When I go to BlackHat I’m always looking for cyber innovation across many vectors including cyber resilience, artificial intelligence and most importantly compliance. This year I met up with Lalit Ahluwalia, Founder and CEO of DigitalXForce and team members including Desiree Wilson, Chief Client Success Officer. You can watch my Cyber Defense TV interview with them at: https://cyberdefensetv.com/digitalxforce-lalit-ahluwalia-desiree-wilson/ or play the podcast on Cyber Defense Radio at: https://cyberdefenseradio.com/digitalxforce-lalit-ahluwalia-desiree-wilson/
DigitalXForce aims to address the problem statement “Compliance IS NOT EQUAL to Security” because this qualitative form of evaluating cyber risk is neither scalable nor relevant. This is why companies continue to experience breaches despite complying with every regulation. The First American Financial Corp data breach affected 885 million credit card applications, the Equifax data breach exposed 147 million customers, the Capital One data breach compromised 100 million credit card applications and Change Healthcare paid US$22M in ransomware (Upguard, 2022).
The following are some of the traditional issues and constraints of Governance Risk & Compliance methods. In addition, organizations are looking for unified platform that provides “Single Pane of Glass” that can help them prioritize the risk through quantitative KPIs/KRIs while maximizing Cybersecurity ROI.
- MANUAL, TIME CONSUMING and relies on FABRICATED / DATED Artifacts
- QUALITATVE & mainly CHECK THE BOX exercise
- RISK QUANTIFICATION is very SUBJECTIVE
- Unable to demonstrate Cybersecurity ROI
Commercially available Integrated Risk Management (IRM) and Governance Risk Compliance (GRC) platforms fail the mission of Cybersecurity due to IRM/GRC programs only focus on Audit & Compliance through dated artifacts/evidence versus security posture management. DigitalXForce is a unified SaaS platform that provides real-time, continuous and automated integrated risk management and quantification while maximizing Cybersecurity ROI through digital asset discovery and Attack Surface Mapping along with direct connections to commercially available cybersecurity tools typically deployed in any organization.
“Too Good to be true. Very comprehensive and feature rich Integrated Risk Management platform. Our clients are appreciative of bringing DigitalXForce as true value add to our engagements.” Umang Handa (Partner – PwC Canada)
DigitalXForce is a Unified Enterprise Security Risk Posture Management (ESRPM) SaaS Platform enabling Real-time, Continuous and automated GRC through Cybersecurity Mesh Architecture. (DigitalXForce – Digital Trust Platform of the new Era (youtube.com)). By leveraging data-driven insights, security blueprints, and regulatory control mapping, DigitalXForce optimizes and automates the digital risk posture of organizations. The platform offers a comprehensive range of solutions, including attack surface management, risk quantification, automated audit & compliance, third party risk management and much more. Its innovative approach empowers organizations to enhance their security posture while maximizing their investments in digital transformation.
What’s on the roadmap for DigitalXForce?
DigitalXForce strives to become the “Digital Trust for the New Era” SaaS platform that provides dimension of “T – Trust” (DATA-DRIVEN, REAL-TIME & CONTINUOUS) to the current Risk Management and compliance processes. “T-Trust” will be enabled through measurement of Cyber Risk by analyzing digital assets in integration with deployed Security Tools; automating security blueprint and bottoms up risk quantification powered by Artificial Intelligence (AI ShivAI – XForce GPT), Machine Learning and Automation techniques:
- Develop Attack Surface Management & Asset Inventory & Security Blueprint
Through agents and agentless approach, DigitalXForce is developing XForce methods such as machine learning models or object recognition tools that can identify all the digital assets including the ones that are connected to network.
- Developing Unified Security Control / Compliance Baseline (NIST CSF, NIST 800-53, CIS and others):
The complexity of compliance requirements and reporting will be simplified through DigitalXForce. Leveraging our proprietary AI/ML (AI ShivAI – XForce GPT), unified audit and compliance database will be created to generate the initial control baselines. This Unified interface and dataset will be regularly mapped and updated for any new threats and updated regulations
DigitalXForce will enable automated and quantifiable generation of security blueprints, risk registers, remediation plans and board level metrics by studying the APIs and functions of hundreds of commercially available security tools (CrowdStrike, SailPoint, IBM QRadar etc.) and mapping with regulatory controls (NIST CSF, HIPAA etc.) for risk quantification.
- Quantitative vs Qualitative Risk Analysis:
This approach requires Research & Development for hundreds of cybersecurity tools in various domains such as Identity and Access Management, Cloud Security, OT/IoT Security etc. in an extensive lab environment. We plan on applying Artificial Intelligence and machine learning through XForce GPT leveraging Nvidia Morpheus, AWS Lex – AI Chatbot and will require access to LLM models and robust hardware/processing capabilities for automation.
- Real-time and Continuous Data Driven Insights:
This concerns the collection, analysis, and constant tracking of digital assets to calculate risk and avoid security breaches. This requires direct connectivity to security tools and processes and building the Cyber Range with various commercial tools for regular analysis
The ability to analyze controls by directly connecting to security tools and enterprise applications and performing risk quantification sets DigitalXForce apart from other platforms that rely on manual evidence loading for compliance and risk assessment. Hence Security Blueprint is the unique aspect of DigitalXForce.
“DigitalXForce offers unique capability of measure security posture and providing complete visibility through direct integrations versus standard Audit and Compliance which is very qualitative”, Prabhat Pathak (CISO and Director of IT – Gulf Marketing Group)
Figure 1: DigitalXForce User Interface
“DigitalXForce has helped improve our Risk Management posture and provide full visibility of our security posture while helping us with Audit & Compliance needs. The platform’s availability to automate security control testing through direct connectivity with deployed security tools and ability to generate live audit snapshots helped us save weeks and months of human work”, Micky Pandit (CISO – Global Utility Player)
In Summary:
DigitalXForce is carving out a niche space of real time, continuous and automated enterprise security and risk posture management and uniquely positioned against standard GRC/IRM technologies that are only focused on Audit & Compliance through dated artifacts/evidence.DigitalXForce through its 150+ connectors, Attack Surface Management and AI-ShivAI has the ability to perform real time and continuous security control testing and produce the “Live” Security Posture View (the only platform that can produce this). In addition, DigitalXForce applies “Trust but Verify” approach to perform Third Party Risk Management (TPRM). DigitalXForce has the ability to perform “Inside Out” and “Inside Out” Risk Management with automated Audit Artifact creation and compliance reporting.
The platform offers a comprehensive range of solutions, including attack surface management, risk quantification, automated audit, compliance, and much more. Its innovative approach empowers organizations to enhance their security posture while maximizing their investments in digital transformation. It also applies the Trust but Verify approach to Third Party Risk Management which is unique to this platform. Learn more by visiting them online at: https://digitalxforce.com/solutions/
In addition, DigitalXForce offers free demo and 2-4 weeks Proof of Value trial. Please send request at [email protected] and visit them also on LinkedIn at https://www.linkedin.com/company/digitalxforce/
About the Author
Gary Miliefsky is the publisher of Cyber Defense Magazine, a renowned cybersecurity expert, entrepreneur, and keynote speaker. As the founder and CEO of Cyber Defense Media Group, he has significantly influenced the cybersecurity landscape. With decades of experience, Gary is a founding member of the U.S. Department of Homeland Security, a member of the National Information Security Group, and an active adviser to government and private sector organizations. His insights have been featured in Forbes, CNBC, and The Wall Street Journal, seen on CNN, Fox News, ABC, NBC and international media outlets making him a trusted authority on advanced cyber threats and innovative defense strategies. Gary’s dedication to cybersecurity extends to educating the public, operating a scholarship program for young women in cybersecurity and investing in and developing cutting-edge technologies to protect against evolving cyber risks.