Frequently Asked Questions

The following provides answers to some of the most frequently asked questions about FourV and GreySpark Cyber.

CRIs measure residual risk in your IT operations.  Just as health risk indicators are used to predict illness, cyber risk indicators predict security incidents.
As the term implies, residual risk is what is left over after cyber defenses have protected systems to the degree they are able to.  To carry the healthcare analogy further, the human immune system protects us against most diseases.  Our skin blocks some pathogens from entering and white blood cells fight off most of those that make it in.  Then there are those pathogens that get to us despite our immune system.  The consequence of these is residual health risk, which is indicated by measuring vital signs, counting white blood cell, etc.  In cyber security, residual risk is calculated from the vast amount of data already available in most company’s systems.

Yes, we calculate a set of 6 risk indicators:

  • Opportunity Risk, tracks the pulse of cybersecurity severity relative to assets.
  • Technical Debt, pulse of cybersecurity actions relative to assets.
  • Defense Effectiveness, monitors the volume of recurring defense activity patterns by sensor type.
  • New Threats, cybersecurity detections that are ‘new’.
  • Surface Area, pulse of assets reported in cybersecurity events.
  • Length of Score History, measures existence and contributions over time for critical sensors.
In a word, no.

GreySpark provides fact-based reporting of risk indicators.  These system-event-driven indicators can be changed by adjusting the underlying systems or processes that create these events.

The events are the facts.

These frameworks are designed to control cyber risk.  GreySpark shows whether they work.With every implementation of a control, change in process or update of configurations, GreySpark immediately shows the change in residual risk.

The primary interface GreySpark uses the Syslog network protocol to collect log information.  Other formats such as SNMP Traps and RESTful web services can also be integrated on an as-needed basis.
In order to calculate a very consistent score, the risk index and underlying indicators are calculated using the GreySpark risk model.
GreySpark calculates the previous day’s risk index in hourly increments.  Scheduling is configurable for organizations who want to use it less frequently (for example for a monthly or quarterly “look back” – rather than a daily).  It can also be used to calculate risk indexes on historical data in order to establish baselines.
GreySpark has an altering facility, which allows users to set alerts on the risk index or underlying indicators, providing visual indications in the product, notification by email or API.
Yes, GreySpark is designed to work with on premise and cloud-based systems or services.
Although the GreySpark risk analytics engine can be adapted to most risk measurement tasks, the model it ships with has been designed for cybersecurity risk measurement.
GreySpark is licensed on a subscription model based on data volume processed.  The number of devices and users is not directly relevant.
GreySpark is essentially vendor-agnostic.  Any security system that produces Syslog network protocol is supported, by default.  Other interfaces such as SNMP Traps and RESTful web services can also be used.
GreySpark’s data collection and risk measurement is transparent to the performance or operation of other security systems and all data is encrypted both in-transit and at rest.