ThreatConnect acquires Nehemiah Security
ThreatConnect Inc. of Arlington, VA announced on September 10 the acquisition of Nehemiah Security, Inc, a pioneer in the rapidly growing Cyber Risk Quantification (CRQ) space. On August 18, 2020, ThreatConnect through its purchaser entity, NS Holdings LLC, acquired substantially all of the assets and assumed selected liabilities of Nehemiah. The acquisition adds Cyber Risk Quantification to ThreatConnect’s existing Threat Intelligence Platform (TIP) and Security Orchestration, Automation and Response (SOAR) capabilities, creating the world’s only cybersecurity platform aligning the entire security lifecycle to the goal of reducing risk.
ThreatConnect Risk Quantifier (RQ – formerly Nehemiah Risk Quantifier) enables the identification of the risks that matter most to the organization by quantifying them based on potential financial or operational impact, unifying security and the business to a common goal. This quantification relies on generally accepted risk models such as the popular Factor Analysis of Information Risk (FAIR) model, among others. It is also established in part by, and continuously informed by, threat intelligence, vulnerability management, operations and response data found within ThreatConnect and other integrations. Using this risk-led approach to cybersecurity makes prioritization easy for security teams, enabling them to filter out noise and focus on what matters most. With CRQ, TIP and SOAR capabilities combined, ThreatConnect unifies the actions of the security team around the most critical risks, supports their response with streamlined and automated workflows and strengthens the entire security ecosystem through powerful technology integrations.
With the acquisition, ThreatConnect further delivers on its mission of revolutionizing the way organizations protect themselves by turning intelligence into action. Adding CRQ to the ThreatConnect Platform creates the most powerful decision and operational support system in cybersecurity, the company said. For security executives, their teams and the stakeholders they support across the organization, ThreatConnect becomes a single source to support their mission of identifying and efficiently mitigating cyber risk.
“For a decade now, we’ve been focused on making the job of security easier, to be the place where security comes to be effective,” said Adam Vincent, chief executive officer at ThreatConnect. “We began our journey focused on making threat intelligence actionable with our TIP solution, providing a platform to collect, enrich and prioritize intelligence. We evolved our capabilities to deliver an award winning SOAR platform to market, helping orchestrate and automate security actions with an intelligence-led approach. But we never lost sight of the belief we articulated in 2015 that risk mitigation should drive all action in security. We’ve watched with interest as the cyber risk quantification movement has taken off, keeping an eye on evolving approaches and listening to the experiences of our clients. The decision to acquire Nehemiah was an easy one as they are ahead of the market in terms of their ability to automate cyber risk quantification. They help overcome much of the pain felt by early CRQ adopters where manual data collection and lengthy professional services engagements are the norm. Their vision to harness the power of the security ecosystem by integrating technologies and ingesting data fits perfectly with our vision for reducing complexity. With this acquisition, we believe ThreatConnect stands alone in cybersecurity as the only partner that can deliver a true decision and operational support platform for cyber risk management.”
Nehemiah’s approach to CRQ has won the confidence of some of the largest organizations in the world and recognition by leading industry analyst firm, Gartner. In May of this year, Gartner named Nehemiah Security to its list of “Cool Vendors” in the area of Integrated Risk Management. In 2018 Gartner recognized the growing trend towards Cyber Risk Quantification and helped fuel interest by adding it to its list of core pillars required for effective Integrated Risk Management.
“Organizations are seeking to quantify their cyber risk in order to better align security to the business, drive remediation and response activities, support investment decisions and demonstrate return on security investment,” said Wade Baker, partner at Cyentia Institute and member of the board of advisors at the FAIR Institute. “The movement behind CRQ has grown rapidly, as evidenced by the thousands that are now FAIR Institute members. But the pain among early adopters is pronounced and loudly vocalized. Current approaches require too much manual data collection, too much training and professional services support, too much time to realize outputs which means that assessments are often old before the ink dries. ThreatConnect is in a tremendous position to help overcome that pain given the breadth of their Platform, their knowledge on technology integration and the foundation built by Nehemiah. I, for one, am very excited about the prospect of a stronger connection between the cyber threat and risk management spheres.”