Putting a visual quality to the "Breach Likelihood" of IT infrastructure, where really none has been attempted with a good effort, was a challenge.
Along with being able to visualize an asset's breach likelihood by the various attack vectors, we also wanted to be able to make rapid comparisons, and suggest amelioration of assets by means of a common visual language.
In most security literature today, the "Attack Surface" of a network or asset is a concept without a universally accepted corresponding visualization. The closest thing one will find is the Kill Chain, but this has different versions, and can also be argued to be irrelevant in terms of how it represents attack vectors. It also isn't meant to describe an attack surface directly, and also conflates it with the temporal element of the process of exploitation.
Because it couldn't be used to describe the breach likelihood of individual assets, it wouldn't do as a visualization to describe both groups of assets and individual ones. We needed the individual asset visualization to be able to communicate the effectiveness of mitigations, and also the severity of vulnerabilities, in a way that was easily and rapidly assessed.
In the example below you can see an example of applying the positive breach method likelihoods to a negative one. This sounds strange, but the positive breach likelihoods are the description of the effects of mitigations. We use this to show the effects of a product or a patch on reducing the breach likelihood of an asset or group of assets.
The starting idea of Balbix is that you cannot defend what you cannot see. Beyond that, you need to know where to prioritize the implementation of cyber mitigations. Balbix' mission was to make cybersecurity risk visible to non-technical executives so that they could stand confidently at the helm and direct cybersecurity operations.<< Go back to Portfolio
500 Railway Ave. #303
Campbell, CA 95020