Compound risk metrics

Panaseer offers features to help you detect and monitor the presence of 'toxic combinations' of security risks.

What are toxic combinations?

In the modern cybersecurity landscape, threats are no longer isolated to single risks such as a missing antivirus. Attackers exploit "toxic combinations", scenarios where risks from different cybersecurity domains coexist on a particular resource.

For example, a device may be missing an antivirus but also be used by someone susceptible to phishing. A phishing attack might grant an attacker initial access, which they can then leverage to exploit unpatched vulnerabilities and escalate privileges.

Risks combine to form toxic combinations.

A toxic combination is when multiple risks or control gaps from different areas of cybersecurity combine, creating a higher overall threat that attackers can exploit.

These combinations significantly amplify the impact of attacks and create high-risk scenarios that demand prompt attention. 

Challenges with current approaches to toxic combinations

Organizations face several challenges in addressing toxic combinations. Current methods are often fragmented and resource-intensive, making it difficult to detect and remediate these high-risk scenarios effectively.

This confronts organizations with the following challenges:

• Manual analysis of attack chains: Frameworks like the Cyber Kill Chain® are used to understand how risks interact, but this approach is time-consuming and focuses on post-incident analysis rather than prevention.
• Siloed security tools and priority lists: Security tools often operate in silos, generating independent priority lists that lack cross-domain insights, leading to missed opportunities to address interconnected risks.
• Manual cross-domain correlation: Teams attempting to correlate data manually face scalability challenges, as these processes are error-prone and inconsistent, especially when managing large datasets.
• Focus on single-domain metrics: Metrics that focus on individual domains fail to account for how risks interact, leaving organizations unaware of compounded threats.

To effectively address toxic combinations, organizations need automated solutions that provide cross-domain visibility and enable proactive remediation.

Addressing toxic combinations with compound risk metrics

Panaseer addresses  toxic combinations using compound risk metrics, which provide automated, cross-domain visibility into your organization’s security posture. By combining insights from multiple domains, Panaseer helps teams detect and prioritize the most critical risks.

Panaseer’s compound risk metrics automate the identification of these scenarios, enabling organizations to:

• Uncover hidden, high-impact risks that span multiple domains.
• Streamline remediation efforts by focusing on the most critical threats.
• Improve resource allocation by eliminating manual processes and prioritizing effectively.
• Strengthen their overall security posture with consistent, actionable insights.

Leveraging Control Domains for toxic combinations

Panaseer leverages ten security control domains that are designed to cover a broad spectrum of risks that exist for any modern organization.

Ten control domains that provide data for toxic combinations

Compound risk metrics enable organizations to uncover these hidden risks by correlating data from multiple domains.The result is a more comprehensive understanding of your risk landscape and a proactive approach to remediation.

Compound risk metric example

Consider the following combination of risks that may exist on a device:

• An unpatched critical vulnerability on a device: Monitored in the Vulnerability Management domain, which checks key vulnerabilities exposed by your controls.
• No antivirus or Endpoint Detection and Response: Monitored in the Endpoint Protection domain which checks for antivirus and EDR solutions to protect devices from malicious attacks.
• Owned by a user who failed phishing tests: Monitored in the User Awareness domain which measures user behaviors, such as phishing test results, to evaluate susceptibility to social engineering attacks.

Toxic combinations source data from multiple domains.

By correlating these metrics into a single compound risk metric, Panaseer provides actionable insights that reduce manual effort and accelerate remediation.

A compound risk metric from the Panaseer platform.

This is one of several compound risk metrics available within Panaseer.

Key benefits of compound risk metrics

Panaseer’s compound risk metrics offer a range of benefits, addressing key operational and assurance challenges faced by organizations:

• Cross-Domain correlation: Provides a unified view of risks by connecting insights from multiple domains, enabling teams to identify threats that would otherwise remain hidden.
• Automated identification: Eliminates the need for manual cross-referencing, saving significant time and ensuring consistency in risk identification.
• Prioritized risk management: Focuses remediation efforts on the most critical risks, ensuring resources are allocated efficiently.
• Scalability: Offers predefined metrics for common scenarios and allows for the creation of confgurable metrics to tackle unique challenges.
• Improved collaboration: Bridges silos across security teams by providing a holistic view of the organization’s risk landscape.
• Enhanced reporting: Delivers actionable data for CISOs to demonstrate measurable risk reduction to stakeholders.
• Operational efficiency: Reduces duplication of efforts by aligning priorities across tool owners and security teams.

Roles using compound risk metrics

Panaseer’s compound risk metrics address various roles and challenges within an organization:

• Security Analysts: Empower analysts to efficiently address critical compound risks by focusing on cross-domain vulnerabilities that pose the greatest threats. This ensures more risks are mitigated in less time. For example, a CVE paired with a misconfigured firewall rule allowing unmonitored traffic on a critical port.
• CISOs: Provide a comprehensive view of the organization’s overall risk posture and deliver detailed reports that demonstrate proactive risk reduction strategies to stakeholders.
• Operations Teams: Enable tool owners and security teams to align priorities, ensuring that cross-domain risks are addressed collaboratively for maximum impact.