We crunch the numbers, you make informed decisions.

Data is our friend. It can be yours too.

Corax relies on patented algorithms to distill meaning from a highly complex range of inputs

Network Analysis:

Corax models your organization using a graphical structure – specifically a Bayesian Network. It classifies two elements and represents them as nodes (or points on a graph). These two elements are risk components and assets. Your risk components are non-tangible parts of your organization, such as entities, departments, third parties or projects. Your assets are any component part of your organization that may be vulnerable to a cyber security breach, such as your network, IT Infrastructure, data or controls.

Risk components are analyzed in terms of geographic region, industry sector, company size and company age, while assets are analyzed against specific vulnerabilities found on the asset as well as the security controls currently in place.

Directed edges link the various nodes on the graph. These represent a parental or ownership relationship between the nodes. For example, a laptop (asset) might be part of the sales department (risk component). These edges have weightings. The weightings represent the correlation between the different nodes from a cyber risk perspective.

Using a Bayesian Network for modeling allows for different nodes to inherit risk from others in the graph. This is crucial as no asset lives in isolation, and both the interdependencies of assets and where they reside within an organization are equally as important as the security vulnerabilities and controls that are in place to protect them.

Also, dividing nodes into different classes allows us to model many different types of behavior and include the various inputs that have an effect on the probability and impact of a cyber attack.

With the inputs and the graph in place, Corax performs Monte Carlo Bayesian Inference to estimate the probability of attack on each asset, and the financial impact of such an attack, should it occur. This allows us to give a risk level for each asset and suggestions for how to lower it.


Machine Learning:

Corax takes four different types of data: cyber breach information, commercial information about your organization, asset specific vulnerability and control scans, and third party vendor information.

To establish which features of an organization make it more likely to suffer a security breach, breach information is combined with metadata about organizations that have already been breached. For example, a sales department in a mid-size healthcare company in the United Kingdom may have a different risk profile than an IT department in a large retailer in the United States. This produces a leak probability, which is then fed into the Bayesian Network for risk components.

Corax estimates a controls’ effectiveness in mitigating against specific vulnerabilities by analyzing different implementation landscapes of organizations with varying security postures. The risk of particular vulnerabilities themselves is analyzed from popularity of different malware and attacks advertised on the dark web.

Third parties that an organization might use for outsourcing IT infrastructure or other tools are themselves modeled for their own interdependencies and response times. This enables Corax to estimate the probability of their service being interrupted, and the resultant impact to an end user.

Better cyber risk analysis.

Click the button below to request a demo of Corax today.