTM).

Ideating the Metrics That Matter

MTM is backed by the rigorous interaction that Larry, along with Tim Murphy, the President and CEO at Consortium Networks, had with their Consortium X portal members. They realized that the complex task of directing strategy, operations, and the budget for filling up the cybersecurity gaps has always been perceived as a CISO’s responsibility. Most of the time, C-suite and board members do not have a clear understanding or visibility into the entire process. This reliance on a single person leads to many human-induced errors, and worse, companies go astray in prioritizing risks or allocating budgets accordingly.
As a result, these firms often end up investing in tools based on the market hype or what’s cutting-edge, as opposed to understanding their real risks and implementing a purpose-built solution to ultimately mitigate and reduce risk. “There is no end game to the process because the cyber threat landscape is evolving rapidly. Most of the time, the money is just wasted,” Larry mentions.


With our product, companies can have a full threat matrix—including the map of the entire IT environment, products associated with it, the prevailing security gaps and the dollar amount

MTM Opening up a New Avenue

To solve this issue, MTM will help organizations identify risks and understand ways to thoroughly mitigate them in a cost-effective way.

It will carefully study an organization’s IT infrastructure and assets based on the National Institute of Standards and Technology (NIST) standards. The tool will then map the outcomes to the MITRE ATT&CK (a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations) framework to help organizations understand the level of risks and then map a dollar amount to risk profile. Subsequently, enterprises will understand how to put spend effectively to stay safe not only today but also for the future. “Revealing the gaps in an enterprise’s cybersecurity posture, MTM will be able to align risks to dollars. This will also help the procurement officers who need a clear understanding of the requirement and prioritize the purchasing process accordingly,” says Larry. Further, following the NIST framework, MTM will enable businesses to be more compliant than ever.

In a nutshell, MTM will be able to show a clear picture of an organization’s entire IT ecosystem and define the best way to channelize the budget to help enterprises stay secured. “This is a solution that the market is starving for. With MTM, IT teams can sit down for merely two hours and know what is going in their environment or what is going to happen. Also, managing risks would no longer be CISO-specific responsibility; instead, the entire organization would be liable for it. We call it the Holy Grail for cybersecurity that cybersecurity insurance companies, regulators, security operators, and CISOs are going to be interested in,” Murphy mentions.

An Automated and Simplified Process

While the benefits of MTM are enormous, there is still a pertinent question: is it going to burden the in-house IT teams with additional tasks? Murphy, who has previously played the role of the Deputy Director in FBI and spent 35 years in both private and public sector, assures, “It won’t.”
MTM follows a simple automated procedure. By understanding an organization’s entire IT infrastructure, the solution will measure the ‘likelihood’ of threats, its financial and regulatory impact, and its probable effects on an enterprise’s reputation. So, it’s not always a breach versus the dollar. MTM can go into a plethora of different avenues to understand risk factors and present those in a streamlined manner. Following this, it will create a comprehensive risk impact number and categorize the risk factors under three different sections: red (high), yellow (medium), and green (low). Each of these will be associated with a probable estimation of aggregated annual loss.

To illustrate, organizations often fail to fully implement a cybersecurity solution that might affect the risk profile. Take a firewall, for instance. As a network security system, it monitors and controls the incoming and outgoing network traffic based on certain predetermined rules. But, if an enterprise fails to deploy it in the right manner, it could lead to several vulnerabilities, such as the intrusion of unauthorized traffic or unpermitted information sharing with third-parties. Needless to say, there will be systems that need remediation on a prioritized basis— which IT teams might unknowingly ignore as they are either unaware of the systems that are exposed to higher risks or lack the experience to prioritize. In this scenario, MTM will allow businesses to schedule their plan based on high or low-risk factors.

Not stopping there, Consortium Networks is trying to make the visualization of risks and the dollar amount associated with it more comprehensive for those who have a proper understanding of their IT environment. In such cases, MTM will walk users through a Wizard-based workflow where it will ask users specific questions on the efficiency of their IT ecosystem. The software will then generate a risk impact dollar amount based on the responses and associate it with the overall risk score. The dollar amount will be calculated considering the size of the company, their annual revenue, and impact on the market. So, the risk score might be different even for the entities that are operating in the same vertical. The process will be fast-paced and deliver a reliable outcome to all the concerned members. Interestingly, the information will be presented through a user-friendly interface that everyone can understand (even without a comprehensive knowledge of cybersecurity) in a single session. “With our product, companies can have a full threat matrix— including the map of the entire IT environment, products associated with it, the prevailing security gaps, and the dollar amount—that can be exhibited to the board,” Murphy says. More importantly, MTM will be entirely free for Consortium X members.

“We have tested the beta version of MTM with Consortium X portal members and have witnessed tremendous outcomes. We are excited to launch the full version of this product in August 2020,” says Murphy. “It truly reflects Larry’s altruistic viewpoint on cybersecurity,” he adds. At the end of the day, Consortium Networks’ mission is to continue building solutions, unlike anything the industry has ever seen. “As we always say, things are going to get bigger and better,” Murphy concludes.

Company
Consortium Networks

Headquarters
Medford, NJ

Management
Tim Murphy, President & CEO and Larry Pfeifer, Founder

Description
Consortium Networks provides businesses with relevant, up-to-date technology information to help them bolster their cybersecurity posture. Built on the proven notion of crowd-sharing intelligence, the company’s Consortium X—a no-cost, no-risk information exchange platform—fosters a learn-from-peers approach to help security experts and enterprise leaders effectively choose the right security solution for their enterprises. Driven by the immense success of the portal, in August 2020, Consortium Networks is going to launch Metrics that Matter (MTM) to show organizations a clear picture of their entire IT ecosystem and define the best way to channelize the budget for helping them be secured. It will create a comprehensive risk impact number and categorize the risk factors under three different sections: red (high), yellow (medium), and green (low). Each of these will be associated with a probable estimation of aggregated annual loss

Consortium Networks