Learn where you stand on the maturity spectrum
Ad Hoc
You have limited tools and processes, with significant visibility gaps and reactive response.
Defined
You have basic tools, processes and frameworks, with siloed visibility and response.
Standardized
You have mature tools and processes, and are starting to unify data and add business context.
Advanced
You have unified visibility with rich business context and some technical context for prioritization.
Optimized
You have a business aligned view of exposure, with consistent metrics, reporting and workflows.
Maturity is assessed against 8 criteria
Asset Visibility
Discovery of all assets across your organization’s extended attack surface: IT, OT, IoT, cloud, identities and applications.
Prioritization
Identification of priority exposures through the application of technical and business context.
Risk Detection
Identification of all preventable forms of risk: vulnerabilities, misconfigurations and excessive permissions.
People | Process
Defined roles, dedicated resources and integrated processes to support cross-domain functions.
Data Consolidation
Aggregation, deduplication and normalization of data from disparate tools in a single data lake.
Mobilization
Targeted and efficient remediation actions using integrated and automated workflows.
Scoring Methodology
Establishment of a robust and consistent scoring methodology across risk types and attack surfaces.
Metrics | Reporting
Effective tracking, communication and reporting of key performance indicators and compliance.
