KDM Analytics Blade Suite

Promote this Nomination

Additional Info

CompanyKDM Analytics
Company size (employees)10 to 49
Type of solutionSoftware


KDM Analytics Blade Solution includes two integrated products: Blade RiskManager (BRM) and Blade OneReport (BOR). It is the most efficient approach to cybersecurity assessment, including both automated top-down risk analysis, followed by guided bottom-up vulnerability analysis.

Blade RiskManager is the only product to fully integrate and automate risk assessment based on the NIST Risk Management Framework (RMF) Assessment workflow. BRM determines and prioritizes viable system attacks with enabling vulnerabilities, security risks, mitigation options. In addition, BRM performs automated assessment of each mitigation option to calculate mitigated, compliance, and residual risk.

Blade OneReport is a composite vulnerability analysis platform configured based on guidance from the risk analysis provided by BRM. BOR scans and evaluates high-risk components and assets to identify vulnerabilities that have the greatest operational impacts. The results are integrated back into BRM to calculate residual risk.

The Blade Suite is a fully integrated, one-stop source to store, assess, manage, and trace all evidence regarding operational and system risk and identified vulnerabilities. It provides comprehensive, automated risk assessment that is repeatable across missions and products.

This includes:
• Automated risk analysis
• Automated security assessment
• Automated vulnerability detection and analysis
• Provides full traceability – from threat source, through direct or multi-staged attack paths, to vulnerability
• Produces measurement and prioritization that makes it easy to plan how to best leverage the risk management budget and resources for greatest impact.

How we are different


The Blade Suite builds on system engineering practices by leveraging system engineering models for the purposes of risk assessment. Moving from document-centric to model-centric system engineering practices for describing systems enables the Blade Suite of tools to be seamlessly integrated at the right time. This shifts risk towards early stages of project development to ensure security is built-in and not bolted-on.

The Blade Suite replaces manual risk assessment by providing a fully automated risk and vulnerability assessment solution.

Through automation, clients typically achieve 80% reduction in cost on first use of Blade RiskManager while increasing robustness, completeness of the assessment, and confidence in the outcome.


KDM Analytics Blade Suite of products produces a comprehensive and systematic security assessment with a high level of confidence in the outcomes. To ensure that threats and vulnerabilities are quantified and prioritized, the Blade Suite minimizes human interpretations, which can be influenced by a lack of knowledge, personal bias, errors and omissions, and discretionary misconceptions. The solution’s automated analysis is empirical (evidence-based) and mitigates errors and omissions that can result from erroneous interpretation.

Together, Blade RiskManager and Blade OneReport comprise a comprehensive cybersecurity management solution that includes:

• Automated Risk assessment based on NIST SP 800-37 & NIST SP 800-53
• Automated vulnerability detection and analysis
• Traceability from operational risk down to vulnerability in the code
• Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact.


The Blade Suite takes an operational perspective that enables organizations to identify and focus security assessment and risk mitigation to the most critical and risky components of a system.

This operational perspective also provides a better means of prioritizing the importance of risks and threats, and enables more targeted system-based, bottom-up vulnerability scanning. This mitigates the ad-hoc nature of cybersecurity and ensures that resources are applied to the most impactful areas.

The solution answers the key stakeholder question: where should we focus mitigation efforts, resources and budget? This is achieved through the following fully AUTOMATED capabilities:

• Threat modeling based on the operational and system architecture, followed by direct and multi-stage attack analysis and identification of exposures and operational impacts
• Graphical generation of system architecture, attack tree, and attack paths including risk analysis results (includes scoring)
• Assignment of Security Controls followed by risk computation: raw, mitigated, compliance, and residual risk
• Generation of risk assessment reports including security requirements and non-compliant risk assessment.