Find out why relying on a single source of the truth is not a good idea. This technical report shows the increased risk that latency in NVD reporting has on scoring vulnerabilities using the Agency-Wide Adaptive Risk Enumeration (AWARE) methodology.
Download
Exploring Cyber Risk Vulnerability Management Solutions. Cyber risk is a growing concern for today’s insurance entities. Hostile intruders and adversaries are increasingly weaponizing vulnerabilities and using insurance markets to gain personally identifiable data with high ‘sell’ value.
Download
This paper discusses the use of Normalized Compression Distance (NCD), based on its capabilities to perform similarity measure of unstructured data, to enumerate code similarity between malicious Android applications and visualize their clusters.
Download
The RiskSense platform ingests information from internal security intelligence (primarily vulnerability scanners), external threat data feeds, and business criticality data; all of this data is then aggregated and analyzed in order to calculate the RiskSense Security Score (RS³).
Download
Identifying a threat and vulnerability management system that can collect, manage, analyze, support risk-based prioritization, and disseminate information at the pace of business is a crucial business requirement. This EMA paper discusses ten key criteria that should be considered when evaluating threat and vulnerability management solutions.
Download
States are trying to determine the right balance between securing systems that are vulnerable to hacking, and those that are most vital to a secure and trustworthy election. It’s true that internet-connected systems, such as online voter registration tools and election night reporting systems, have a greater attack surface potential. However, it’s not until an end-to-end election system assessment is done that the true priority of vulnerabilities can be determined.
Download
RiskSense is a cybersecurity company that specializes in penetration testing and real-time vulnerability management. RiskSense’s penetration test methodology uses an end-to-end risk demonstration approach where exploitation and post-exploitation of vulnerable hosts is used to identify the business-level impact of cyber-vulnerability across an organization’s infrastructure.
Download
RiskSense Attack Surface Validation helps identify and prioritize threats, providing clients with immediate results and allowing them to secure their business and assets. RiskSense’s services are geared to identify potential attack paths where layered vulnerabilities across diverse technologies allows for progressive business exposure.
Download
On April 14, 2017, the Shadow Brokers Group released the FUZZBUNCH framework, an exploitation toolkit for Microsoft Windows. The framework included ETERNALBLUE, a remote kernel exploit originally targeting the Server Message Block (SMB) service on older versions of Microsoft Windows. RiskSense analyzes the root cause vulnerability and requirements needed to port the exploit to the modern Microsoft Windows 10. RiskSense identifies the essential parts of the exploit and removes the DOUBLEPULSAR dependency, defeating detection rules previously recommended by numerous governments and antivirus vendors. This analysis helps defenders better understand the exploit chain so that they can build generic defenses for the exploit rather than the payload.
Download
Traditional tools for reverse engineering of binary and portable executable files are limited to heavy text-based output, thus requiring skilled analysts to use them. In this white paper, RiskSense cyber security experts share hands-on advice on techniques that will visualize portable executable files, which will help security analysts with basic skills to quickly understand their underlying structure.
Download
Last year saw an unprecedented, tectonic shift in our increasingly cyber-dependent world. Especially in the maritime domain. This is best illustrated in Royal Caribbean’s plan to make a big bet on technology – and how they are “connecting” to their passengers with unique digital offerings. At the same time, we are seeing an increase in risks. How can cyber risk management help?
Download
Last year saw an unprecedented, tectonic shift in our increasingly cyber-dependent world. From the major hacks including Equifax to nation-state sponsored attacks, the risks associated with cyber threats have only escalated. The question now is, if the security in place last year did not stop the attacks, how will it stop them this year? Can organizations truly build a defensive shield big enough and strong enough to ensure protection? Is “Cyber Security” an achievable status and when can you concluded your lottery has reached it?
Download
Over the last few years, cyber threats have emerged as one of the most significant business risks facing organizations. While companies spend huge sums of money every year to maintain a security perimeter designed to fend off cyber and insider threats, daily reports of new data breaches are raising doubts about the effectiveness of these investments. This white paper features research from Forrester, as it relates to the top security technology trends to watch in 2017.
Download
Organizations will spend $92 billion on perimeter defenses this year, yet we will continue to see a growing list of high profile organizations breached. Why are today’s strategies so ineffective against ever-evolving adversaries? And what can security leaders do to ensure that their defenses are in lockstep with what matters most to their core business? This ISMG interview transcript with Dr. Srinivas Mukkamala showcases his unique perspective on why and how security leaders must shift their thinking from a vulnerability-based security strategy to one that is risk-based and aligned with the business.
Download
Although today’s enterprises are spending huge sums of money to maintain a security perimeter designed to fend off cyber and insider threats, daily reports of new data breaches are raising doubts about the effectiveness of these investments.
Download