New Capabilities Eliminate Data Silos to Provide Contextually-Aware Risk Ratings Across CVEs and CWEs from Development through to Production
SUNNYVALE, Calif. – July 13, 2020 – RiskSense®, Inc., pioneering risk-based vulnerability management and prioritization, today announced a new version of the cloud-delivered RiskSense platform that harmonizes threat analysis, prioritization, and risk scoring across network-based assets as well as applications. Unlike competitive approaches which provide separate views of infrastructure and application vulnerabilities, RiskSense automatically calculates risk across CVEs and CWEs for a full-spectrum view.
“RiskSense helps organizations rapidly reduce risk and provides a new understanding of how applications and their vulnerabilities affect the attack surface,” said Dr. Srinivas Mukkamala, CEO of RiskSense. “This enables customers, for example, to assess security risks present on servers and the applications running on them in a holistic fashion, and to take the best, most cost-effective steps to decrease their exposure”.
Unified, Normalized, and Prioritized Full Stack Vulnerability Management
To provide visibility across both infrastructure and application vulnerability risk exposure from development through production, RiskSense aggregates and normalizes outputs from multiple data sources including SAST, DAST, Open Source Software (OSS), containers, pen testing and bug bounty programs. This holistic approach enables organizations to easily pinpoint and fix vulnerabilities in their attack surface regardless of the application stack, code weakness location, or infrastructure point.
RiskSense consumes heterogeneous vendor and application scanner data, including both CVE and CWE information, incorporates threat context, and calculates risk as a single unit of measure called the RiskSense Vulnerability Risk Rating (VRR) to deliver the highest-fidelity risk prioritization.
The RiskSense Application Security Dashboard provides developers and DevOps personnel a global view of application vulnerabilities allowing them to drill-down to detailed findings and their locations. The OWASP Top 10 and CWE Top 25 Most Dangerous Software Errors are also presented to help improve developer knowledge and productivity. With full support for popular ticketing systems, cross-functional teams can manage remediation assignments step-by-step through to validation, knowing exactly what to do next.
The RiskSense Full Spectrum Risk-based Vulnerability Management solution with the new Application Security capabilities is available immediately.
About the RiskSense Platform
Using risk-based scoring and analytics combined with technology-accelerated penetration testing, the cloud-based RiskSense platform identifies and prioritizes remediation of critical vulnerabilities that place organizations at risk. RiskSense ingests and contextualizes information from existing security tools, including network and application scanners, configuration management systems, etc., along with external threat data on exploits, malware, threat actors, as well as reputational intelligence from U.S. and global vulnerability databases, and proprietary intelligence from its security research team and pen testers.