Whether you call it internal data, inside-out data, or internal telemetry, information from internal systems is critical to identify and evaluate cyber risk with high fidelity.
We will use Internal Telemetry to describe the ongoing flow of data that the DeNexus platform, “DeRISK™,” ingests from our clients’ Intrusion Detection Systems (IDS). We integrate with IDS vendors through APIs and receive a continuous flow of information. These systems include Claroty, Forescout, Nozomi, Tenable, and others deployed in our clients’ industrial infrastructure. The API-based integrations enable us to feed our risk models continuously and automatically with the latest security information from the client’s OT infrastructure, including, for example, network topology, security controls that are in place and vulnerabilities.
We most recently deployed DeRisk in two environments: one at a global manufacturer and the other at a European utility/energy company.
In both cases, these large corporations included an evaluation of cyber risk before and after implementing an intrusion detection system as part of the DeRISK deployment.
The conclusions were unequivocal in both cases: The absence of internal telemetry severely hampers the accurate representation and quantification of cyber risk.
The absence of internal telemetry severely hampers the accurate representation and quantification of cyber risk.
Case #1: European energy company
This European company operates power generation sites on three continents and needed to identify which site(s) to prioritize for cybersecurity investments and collect learnings from deploying Nozomi Networks. The company plans to rationalize how it prioritizes risk mitigation projects and related investments by understanding how such projects could improve the global organization's risk posture.
DeRISK was deployed to monitor a dozen energy production sites—wind, solar, and combined cycle plants—spread across three continents.
|
Value at Risk at 95th percentile (without internal telemetry) |
Value at Risk at 95th percentile |
|
$30.7M |
$33.5M |
Case #2: Global manufacturer
The company manages a broad portfolio of manufacturing divisions acquired over decades and distributed globally. It intends to develop a coherent strategy to manage cyber risks across facilities and understand where investments are most critical to avoid damaging cyber incidents to its international operations and reputation.
DeNexus was brought in to initially compare the level of cyber risk across sites, countries, divisions, and sectors and help advance cyber risk quantification models and processes built in-house. One specific goal included using internal telemetry from cybersecurity vendor Claroty and comparing results before and after the ingestion of internal sensor data from Claroty.
|
Value at Risk at 95th percentile (without internal telemetry) |
Value at Risk at 95th percentile |
|
$623.7k |
$6.57M |
The above outputs from DeNexus clearly show that internal telemetry is essential for providing a reliable picture of cyber risk.