Today, most organizations have well-defined policies and processes for responding to vulnerabilities, findings, alerts, and other security gaps in their network and software infrastructure. However, these practices don’t often extend to newer or less prevalent technologies such as cloud infrastructure, IoT, operational technology (OT), etc. With the continued growth and proliferance of cloud infrastructure within the enterprise, companies need to address these challenges urgently than ever.
Established in 2009, Brinqa is helping companies address these challenges with its solutions. The Austin, TX-based company was founded by cybersecurity veterans Amad Fida and Hilda Perez with an aim to solve the most challenging, pervasive, and critical problems in cybersecurity. The company is on a mission to bring diverse stakeholders with different agendas and backgrounds together to work on a common goal; build cybersecurity solutions to protect businesses when their technology stacks are constantly evolving and in flux; and foster collaboration and knowledge-sharing between teams and processes in environments that are fragmented and siloed.
Comprehensive Coverage of Risk Analysis and Management
Brinqa cyber risk services provide the most comprehensive coverage for risk analysis and management across the entire enterprise technology infrastructure. Through dedicated purpose-built applications for Vulnerability Management, Application Security, and Cloud Security, Brinqa customers can implement a consistent cyber risk management strategy across these three critical components, while establishing and highlighting any dependencies between them.
The company also provides a knowledge graph — the cyber risk graph — which is the real-time representation of an organization’s technology infrastructure and applications, delineation of interconnects between IT assets and business services, and a unified knowledge source for cybersecurity decisions. The single, unified knowledge source for cybersecurity streamlines communication across varied stakeholders, departments, and regions.
The Standard Out-of-the-Box Ontology
Brinqa solutions are built on a comprehensive, standardized data ontology that clearly defines, delineates, and represents the common IT, security, and business assets that comprise a typical technology infrastructure, and relationships between them. The standard out-of-the-box (OOB) Brinqa ontology is designed based on best practices, industry standards, and its experience with real-world customers.
Brinqa’s customers have complete access to the data modeling capabilities used to define and develop this ontology, and can further tweak the OOB risk models to accurately represent their unique environments. This is crucial for effective risk analysis and prioritization as presently there is very little standardization in how organizations implement their technology and security environments.
Renowned and Ever-growing Customer Base
A significant percentage of Brinqa’s customers are large Fortune 100-type organizations. Its customer base includes some of the largest enterprises in retail, healthcare, insurance, and logistics verticals with a massive technology footprint. Moreover, in recent years, the company has seen an uptick in demand from smaller, technology-focused organizations. “Any business that has a strong dependency on their technology infrastructure requires a solution like Brinqa. Our smaller customers range from internet-based businesses, technology companies, and mobile-first solutions,” asserts Syed Abdur, VP of Products at Brinqa.
Empowering the Customers
Brinqa provides customers with everything they need to start their Cyber Risk Management program. It provides packaged connectors, risk models, standard risk scoring, remediation workflows, and dashboards & reporting. Most of Brinqa’s customers are quickly expanding the scope of their Cyber Risk Management programs to incorporate Vulnerability Management, Application Security, Cloud and Container Security, Mobile Security, Configuration Management, and Identify & Access Management.
Besides this, the customers use Brinqa to automate many components of their risk management programs – from the collection of all relevant risk data, to the building of risk knowledge, to the communication of risk to all stakeholders, and the risk remediation process. The company’s automation capabilities orchestrate better hygiene in customers’ risk management solutions. Brinqa reconciles asset management data with live data and can be used to automate continuous checks and corrections as well.
As a result, the customers benefit with a consistent understanding of assets that factor into determining their associated risk and better knowledge of their risk posture based on accurate information. Brinqa empowers customers with the ability to identify and suppress false positives while highlighting the most critical risks for remediation.
The Accelerating Need for Cybersecurity
The COVID-19 pandemic has highlighted some significant challenges that most cybersecurity programs and organizations struggle with. “The notion of the traditional enterprise with well-defined boundaries has been consistently eroding for many years, and cybersecurity policies and practices have been slowly evolving to address this change,” adds Syed.
The pandemic has forced large sections of the workforce to work remotely, accelerating the need for cybersecurity solutions to be re-architected for a highly-distributed, centralized, and dynamic technology infrastructure. Syed believes that the pandemic should have a positive impact on the cybersecurity industry in the long term – resulting in more dynamic, fault-tolerant cybersecurity programs and solutions.
Making the Platform Dynamic and Extendable
The upcoming projects of Brinqa aim to make the platform even more dynamic and extendable. As part of this effort, it is working to open up its connector development framework – to allow customers and partners to develop connectors on their own and expand its integrated ecosystem at a faster rate. The company is also working on the new GraphQL-based API that can be used by developers as well as business owners with limited or no development knowledge.
Furthermore, by combining its graph database (Neo4j) with a new API methodology (GraphQL), Brinqa provides UI developers with the flexibility to create a rich report builder that is immediately relevant to business users. This is beneficial to developers as they can leverage the same API, improving code quality and consistency through more interactive and self-documenting API usage than traditional REST APIs.
Securing the Software Development Life Cycle
By mapping how IT enables and impacts business to create accurate cybersecurity data ontology, modern Cyber Risk Management provides a unique opportunity to introduce security early into IT processes and the Software Development Life Cycle (SDLC). It drastically reduces the cost of identifying and remediating vulnerabilities, as well as delivers software that is more robust, secure, and reliable.
In the near future, Syed believes that organizations will continue to improve their ability to develop IT and SDCL processes that are secure and risk-aware. “This is very important as enterprise technology environments become more distributed and rapidly evolve to adjust for changes in the real world. The pandemic has shown us that the changes can be drastic and organizations need to be prepared to adjust on short notice,” he concluded.
