Feature Study:
The Breach Method Matrix

Putting a visual quality to the "Breach Likelihood" of IT infrastructure, where really none has been attempted with a good effort, was a challenge.

Visualizing Asset Strength

Along with being able to visualize an asset's breach likelihood by the various attack vectors, we also wanted to be able to make rapid comparisons, and suggest amelioration of assets by means of a common visual language.

The Breach Method Matrix, meant to give quick visual reference to how an asset is likely to be breached

Explanation of BMM values

A Manageable Attack Surface

In most security literature today, the "Attack Surface" of a network or asset is a concept without a universally accepted corresponding visualization. The closest thing one will find is the Kill Chain, but this has different versions, and can also be argued to be irrelevant in terms of how it represents attack vectors. It also isn't meant to describe an attack surface directly, and also conflates it with the temporal element of the process of exploitation.

Because it couldn't be used to describe the breach likelihood of individual assets, it wouldn't do as a visualization to describe both groups of assets and individual ones. We needed the individual asset visualization to be able to communicate the effectiveness of mitigations, and also the severity of vulnerabilities, in a way that was easily and rapidly assessed.

Reducing Breach Likelihood

In the example below you can see an example of applying the positive breach method likelihoods to a negative one. This sounds strange, but the positive breach likelihoods are the description of the effects of mitigations. We use this to show the effects of a product or a patch on reducing the breach likelihood of an asset or group of assets.

The effects of applying mitigations to breach likelihoods


The starting idea of Balbix is that you cannot defend what you cannot see. Beyond that, you need to know where to prioritize the implementation of cyber mitigations. Balbix' mission was to make cybersecurity risk visible to non-technical executives so that they could stand confidently at the helm and direct cybersecurity operations.

<< Go back to Portfolio

Alex Sawsienowicz

UX Designer

Alex Sawsienowicz
500 Railway Ave. #303
Campbell, CA 95020
(408) 839-5430

Email Address