The following provides answers to some of the most frequently asked questions about FourV and GreySpark Cyber.

What are Cyber Risk Indicators (CRIs)?
CRIs measure residual risk in your IT operations.  Just as health risk indicators are used to predict illness, cyber risk indicators predict security incidents.
OK, then what is residual risk?
As the term implies, residual risk is what is left over after cyber defenses have protected systems to the degree they are able to.  To carry the healthcare analogy further, the human immune system protects us against most diseases.  Our skin blocks some pathogens from entering and white blood cells fight off most of those that make it in.  Then there are those pathogens that get to us despite our immune system.  The consequence of these is residual health risk, which is indicated by measuring vital signs, counting white blood cell, etc.  In cyber security, residual risk is calculated from the vast amount of data already available in most company’s systems.
Are there different kinds of CRI?

Yes, we calculate a set of 6 risk indicators:

  • Opportunity Risk, tracks the pulse of cybersecurity severity relative to assets.
  • Technical Debt, pulse of cybersecurity actions relative to assets.
  • Defense Effectiveness, monitors the volume of recurring defense activity patterns by sensor type.
  • New Threats, cybersecurity detections that are ‘new’.
  • Surface Area, pulse of assets reported in cybersecurity events.
  • Length of Score History, measures existence and contributions over time for critical sensors.
Can I adjust these CRIs?
In a word, no.

GreySpark provides fact-based reporting of risk indicators.  These system-event-driven indicators can be changed by adjusting the underlying systems or processes that create these events.

The events are the facts.

How does GreySpark work with compliance and best practices frameworks such as NIST CSF or CIS CSC?

These frameworks are designed to control cyber risk.  GreySpark shows whether they work.With every implementation of a control, change in process or update of configurations, GreySpark immediately shows the change in residual risk.

How does GreySpark interface with the network security systems?
The primary interface GreySpark uses the Syslog network protocol to collect log information.  Other formats such as SNMP Traps and RESTful web services can also be integrated on an as-needed basis.
Are the risk index levels user-defined, customer-defined or are they defined by GreySpark?
In order to calculate a very consistent score, the risk index and underlying indicators are calculated using the GreySpark risk model.
Is GreySpark used on an on-going basis, or just during a fixed period to get the information required by company executives?
GreySpark calculates the previous day’s risk index in hourly increments.  Scheduling is configurable for organizations who want to use it less frequently (for example for a monthly or quarterly “look back” – rather than a daily).  It can also be used to calculate risk indexes on historical data in order to establish baselines.
What alerts exist based on the indexes?
GreySpark has an altering facility, which allows users to set alerts on the risk index or underlying indicators, providing visual indications in the product, notification by email or API.
Can we use GreySpark with cloud-based security services or sensors?
Yes, GreySpark is designed to work with on premise and cloud-based systems or services.
Beyond technology risk, which other system effectiveness can GreySpark measure?
Although the GreySpark risk analytics engine can be adapted to most risk measurement tasks, the model it ships with has been designed for cybersecurity risk measurement.
How is GreySpark licensed? How many devices per license?
GreySpark is licensed on a subscription model based on data volume processed.  The number of devices and users is not directly relevant.
Which vendor systems can GreySpark work with?
GreySpark is essentially vendor-agnostic.  Any security system that produces Syslog network protocol is supported, by default.  Other interfaces such as SNMP Traps and RESTful web services can also be used.
How “intrusive” is GreySpark? Does the measurement GreySpark performs affect the overall security of the organization?
GreySpark’s data collection and risk measurement is transparent to the performance or operation of other security systems and all data is encrypted both in-transit and at rest.