It’s always frustrated us how difficult it is to manage intelligence and evidence, identify threats, track assets and assess risk with current tools: spreadsheets which break, slide decks and reports which take too long to write, and folders with hundreds or thousands of files which are impossible to manage (and, even worse, all of these things work independently). It all adds up to a process so set in stone that it could never be done dynamically.
This is the process that protects organisations and their people: there must be a better way. So we built Cascade.
We initially built Cascade to save time - time which can be better spent by teams on protecting their organisations.
The risk assessment process is at the heart of so many international standards – covering everything from crisis management, to information security, to continuity – because it works. It works because it creates an engine for firms to monitor their environment, collect intelligence, and then ask – so what?
The process works - it's just the tools that don't. That's where Cascade comes in.
Add and manage pieces of intelligence and evidence, quickly and collaboratively.
Each piece of intelligence or evidence – such as incident reports, occurrences, human intelligence or open source – can be categorised through completely custom tags (such as ‘incident’, ‘cyber’, or ‘person of interest’) and can be geolocated down to rooftop level using Google’s most recent satellite imagery. Include the tactics associated with the intelligence to inform threats, or upload images or documents.
Connect intelligence together in ways that make the most sense for you.
Sort intelligence by time, date, the tags associated with them, titles, or make connections between the intelligence and an active threat or current asset. Carry out elastic searching to look for specific keywords of interest, or understand how often a particular threat actor has targeted the organisation.
Spend more time coming to conclusions through our powerful analytics engine.
Use the custom tags function to create analytical models which can be compared together and graphed over any time period – for example, want to assess how often you’re receiving physical security intelligence? Or compare whether the organisation is experiencing more protests or incidences of social engineering? The engine has you covered: it can also interrogate trends in targeting of specific assets, or understanding which threat actors are most active. This allows senior leaders to more easily justify their strategies, and provides a great foundation for the rest of the risk assessment process.
Utilise your intelligence to identify, assess and update organisational threats.
Create threat actors with specific geographies, descriptions, and threat tactics and link this to existing intelligence: quickly and easily change and update that threat actor’s intent or capability to provide a new threat rating to inform subsequent risk assessments.
Get a full view of your operating environment.
List and compare your active threats across multiple, or individual, geographies or regions of interest – and help with prioritising intelligence collection or risk treatment by sorting and organising threats by intent, capability or threat rating.
Map and update your specific asset locations using our Google Maps API integration.
Utilise the latest satellite imagery, night mapping (great for operations and control rooms) or a hybrid to specifically geolocate assets anywhere in the world using our PostGIS database.
Focus your team on the assets they need to protect.
List and compare all of your key organisational assets that need to be protected, based on the standard person, place, process, information and reputation categories. Include documents relating to that asset, like site-level incident management plans or designs, as well as images.
Carry out vulnerability assessments in minutes, not hours.
Develop fully custom vulnerability assessment criteria – per asset type – based on your existing baseline organisational standards for physical security, information security, continuity, crisis communications or reputation. Gain an instant vulnerability assessment percentage when these measures are updated.
Dynamic risk relationships ensure risks are continuously updated - not just once a year.
Create risks by connecting active threats (e.g., ‘Influenza H1N1 virus’) to key organisational assets (like your CEO): the relationship is dynamic and based on the threat’s intent and capability, as well as the criticality and vulnerability of the asset. The risk rating changes automatically and dynamically as the internal or external situation evolves.
Use our project progress tools to associate risk reduction programmes with the risks they'll be reducing.
Sort risks by their threat rating, impact rating, overall risk score – or by the asset affected or source threat. Add new risk reduction projects and track their progress within the risk dashboard, or export asset-specific reports into PDFs.