News
Vendors

DeNexus rolls out DeRISK 5.4 with DNX-CSF, enhanced inside data-driven attack and risk modeling

August 28, 2023
DeNexus rolls out DeRISK 5.4 with DNX-CSF, enhanced inside data-driven attack and risk modeling

DeNexus released Sunday DeRISK 5.4 platform delivering a new OT cybersecurity framework (DNX-CSF) that provides enhanced inside data-driven attack propagation and risk aggregation modeling. 

DeRISK 5.4 delivers new OT (operational technology) Cybersecurity Framework to accelerate risk assessments. It also enhances its use of critical OT network monitoring data in attack propagation and risk aggregation modeling. The latest release builds upon innovations from DeRISK 5.3, which include inside data-driven indicators of cybersecurity risk over time, cyber risk mitigation project simulator to help find cost-effective cybersecurity investment, NERC CIP risk reports, and integration with more OT/ICS cybersecurity solutions.

DeRISK is an evidence-based, data-driven platform that gives OT industrial stakeholders visibility to a facility’s exposure to cyber events, calculates the probability and financial impact of potential cyber events, and delivers the mitigation options available to reduce cyber risk while measuring the ROI (return on investment) of each cyber risk mitigation investment.

The DNX CSF is a new cybersecurity framework that solves the need for a lightweight, evidenced-based risk assessment, Andrew Luccitti wrote in the Sunday blog post. “Although NIST CSF is widely adopted globally as a reference for defining functional cybersecurity, it does not include a simple set of questions that can quickly determine a level of conformance. Also, most frameworks do not consider automated versus manual assessments. For organizations that are just beginning their cybersecurity journey, they can begin with the simpler DNX CSF, and later expand to NIST CSF or other as they increase their maturity and experience.”

Adopting a cybersecurity framework like NIST CSF is a key maturity milestone, but interpreting the subcontrol language can be an obstacle. A further challenge is to track the NIST CSF details for every facility and then transform the risk assessment into actionable goals.” according to Dan Johnson, senior director of ICS cyber risk at DeNexus. 

He continues, “This release is helping asset owners, consultants, managed security providers & others accelerate the assessment of cybersecurity risk with our DeNexus Cybersecurity Framework (DNX-CSF).”

“Instead of assuming the communication attack paths, we are using OT network monitoring data as a more accurate, timely, and data-driven input to our attack propagation modelling,” Donovan Tindill, OT cybersecurity director at DeNexus, “Majority of industrial asset owners have invested in OT network monitoring tools. DeRISK integrates with leading partners to use this inside data telemetry within DeRISK models,” he added.

Luccitti added that DeRISK’s use of OT network monitoring Inside-data helps leverage the telemetry locked within these solutions. 

“For one of our customers, actual OT network communications between their Control Centers and over 60 electricity generation facilities provides a more accurate network topology, facility dependencies & hierarchy, helping reduce manual effort through automation,” according to Luccitti. “With more granular mapping of communications between different facilities and their Control Centers, this increases the quality, accuracy, and stability of Cyber Risk Quantification and risk aggregation models from cyber-attacks that can propagate within the portfolio.”

A year after securing its SOC 2 Type 2 compliance, DeNexus announced earlier this month that it has obtained its SOC 2 Type 2 annual audit report, a significant milestone that underscores its commitment to safeguarding operations, clients, and their valuable data.

Industrial Cyber News Desk
Industrial Cyber News Desk

Related

68 software manufacturers commit to CISA's Secure by Design pledge for enhanced product security
68 software manufacturers commit to CISA’s Secure by Design pledge for enhanced product security
Cyble detects critical vulnerabilities in CyberPower PowerPanel Business Software used in critical infrastructure
Cyble detects critical vulnerabilities in CyberPower PowerPanel Business Software used in critical infrastructure
Cyolo, Dragos partner to unveil holistic secure remote access offering for critical infrastructure
Cyolo, Dragos partner to unveil holistic secure remote access offering for critical infrastructure
Dnsmasq
New Siemens Simatic Automation Workstation to offer streamlined factory control
Nozomi, Mandiant extend alliance to boost threat detection and response for global critical infrastructure
Nozomi, Mandiant extend alliance to boost threat detection and response for global critical infrastructure
National Cybersecurity Strategy Implementation Plan (V2)
US administration updates National Cybersecurity Strategy Implementation Plan to meet growing challenges
Forescout analyzes 90,000 unknown vulnerabilities, risk blind spots that live in the wild
Forescout analyzes 90,000 unknown vulnerabilities, risk blind spots that live in the wild
Two new MITRE programs central to strengthening cyber defense work on building global cyber capacity
MITRE Federal AI Sandbox to assist with AI experimentation and prototyping capability for US government agencies
Dragos integrates with CrowdStrike Falcon next-gen SIEM for threat detection in OT networks
Dragos integrates with CrowdStrike Falcon next-gen SIEM for threat detection in OT networks
Claroty details ‘blind spot’ in traditional vulnerability management for CPS assets, debuts new solution
Claroty details ‘blind spot’ in traditional vulnerability management for CPS assets, debuts new solution