top of page
  • Bill Frank

The Cyber Defense Graph™

Updated: Jan 10, 2023

Monaco Risk's core technology innovation - the Cyber Defense Graph

The core innovation of our Monaco Risk's Cyber Control Simulator (CCS) software is a graphical causal model that visually maps deployed and available controls to an organization's attack paths. CCS displays critical path weaknesses and controls' contributions to risk reduction.

After calculating the organization's cyber posture baseline, CCS runs what-if scenarios comparing the business risk reduction (in dollars) of alternative control investments to the baseline. CCS generates Loss Exceedance Curves to show the probabilities of the severity of financial losses due to incidents like ransomware and data exfiltration.

Why it matters:

The cyber control metrics - business risk gap. The continuing number and severity of incidents is evidence that traditional compliance and risk management approaches are not adequate. Despite the general understanding that cyber risk is business risk, business leaders are mostly unable to manage cyber risk due to the cyber control metrics - business risk gap.

Monaco Risk bridges this gap by tying cyber control metrics to business risk in dollars. The result is that business leaders can meaningfully collaborate with security teams to set and optimize cybersecurity budgets based on leaderships' risk appetites.

Unify compliance and risk. Compliance frameworks define what you need to do but not how to implement. In the context of loss events of concern to business leaders, Monaco Risk's Cyber Defense Graph helps you decide which controls should be implemented at minimal cost and which ones will optimize risk reduction.

The bottom line:

The Cyber Defense Graph provides the modeling power to tie cyber control efficacy to business risk reduction in dollars. Cybersecurity's combination of dozens of controls, hundreds of threat types (MITRE ATT&CK), and thousands of attack paths is too complex for traditional models that use tables, matrices, decision trees, attack trees, or bowtie diagrams.

Next steps:

If you are interested in learning more about how our Cyber Defense Graph and related services can help you, check out the rest of our website. Or you can send us an email at


bottom of page