Cyber Resilience, the new Cybersecurity?

Cyber Resilience, the new Cybersecurity?

Cyber resilience, the new buzz term?


Recently, you have most likely heard or read articles about “cyber resilience”. This term that comes up regularly in the media is presented as the future of cybersecurity. According to Accenture, cyber resilience is “the ability of a company to identify, prevent, detect and respond to technological or process failures and to recover by minimizing negative impacts on its customers, reputational damage and financial losses.”

However, this concept is nothing new, since it was notably defined by the CDSE in 2014 and has been regularly highlighted since the massive attacks on international organizations took place.

In short, the new goal for companies is to move from reactive to preventive mode in the face of increasing security risks. Because, on the one hand, companies are constantly changing, evolving, and reorganizing and, on the other hand, digitization is exploding, with more and more applications and data being needed for the growth of companies. Increasingly, we are seeing businesses taking over information systems by directly subscribing to new services without going through their ISD and sometimes even without informing them.

New practices such as BYOD (Bring Your Own Device) are also on the rise, giving access to the company’s assets via terminals that the ISD may not always be aware of.

How can we maintain control through cyber resilience?


In this context a holistic and transversal approach in the company is necessary, involving “the individuals, processes, and technologies” as specified by the CDSE. This is what cyber resilience advocates, and that’s what’s new. Companies are reorganizing themselves to master this new concept via a risk-based approach. Cyber security topics, once confined to the chief information security officer alone, are, along with the concept of cyber resilience, in the process of becoming the concern of other teams in the company, including risk management functions.


How to put cyber resilience into practice within companies?


For the CDSE, the implementation of this concept within companies requires the establishment of several essential pillars, which are also described in the NIS Directive: identifying, protecting, detecting, responding to the incident, and recovering systems to ensure continuity of service. While systems and processes are often already in place on the last four pillars, the first “identifying” is a real challenge for companies.

In fact, it requires a better knowledge of the IS, mapping of all assets, identification of the most sensitive to better protect them, and management of the risks. On this first point, the new GDPR regulation, with its processing register and the obligation to carry out data protection impact assessments (PIAs), enables companies to get a foothold.


Access to corporate assets: an axis of analysis that should not be overlooked


Next, still within the “identifying” pillar, one axis should not be neglected: access to the IS. Indeed, the establishment of identity and access governance is essential, in order to identify which people as well as which systems can access these assets, and to verify the legitimacy of such access. These controls must be carried out on an ongoing basis to take account of the movements of the company and of people, as well as changes in the IS. Brainwave GRC also allows the implementation of this governance by mapping access to your critical assets within a few weeks and thus switching to pro-active access analysis.

On the other hand, the automation of the review processes, involving the different teams within the company in a transversal manner, is an important facilitator. By implementing it within your organization, you get validation by managers of the access of persons for whom they are responsible, for example, or validation of access to accounts with privileges by the managers of applications etc… and you can thus detect anomalies upstream with the help of teams, before they are exploited by malicious individuals. To be truly effective, such reviews must be scheduled frequently (once a quarter, or even monthly, depending on the context). They also need to take up as little time as possible in order to gain the support of teams, hence the need to be equipped to optimize and automate them.


This also allows you to respond more efficiently and easily to auditors and thus to comply with the numerous standards and regulations in force (ISO27001, GDPR, SOC etc.).

Presentation of Brainwave GRC’s results for year 2018 and recruitment announcement of 10 people in 2019

Presentation of Brainwave GRC’s results for year 2018 and recruitment announcement of 10 people in 2019



Asnières-Sur-Seine, France, January 2019 – Brainwave GRC’s growth rate continued to improve in 2018 in Western Europe and in North America. The annual revenue increased by 64% compared to previous year, and the international part is now established at 40% of the global company’s revenue.

This growth has been sustained by two new commercial offers « Brainwave Analytics as You Go » (BAAYGO) and « Booster for AD ».  

BAAYGO is an offer of managed service, it relieves security team from repetitive tasks such as periodic controls on accounts, access rights to infrastructures, applications and data. Thanks to this managed service, ready to use analysis and reports are consolidated and provided on a monthly basis for the decision makers. This offer, available as a subscription, doesn’t require software installation and is provided very rapidly, in a couple of days only.

Booster for AD facilitates the analysis and continuous follow-up of Active Directory. The solution is offering more than 200 reports and analysis related to Active Directory: personal accounts, privileged accounts, groups, local administration rights, keywords policies, acts of administration follow-up… This turnkey solution is available in addition to the Brainwave Identity Analytics offer.

New innovative features have been implemented in 2018, especially the « mashup dashboards », the « role mining » and the new « reviews campaign manager » features, the SOD  (segregation of duties) capabilities on PeopleSoft and Oracle EBS systems.

The outlook for economic growth looks very good for 2019. Consequently, Brainwave’s forecasts for 2019 are to recruit 10 collaborators in Professional Services, R&D and Marketing departments, both in Paris area headquarter and North-American subsidiary in Montreal.


Sébastien FAIVRE, CTO of Brainwave GRC:


« We are living intense moments, digital transformation is changing drastically the cybersecurity’s landscape and profession: infrastructures decompartmentalized, cloud infrastructures managed by third parties, multicanal user’s access, devops applications and micro-services, exploding volume of processed data, …

This includes for the CISO to become agile and to support these challenges: reinforcement of its relations with the legal department in order to manage the cloud provider’s contractual clauses, risk analysis methods deployment in the dedicated departments to help them measuring impacts of their decisions, …

Finally, the only constant in this new landscape is the “identity” because whatever the means and techniques, managing people and their access rights to the different systems, applications, and data remains companies’ responsibility.

The main goal of solutions such as Brainwave is to help CISO to enlighten Identity’s access as a real “lighthouse” in the mids of this digital storm, to make it possible to stay on course while reconciling security and change management towards the “all digital”.

About Brainwave GRC:

Founded in 2010 by three experts in Identity and Access Management, Brainwave GRC helps organizations protect their sensitive assets and fight against fraud and cyber risks, prevent data leaks and help you remain compliant. The company designs, develops and sells innovating software solutions in the field of Identity Governance and Audit. Brainwave’s flagship product is “Brainwave Identity GRC”. Identity GRC provides a turnkey solution for the audit and compliance control of user entitlements in the Information System: accounts, roles, fine-grained access rights…

Identity GRC has been specifically designed for business sectors which are subject to advanced compliance requirements, such as banking, insurance, health care and other sensitive industries. With Brainwave Identity GRC, our customers are able to fully automate the recovery and consolidation of user access rights on various heterogeneous IT systems in order to provide a comprehensive entitlement map. A control plan can then be configured in order to automatically produce reports and analyses that are suitable for internal and external auditors and take remediation actions.

Typical applications are: tracking accounts to disable (data cleanup), monitoring privileged access, controlling Segregation of Duties on ERPs, preparing account reviews, consolidating roles, monitoring the performance of identity management processes and systems.

Brainwave GRC has over 65 customers worldwide, has more than 3 million analyzed identities, 1 billion controlled access rights, and 1000 reviews executed monthly.

For more details:

Contact – Sébastien Faivre
[email protected]
Mobile : +33 6 01 81 92 60
Tél. : +33 1 84 19 04 10






Brainwave GRC, software vendor specialized in Identity Analytics, launches the 2017 version of its Brainwave Identity GRC solution.


Brainwave Identity GRC is an out of the box solution for audit and compliance control regarding user access rights in information systems. The solution enables companies to mitigate their security risks and easily fulfill their compliance requirements thanks to automated control and analysis processes. With Brainwave Identity GRC, organizations benefit from a 360° view over individuals who have access to the company’s data and applications, their access rights and their use of them on a daily basis in order to detect any abnormal behavior or unusual situation. Brainwave GRC clients know “who has access to what” within their systems and “who has been doing what” to ensure a continuous risk management.

The 2017 Brainwave Identity GRC edition includes multiple innovative features which answer strategic client needs, facilitate user experience and enable our clients to take advantage of all of our solution’s potential.


In its 2017 version, Identity GRC enables you to know “who is doing what” in your information systems and in an immediate way. The solution collects and centralizes application access logs within a log lake and highlights rapidly and easily informations regarding user behavior. With Identity GRC, you can know who works in your company and who has access to what but also who accessed which application or referential and when. With this log lake, the solution provides useful and precise user behavior analyses in order to easily fight against internal fraud or provide informations for audits.



Identity GRC 2017 has again improved the solution’s web platform user experience by enabling the user to edit and customize dashboards in a few clicks and share them via a web interface. This 2017 new feature – mashup dashboards – grants more autonomy and responsability to the user, for example for security offciers managing a community. With the Identity GRC mashup dashboards, each user views only results corresponding to data placed under his jurisdiction and can chose to view them as a list, indicators or graphs with the possibility to view trends.



Last, the Identity GRC 2017 version also includes a new review campaign manager which enables you to monitor and automatically set the rythm for campaigns.  It reinforces and improves the current campaign manager as it enables you to benefit from a precise follow-up regarding campaigns’ progress, to directly access compliance reports as well as include an electronic signature and show compliance reports stamped with date and time to prove, if needed, non repudiation.

Brainwave Identity GRC 2017 still operates automated remediation actions by connecting to target systems (ServiceNow, Atlassian Jira, …), as well as customizing execution, reminder and validation stages of a review.

Recent events reveal how much it has become harder and harder to keep control of IT infrastructures and that cybersecurity is the key to proper assets and user management considering digital transformation as a whole. 

Identity management’s promess, focused on operational efficiency – “who works in the company” and “who has access to what regarding his/her role” – is no longer sufficient. It is now necessary to understand how the company’s sensitive assets are used in order to anticipate cyberattack, fraud or data leak risks. 

This new paradigm, relying both on an in-depth knowledge of access rights and which access rights individuals use, his reinforced by decision aid approaches (user behavior analytics, machine learning) in order to identify weak signals. 

We are proud, after two years of R&D, to be the first European actor able to answer this challenge. Our “plug&play” approach enables security officers and assets managers to take back control of the company’s assets wherever they are and, in consequence, support and accelerate digital transformation initiatives”.

explains Sébastien Faivre, Brainwave GRC Director and co-founder.