Bay Dynamics is enhancing its security risk fabric platform with a new application "value at risk" capability that became officially available to customers on March 27. Bay Dynamics is in the business of pulling together threat vulnerability and business context data and then applying behavioral analytics on top of it, providing organizations with insights into risk.
Steve Grossman, VP of Strategy and Enablement at Bay Dynamics, said the value at risk method considers application value and requirements around confidentiality and adds in the potential risk of exploitation. The end result is a calculation that estimates the value of the security risks associated with a given software deployment.
The idea is to help organizations prioritize the security of their highest-value assets, helping to reduce the overall risk profile for an organization.
The Bay Dynamics Risk Fabric platform had previously been providing an overall view of security risks within organizations, though Grossman emphasized that that the value at risk component is a new addition.
"We're able to proscribe prioritized actions to reduce risks as well as to highlight the financial value associated with those actions," Grossman said.
The financial costs that Bay Dynamics is including doesn't initially include the specific human costs associated with an information security risk, that is the costs of staffing and remediation for a particular risk.
"This is not a statistical model or a single point in time analysis of cost," Grossman said. "This is value of risk analysis based on the actual conditions in an environment."
The current iteration of the Bay Dynamics application value at risk calculation also does not include the costs that might be associated with the remediation of a given security risk. Grossman explained that what Bay Dynamics is doing is calculating the cost of a potential loss based on what is seen in an organization. That said, the system is flexible and organizations can choose to add in additional components to an analysis.
"The number that an organization can initially associate with the value of an application can be as simple or as complex as needed," Grossman said. "Our guidance is just to have a consistent method for comparisons, that corporate management can do across the board."
The risk analysis in the Bay Dynamics platform is automated, providing organizations with a daily view into what the value of risk might be. Additionally, the automated system continuously updates the prioritized list of issues, based on value, to help IT staff remediate the most impactful concerns.
Looking forward, Grossman said Bay Dynamics will continue to expand its Risk Fabric platform to include additional integrations and security frameworks.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.