RiskSense Unveils FICO®-Like Cyber Risk Scoring to Pinpoint Threats That Require Immediate Attention
New Release of Industry-Leading Platform Dramatically Accelerates Situational Awareness of Exposures and Streamlines Remediation
Sunnyvale, Calif. & Albuquerque, N.M. - June 21, 2016 – RiskSense®, Inc., the pioneer and market leader in pro-active cyber risk management, today announced the availability of RiskSense Platform 5.1, which introduces new capabilities that pinpoint imminent cyber risks in near real time at both the asset and organizational levels. The RiskSense Security Score™ (RS3) continuously measures, monitors, and tracks an organization’s overall exposure to risk, and generates a regularly updated visualization that resembles the FICO® score model.
Most security tools are silo-based and require analysts to comb through volumes of data to assess and validate threats, which can take weeks or months, allowing attackers to exploit vulnerabilities and extract data. The RiskSense Platform transforms cyber risk management into a more pro-active, collaborative, and real-time discipline by breaking down these silos and automating security operations tasks to minimize cyber risk dwell times. The RiskSense Platform unifies and contextualizes internal security intelligence (e.g., vulnerabilities, control posture, events) with external threat data (e.g., exploits, malware, threat actors, reputational intelligence), then correlates the findings with business criticality to identify cyber risks and prioritize remediation actions.
RiskSense Platform 5.1 Innovations
To provide a snapshot of an organization’s cyber risk exposure, RiskSense Platform 5.1 incorporates the RiskSense Security Score (RS3). Similar to the familiar FICO score model, RiskSense RS3 continuously measures, monitors, and tracks an organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at both the organization and asset level. RiskSense RS3is calculated using the following factors and their associated attributes:
- Vulnerability Risk Rating (e.g., CVE, CWE, OWASP, database vulnerabilities, exploit, malware, CVVS, default passwords, RiskSense proof of concept)
- IP Reputation
- Accessibility (e.g., IP-based accessibility, firewall rules)
- Business Criticality (e.g., user specified or derived from an asset management system)
The RiskSense RS3 score enables security and IT teams to quickly answer questions from regulators, insurers, auditors, boards, and the C-suite.
RiskSense Platform 5.1 also includes the following new enhancements:
Vulnerability Risk Rating
The RiskSense Vulnerability Risk Rating, which is one factor of the RiskSense RS3 score, is calculated based on the target’s risk profile, vulnerabilities’ impact, its ease of exploitability, and priority for remediation. In addition to CVSS vectors, the RiskSense Platform now takes crucial attributes like availability of default passwords and RiskSense proof of concept results into account when calculating the RiskSense Vulnerability Risk Rating. This increases the accuracy of results and leads to better alignment of remediation actions.
Vulnerability Aggregation by Port
The RiskSense Platform now aggregates vulnerabilities by port, protocol, and service. This allows for greater efficiency while managing cyber risk and remediation efforts, since end users now have the ability to track and change the state of vulnerabilities at a more granular level. It also helps speed up remediation efforts and enables better allocation of internal resources.
“To minimize risk in today’s dynamic threat landscape, organizations need a more comprehensive awareness of not just their internal security posture, but also what external threats exist that could impact the business,” said Dr. Srinivas Mukkamala, co-founder and chief executive officer of RiskSense. “Remediation efforts should be driven by the risk a vulnerability presents, and not just the fact that it exists in the environment. The RiskSense Security Score tilts the scale in favor of cyber risk management teams by allowing them to focus on security gaps that pose the biggest threat to the organization.”
About RiskSense RiskSense®, Inc., is the pioneer and market leader in pro-active cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing attack surface.
The company’s Software-as-a-Service (SaaS) Platform transforms cyber risk management into a more pro-active, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries. As part of a team that collaborated with the U.S. Department of Defense and U.S. Intelligence Community, RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program.
By leveraging RiskSense cyber risk management solutions, organizations can significantly shorten time-to-remediation, increase operational efficiency, strengthen their security programs, improve cyber hygiene, heighten response readiness, reduce costs, and ultimately minimize cyber risks. For more information, please visit www.risksense.com or follow us on Twitter at @RiskSense.