I\u2019ve been a huge fan of data analytics in computer security for a long time, including dozens of my columns over the last 12 years at CSOOnline and InfoWorld. Fan probably isn\u2019t a strong enough adjective. Stalker is probably closer.As a 30-year computer security consultant, I\u2019ve watched nearly every company I work for ignore the data in front of their eyes to pursue a defense that will never, ever keep out malware and hackers. For example, I would tell them they need to patch software that was being used over and over again to break into their company, and they would respond by asking me to install disk encryption. Or I would give them data showing that their employees were being socially engineered by an advanced persistent threat (APT) and needed better end-user education, and they would respond by buying far more expensive host intrusion prevention devices.Whatever I told them they needed to do, even if given the best data to support my findings, even if they agreed with me in front of my face, they did something else. Whenever I went back to those same companies, rarely had they done the most significant thing they could have to improve their computer security defense.Why would any reasonable company ignore the very things that they should be doing, even after we all agreed they needed to be done? No reasonable person when presented with the evidence would actively choose to ignore it, right? They did, even if they had already been thoroughly compromised and had lost (or been fined) millions of dollars, and even if they faced millions in fines if it happened again.This bothered me so much that I sought to find out why so many companies were making bad decisions. I watched and listened to over a hundred companies, large and small, and asked employees at every level why they didn\u2019t do what they should be doing to most efficiently defend their companies. I compiled my early findings into a whitepaper.I have essentially made my career since then solely about driving more data analytics into computer security. It is my reason for living\u2026at least my professional life. What I learned culminated into my tenth book, released just last week, called A Data-Driven Computer Security Defense: THE Computer Security Defense You Should be Using. If you don\u2019t want to buy the book, download the free whitepaper. I care more about spreading the ideas and solutions than making the most money.Finding Bay DynamicsI\u2019m pretty good at quickly identifying interesting ideas from the many security vendor pitches I receive daily, and I\u2019m constantly looking out for ideas and companies that promote the same data-driven ideas that I believe in. So, imagine my surprise when I learned about Bay Dynamics, which is the epitome of everything I believe about a data-driven computer security defense.[ Read CSO's review of Bay Dynamics Risk Fabric ]Bay Dynamics is doing exactly what I have been extolling companies to do for the last 5 years \u2013 use your own data to drive your best defenses. If I had learned about them two weeks earlier, they would play a huge part in my book. Still, I\u2019m overjoyed to learn about what they believe and do.Bay Dynamics was started in 2001, co-founded by Feris Rifai and Ryan Stolte. Initially it wasn\u2019t even a cybersecurity company. They did data analytics from the start, but it was more about analyzing what worked on websites and different business decisions to drive an optimal outcome. It wasn\u2019t a product or service company. They only consulted. Somewhere along their journey they realized that the companies they consulted for wanted more than advice. They wanted a product that put their consulting brains in a service. That product quickly morphed into a computer security offering, today known as Risk Fabric.\u00a0I haven\u2019t used a Risk Fabric product, but from what I can see from the demo and talking to the CTO, it seems to gather and display data that can help make improved risk decisions.Identifying asset valueI asked Stolte, Bay Dynamics\u2019 co-founder and CTO, about what they brought with their data analytics: "We need to treat cybersecurity as a risk management problem. People are inundated with threat conversations, overwhelmed. But if you shift the conversation to risk management, we can talk about likelihood and potential impact. Risk is impact times likelihood of the vulnerability or threat. Many companies do that. One of the things we bring into the equation is asset value. It\u2019s a big part of the risk.\u201dStolte gave an example where a company\u2019s most valuable computers contained a \u201cmedium-risk\u201d vulnerability. Many vulnerability management systems would spit out a report that said such-and-such system had a medium risk vulnerability. Everyone knows that isn\u2019t the actual case, not with your most valuable computers.What Bay Dynamics does is let the value of the data and system being targeted by a particular threat or vulnerability drive risk management. For example, a system with a high-risk vulnerability that contains zero company data and isn\u2019t even connected to the company\u2019s network is probably lower risk than the previous, high-risk example. It\u2019s just commonsense. Bay Dynamics automates that commonsense into dashboards, work queues, and applications.Every company in the world has far too little resources to fix everything at once. Each has to decide what to do first and what to save for later. Bay Dynamics helps companies better figure out the right risk priorities, using their own data. \u201cWe decided to make a product and build models to help people better manage their business. We can help them identify what their true [vulnerability] posture is and make it actionable,\u201d says Stolte.Computer security companies don\u2019t often give me a reason to be excited. Most are promoting specific \u201cwhack-a-mole\u201d solutions for a specific problem that can often be easily bypassed or are full of false-positives. Bay Dynamics gets it. They understand how to use data to drive efficient security focus. Other larger players are starting to take notice.Bay Dynamics started partnering last July with Symantec, which calls the offering called Information Centric Analytics powered by Bay Dynamics. Comcast Corporation, one of Bay Dynamics\u2019 customers, recently won three awards (CSO50 and two ISE Awards) for its Cyber Value at Risk project powered by Risk Fabric.In a nutshell, Bay Dynamics collects data and analyzes with better, more commonsense risk models to help customers make better decisions about what to focus on first. I spent ten chapters in my latest book talking about something they can teach you the importance of in a few minutes.It\u2019s exciting to see data analytics put to such good use. I love any computer security vendor that helps other companies better collect and use their own data to improve their defenses. No company is perfect or has all the solutions, but Bay Dynamics should be on your short list.