The Drawbridge Platform
The Drawbridge Platform is a powerful SaaS solution that makes identifying and managing complex cyber risks clear and simple. The Platform flags and prioritizes risks in a prescriptive and intuitive way, empowering you to not only remediate risks, but also clearly document and demonstrate to your board, investors and regulators that your cyber program is comprehensive and effective.
The Drawbridge Platform has three primary components:
- Risk Assessments & Analytics
- Policies & Training
- Technical Assessments
Drawbridge offers targeted bundles of these solutions that, in combination with our expert services, ensure that your assets are protected and that your cyber program is always regulator and ODD-ready.
Risk Assessments & Analytics
Drawbridge offers a range of Risk Assessment options to quickly identify vulnerabilities and deficiencies in your cyber posture, as well as potential risks lurking within your third-party solutions.
Risk Assessments provide the foundation for us to work with your team and provider ecosystem to quickly facilitate remediation and fortify your cyber posture.
Cyber Risk Assessment
This detailed data gathering exercise with your IT provider, technical staff, and/or operational staff provides an in-depth baseline of your firm’s current cyber posture, and risk profile. Drawbridge will assess the responses and provide a detailed report of findings including current controls, identified risks and recommendations for remediation.
In conjunction with the Cyber Risk Assessment, Drawbridge Analytics uses an industry-first (and only) dataset of the cyber posture from 1,000+ funds to enable you to compare your cyber program to your peers, as well as determine which program changes will have the greatest impact on overall cyber posture. Drawbridge Analytics also provides a detailed review of your cyber program against current and pending SEC regulations, ensuring that your program is exam-ready.
Vendor Risk Assessment
Compliance requirements are putting increasing pressure on registered funds to tighten risk management of critical third-party providers. Drawbridge’s Vendor Risk Assessment program examines the existing cybersecurity posture of your key providers. We work directly with your providers to gather and assess cyber data, as well as provide remediation guidance.
Policies & Training
Proven cybersecurity Policies & Ongoing Training are the cornerstones of a sound cyber program.
Drawbridge brings client-specific policy development and maintenance together with current, industry-standard training programs to ensure your program is examiner and ODD-ready.
Cybersecurity Policy Development
Written Information Security Policy (WISP) – A representation of existing procedures, standards, and guidelines to ensure confidentiality, integrity, and availability of data.
Incident Response Plan (IRP) – Best practice incident response and recovery guidelines, policies, and procedures in the event of a cybersecurity incident that could disrupt the ability to carry out normal business operations.
Business Continuity Plan (BCP) – Best practice guidelines, policies, and procedures in the event of an incident that could disrupt the ability to carry out normal business operations from the primary place(s) of business.
User Awareness & Training
A selection of the most impactful cybersecurity training and ongoing phishing campaigns to ensure that your firm is prepared for the latest technical and social engineering threats.
Incident Response Tabletop Exercise
Interactive test of your firm’s existing Incident Response Plan. Drawbridge will facilitate discussion to help validate how your firm would, or can, respond in the event of a cybersecurity event or breach.
Drawbridge’s Technical Assessments dive into the details of your cyber program, evaluating your (and your IT provider’s) technical infrastructure, configurations and controls.
Drawbridge utilizes a combination of proprietary and industry-leading tools and expertise to identify potential risks and provide detailed remediation guidance.
Continuous network and/or endpoint-based scanning provides near real-time visibility to your current vulnerabilities. This helps prioritize remediation to ensure that your employees and assets are protected, regardless of their location.
Cloud Infrastructure Technical Assessments
Drawbridge’s Cloud Infrastructure Assessments verify administrative and user settings and/or configurations in the target cloud environment. Aligned to standards set forth by the Center for Internet Security (CIS), Drawbridge offers Technical Assessments of all major cloud environments including:
- Microsoft 365
- Google Workspace
- Amazon Web Services (AWS)
Drawbridge utilizes a combination of proven technology and expert human resources to test the strength of your firm’s internal and external cybersecurity infrastructure and controls.
Show you’re serious about cyber
Drawbridge’s complete suite of capabilities ensures your program covers what is needed to comply with your stakeholders and protect your firm – this includes:
Maximize control with the least effort and level of intervention
Own and control your cybersecurity program by focusing on the key elements that make your firm and IT environment resilient:
- Establish written information security policies that set the firm’s cybersecurity objectives
- Own your governance calendar, access living documents, generate stakeholder reports and monitor in real-time the current cyber risks facing your firm
- Use our Benchmarks and Analytics to calibrate your program to the right level for you
- Review your IT team’s BCP/DR plans
- Build a unique incident response plan and run tabletop exercises to test and practice your response in advance of a threat
Turn risk into reward
- Assess cybersecurity risk, evaluate technology and operational security controls, and measure program effectiveness over time through risk mitigation and benchmarking against your peers
- Ensure your cybersecurity program accounts for ODD standards and applicable regulations specific to financial services firms
- Easily demonstrate, in real time, your program’s effectiveness to allocators, investors, insurers, regulators, and board members & gain total credibility
- Communicate risks efficiently with your IT teams to address vulnerabilities quickly
- Ensure that third-party vendors who see and handle your sensitive data and critical systems adhere to the same level of cybersecurity that you are required to maintain
- Identify the weak links in your vendor ecosystem that are most vulnerable to a cyber attack
Control cybersecurity in real-time
Avoid the shortcomings of a point-in-time cybersecurity approach. Use a continuous and comprehensive vulnerability management solution that analyzes your network and endpoints in real time.
- Initiate penetration testing (pen testing) to probe cybersecurity environments for vulnerabilities
- Validate cloud configurations are appropriate and up to date
- Easily communicate all vulnerabilities and supporting details to your IT department for remediation and validation
- Access a team of technical experts to interpret monitoring results and manage any identified risks
Judge yourself against those who really matter – your peers
Benchmarks are a staple in financial services. Use analytics and benchmarking to enrich your cybersecurity program with data from over 1,000+ of your peers. Drawbridge is the only provider serving the buyside with cyber benchmarking to help you with:
- A successful quarterly review with LPs and allocators
- Compliance with regulatory requirements
- Raising additional funds
- Reassuring your GPs and board that their investments and the firm are protected from cyber criminals
Analytics and benchmarking empowers you to build a winning program, know exactly what risks to address to have the greatest impact on your benchmark, and see your current risk level in between your annual cyber risk assessments.
Stay ahead of cyber compliance requirements
- Our industry experts ensure you keep up with all regulatory reporting developments and are always prepared to meet your compliance obligations
- Demonstrate your cybersecurity compliance with the SEC, NFA, FCA and others at a moment’s notice
- Show progress in managing and mitigating risks, linked to a real-time cyber risk assessment
- Use the Drawbridge Platform to understand your SEC score against peers
- Comply with document management guidelines and generate mandated SEC deliverables
The Drawbridge cybersecurity program not only protects you but helps you respond in the event of an incident, prove the resiliency of your data before investors and regulators, and ensure compliance with data privacy regulations.
- The technical review you need to ensure your IT provider is ready to respond
- Liaison with incident response and forensics to ensure the optimum response to a breach
- Confirmation of key system redundancy (if required)