Lighthouse enables our customers to analysis the performance of their system and put the results into operational risk terms. This enables cybersecurity leaders to have conversations about exposure and operational risk changes from potential investments. Leaders can clearly show how the current system performs and know with confidence how future investments will change the results. 

While others talk about vulnerabilities, patches, and compliance, Lighthouse goes beyond to provide empiric evidence and business results (e.g. exposure, ROI, risk buy-down, etc.)

New Capabilities Include

Lighthouse represents a significant innovation for our clients to prioritize their cybersecurity investments, ensuring that they are focused on the most important threats. Rather than manual processes with subjective results, Lighthouse empowers Departments and Agencies to make threat-based risk decisions required by Executive Order 13800 using automated tools provide empiric results. 

  • Faster analysis

  • Empiric data of actual cybersecurity performance

  • Continuous validation and improvement of performance over time

  • Repeatable processes that helps agencies tune currently deployed capabilities




Lighthouse enables users to select their preferred Threat Framework to use for analysis. Current options include the NSA/CSS Technical Cyber Threat Framework, MITRE ATT&CK and NIST 800-171 with more added every quarter. Lighthouse maps these tactics to test actions, to conduct tests clients’ cybersecurity systems, and to provide the results required to assess overall capability coverage.


Lighthouse imports threat assessments and enables users to customize the platform according to specific user requirements. This process can be automated as new information is revealed.


Lighthouse quickly assesses and identifies which which portions of your security controls are working and which portions need help by conducting comprehensive test and pulling results from test platforms.


Lighthouse identifies the current attack surface by combining threat assessments with performance metrics. It quickly identifies priority gaps and areas for further analysis.

See how we improve cybersecurity performance up to 300%!

Download the case study here