ThreatConnect Acquires Enterprise Risk Management Firm Nehemiah Security

ThreatConnect has acquired Nehemiah Security to bring Cyber Risk Quantification (CRQ) to the firm's existing cybersecurity solutions range. 

Announced on Thursday, the deal -- made through ThreatConnect's purchaser entity NS Holdings LLC -- will see all of Nehemiah Security's assets transferred over to ThreatConnect. 

The financial terms of the deal were not disclosed. 

Founded in 2015, Washington DC-based Nehemiah Security is a startup that focuses on the CRQ space. 

According to the company, cybersecurity concerns may "block or suffocate" business initiatives, however, they can also "fuel and empower business initiatives" when staff have a strong grasp on what resources and business-critical processes they need to protect -- as investments can be funneled into the correct channels and disruption can be kept to a minimum.

See also: Secureworks acquires vulnerability management platform Delve

"This is no simple task," the company said in a blog post. "Many security teams dive in headfirst and get lost in the weeds. Starting this change from the bottom-up is a grind, one that doesn't get far. A successful program starts from the top, with a CISO that understands the business proportionately to cyber and can communicate, in financial terms, how security investment underpins business operations."

This is where CRQ comes in. By implementing risk assessment methodologies and solutions at the start of the security lifecycle, this can give enterprises a clearer idea of the cybersecurity risks a company faces, and how best to balance investment while maintaining shareholder value. 

CNET: Avoid the new text message scam about package deliveries

Nehemiah Security's CRQ solutions will be added to ThreatConnect's existing Threat Intelligence Platform (TIP), which includes security orchestration, automation, and threat response technologies. Specifically, Nehemiah's Risk Quantifier (RQ) is now under the ThreatConnect brand. 

RQ leverages different sets of risk models including the Factor Analysis of Information Risk (FAIR) model. ThreatConnect says a risk-based approach "makes prioritization easy for security teams, enabling them to filter out noise and focus on what matters most."

TechRepublic: How to manage app permissions in Android 11

"The decision to acquire Nehemiah was an easy one as they are ahead of the market in terms of their ability to automate cyber risk quantification," commented Adam Vincent, ThreatConnect CEO. "They help overcome much of the pain felt by early CRQ adopters where manual data collection and lengthy professional services engagements are the norm."

Earlier this week, Secureworks announced the acquisition of Delve, a provider of an AI and machine learning-based platform for vulnerability assessment and prioritization. Financial details were not disclosed. 

Previous and related coverage

• Privacy concerns prompt Irish regulators to ask Facebook to stop sending EU user data to the US
  
  
• Cybersecurity 101: Protect your privacy from hackers, spies, and the government
  
  
• Weave Scope is now being exploited in attacks against cloud environments
  
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0