Drowning in Security Data? Gain Clarity and Rapidly Reduce Risk with Tonic’s Six Degrees of Context™
Context is the key to getting from millions of issues to just a few hundred that are of material impact to the business. Without context, we will never be able to remediate, mitigate or contain the threats and issues that really matter, before threat actors exploit them.
The “Six Degrees of Separation” is the idea that all people are six or fewer social connections away from each other. Tonic Security developed a parallel concept known as the Six Degrees of ContextTM extending the idea of interconnectedness into the digital realm. By systematically tracing contextual relationships - such as users, devices, data flows, vulnerabilities, third-party connections, and threat actors - security teams can quickly understand risks, prioritize threats, and respond effectively. This approach emphasizes holistic visibility and interconnected context rather than viewing findings or assets in isolation.
These six dimensions are easily remembered with the mnemonic BOGOTA: Business, Organizational, Geographical, Operational, Temporal, and Adversarial.
Let’s dive in and explore the Six Degrees of ContextTM.
B is for Business
Business context unveils an asset’s criticality within the organization. This dimension answers foundational questions such as the primary role of the asset, its importance to revenue generation, customer engagement, or operational continuity, and the potential impact of its compromise. Assessing criticality helps teams identify the Crown Jewels - assets whose failure would result in severe financial, reputational, or operational consequences.
O is for Organizational
Organizational context clearly defines asset ownership and accountability. It identifies the departments, teams, or individuals responsible for digital assets. This means responsibility for provisioning, maintaining, patching, updating and decommissioning the assets. Clear organizational context enhances Exposure Management by establishing defined escalation paths, ensuring issues reach the right stakeholders without delay. It also clarifies interdependencies across business units, subsidiaries, or global offices, streamlining security response efforts.
G is for Geographical
Location matters. Geographical context is mainly about physical location (datacenter, office, cloud region), which is often critical for triage and response. Yet we sometimes need to go beyond physical location and understand the asset’s local security controls, accessibility, and regulatory requirements. Regional threat landscapes, geopolitical risks, environmental threats, and cultural factors should also be considered. Geographical context helps teams anticipate incident response times and shapes proactive security planning tailored to specific locations.
O is for Operational
Operational context reveals how systems interconnect, exploring each asset’s function within daily business operations and broader workflows. This means identifying if an asset performs real-time versus batch processes, serves as a critical integration point or single point of failure, or maintains redundancies that could prevent damaging downtime. By mapping upstream and down stream dependencies along with integrations across applications or networks enables organizations to prioritize responses and predict cascading impacts before they occur.
T is for Temporal
Temporal context examines the asset throughout its lifecycle. Reviewing an asset's age, lifecycle stage and change history, including patches, configurations, and upgrades, provides critical insights into performance, reliability, and vulnerability patterns. A newly deployed system might warrant different attention than a legacy infrastructure nearing end-of-life. Understanding an asset's vulnerability history, recent changes, and maintenance patterns helps predict future risks and response effectiveness.
A is for Adversarial
Think like an attacker. The final dimension focuses on threat actor motivations, capabilities, and tactics. It assesses why attackers might target specific assets, identifies potential entry points, and evaluates common adversarial methods. Understanding asset attractiveness, vulnerabilities, misconfigurations, and attack surfaces enables proactive defense measures.Incorporating threat intelligence on adversarial tactics, techniques, and procedures (TTPs) enhances predictability, shifting cybersecurity from reactive to proactive strategies.
From Vulnerability Management to Exposure Management
TraditionalVulnerability Management focuses narrowly on generic technical flaws. Tonic’s asset contextualization, based on the Six Degrees of Context™, enables security teams to elevate vulnerability management to modern Exposure Management: a comprehensive approach that considers the entire attack surface through multiple contextual lenses. Exposure Management recognizes that not all vulnerabilities pose equal business risk. A critical severity vulnerability in an isolated development environment may be less urgent than a medium severity flaw in a customer-facing application. It is context that makes this distinction possible.
The Immediate Benefits of Context:
- Faster Response Times
- Smarter Resource Allocation
- Reduced False Positives
- Improved Collaboration
Tonic's Context-Driven Exposure Management
With a rapidly expanding attack surface and increasingly sophisticated threats, traditional isolated security approaches are insufficient. Tonic embodies an advanced approach by leveraging agentic AI to deliver context-driven Exposure Management that turns overwhelming data into actionable intelligence. Through its Six Degrees of Context™ framework, Tonic enables security teams to quickly prioritize real vulnerabilities and threats while significantly reducing false positives, risk exposure windows and response times. This approach also enhances collaboration between IT, cybersecurity, and business teams, minimizing “friendly fire”, procrastination and misalignment. Visit www.tonicsecurity.com to learn more.
