contact us

White Papers

RS³ – RiskSense Security Score

The RiskSense platform ingests information from internal security intelligence (primarily vulnerability scanners), external threat data feeds, and business criticality data; all of this data is then aggregated and analyzed in order to calculate the RiskSense Security Score (RS³).


Selecting a Threat and Vulnerability Management Solution

Identifying a threat and vulnerability management system that can collect, manage, analyze, support risk-based prioritization, and disseminate information at the pace of business is a crucial business requirement. This EMA paper discusses ten key criteria that should be considered when evaluating threat and vulnerability management solutions.


The Future of Threat and Vulnerability Management

Understand the RiskSense vision for the future of threat and vulnerability management for 2020 and beyond. Read how current critical issues are addressed with enhanced risk-based vulnerability management and how to obtain a sustainable path to tackle a growing and ever-changing attack surface.


Election System Security Under Scrutiny

States are trying to determine the right balance between securing systems that are vulnerable to hacking, and those that are most vital to a secure and trustworthy election. It’s true that internet-connected systems, such as online voter registration tools and election night reporting systems, have a greater attack surface potential. However, it’s not until an end-to-end election system assessment is done that the true priority of vulnerabilities can be determined.


Election Systems – Votes Must Count

Our nation’s voting systems are vulnerable to cyberattack. Even though most states have moved away from voting equipment that does not produce a paper trail, there is still real risk. When experts talk about “voting systems,” that phrase encompasses the entire process of voting: how citizens register, how they find their polling places, how they check in, how they cast their ballots and, ultimately, how they find out who won. One of the biggest problems is that each county has its own way of managing the process, and security oversight, and are ill-prepared or under-staffed to execute ‘what-if’ attack scenarios.


KOADIC – COM Command and Control: A Post-Exploitation Tool

RiskSense is a cybersecurity company that specializes in penetration testing and real-time vulnerability management. RiskSense’s penetration test methodology uses an end-to-end risk demonstration approach where exploitation and post-exploitation of vulnerable hosts is used to identify the business-level impact of cyber-vulnerability across an organization’s infrastructure.


DABomb – RiskSense’s Automated Exploitation Framework

RiskSense Attack Surface Validation helps identify and prioritize threats, providing clients with immediate results and allowing them to secure their business and assets. RiskSense’s services are geared to identify potential attack paths where layered vulnerabilities across diverse technologies allows for progressive business exposure.


EternalBlue: Exploit Analysis and Port to Microsoft Windows 10

On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on older versions of Microsoft Windows. RiskSense analyzes the root cause vulnerability and requirements needed to port the exploit to the modern Microsoft Windows 10. RiskSense identifies the essential parts of the exploit and removes the DOUBLEPULSAR dependency, defeating detection rules previously recommended by numerous governments and antivirus vendors. This analysis helps defenders better understand the exploit chain so that they can build generic defenses for the exploit rather than the payload.


Visualization Techniques for Efficient Malware Detection

Traditional tools for reverse engineering of binary and portable executable files are limited to heavy text-based output, thus requiring skilled analysts to use them. In this white paper, RiskSense cyber security experts share hands-on advice on techniques that will visualize portable executable files, which will help security analysts with basic skills to quickly understand their underlying structure.


Time to Change: Changing Digital Distribution Demands

Last year saw an unprecedented, tectonic shift in our increasingly cyber-dependent world. From the major hacks including Equifax to nation-state sponsored attacks, the risks associated with cyber threats have only escalated. The question now is, if the security in place last year did not stop the attacks, how will it stop them this year? Can organizations truly build a defensive shield big enough and strong enough to ensure protection? Is “Cyber Security” an achievable status and when can you concluded your lottery has reached it?


Cyber Risk Management: A New Approach to Responding to Complex Threats

Over the last few years, cyber threats have emerged as one of the most significant business risks facing organizations. While companies spend huge sums of money every year to maintain a security perimeter designed to fend off cyber and insider threats, daily reports of new data breaches are raising doubts about the effectiveness of these investments. This white paper features research from Forrester, as it relates to the top security technology trends to watch in 2017.


Operationalizing Cyber Risk: How to Ensure Security is Aligned with the Business

Organizations will spend $92 billion on perimeter defenses this year, yet we will continue to see a growing list of high profile organizations breached. Why are today’s strategies so ineffective against ever-evolving adversaries? And what can security leaders do to ensure that their defenses are in lockstep with what matters most to their core business? This ISMG interview transcript with Dr. Srinivas Mukkamala showcases his unique perspective on why and how security leaders must shift their thinking from a vulnerability-based security strategy to one that is risk-based and aligned with the business.

RiskSense Logo
RiskSense®, Inc. provides vulnerability management and remediation prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform delivers Risk-Based Vulnerability Management, Application Security Orchestration and Correlation, in addition to our Vulnerability Knowledge Base.These products bring insight to the wide views of vulnerability risk with adversarial threat-context and ties to ransomware. With Vulnerability Risk Rating, threat analytics, and automated playbooks prioritize actions for critical security weaknesses dramatically improving security and IT efficiency and effectiveness of managing attack surface risk.

Contact us at

+1 505-217-9422

Follow Risksense on LinkedIn Follow Risksense on Twitter

© 2021 RiskSense, Inc. All rights reserved.
Legal Notices, Privacy Policy, and Customer Agreements | Site Map