SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

Transcription

1 RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc.

2 Executive Summary The RiskSense Platform is a Software-as-a-Service (SaaS) solution designed to assist organizations in identifying, prioritizing, and orchestrating cyber risk remediation. The Platform consumes and correlates vulnerability scan data, threat feeds, passive threat analysis, and human intelligence to provide organizations with an automatically generated, comprehensive risk score known as the RiskSense Security Score (RS³). RiskSense quantifies and measures risk at the asset level for both internal and external assets (see Figure ). RiskSense s threat-centric risk scoring methodology provides the capability to measure, monitor, and track overall cyber-attack susceptibility and presents risk scores for every individual asset. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. To strengthen an organization s cyber risk posture, it is essential to not only test for vulnerabilities but also assess whether vulnerabilities are exploitable and what risks they represent. RiskSense identifies the vulnerabilities most likely to be used by adversaries to carry out infiltration and utilize post-exploitation techniques to launch a successful lateral attack across the enterprise. RiskSense provides visibility, prioritization, and actionable remediation recommendations to shrink an organization s attack surface and cyber risk exposure. The RiskSense Platform provides organizations with a flexible, scalable solution capable of addressing critical business needs. Utilizing the Smart Connector Framework, organizations have numerous options for uploading data to and exporting data from the Platform. RiskSense s scalable framework allows the Platform to handle significant amounts of data, ensuring that organizations have the most comprehensive view of their security posture. The Executive Dashboard (see Figure 2) presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. Organizations can customize their Dashboard to provide critical information quickly, allowing leadership to prioritize and measure their remediation strategies and protect their networks and data. EXTERNAL THREAT DATA Exploits Malware Threats Reputation Geo Many More Board BUSINESS CRITICALITY Business Stakeholders Security Operations IT Operations Auditor Vulnerabilities Configuration Controls Patches Events Many More INTERNAL SECURITY INTELLIGENCE Figure RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page

3 Platform and Risk Scoring Overview The RiskSense Platform The RiskSense Platform is an interactive and collaborative solution for cyber risk management, providing up-to-date information about an organization s current cyber risk posture across a dynamic, growing attack surface of network assets, web applications, and databases. The Platform is a fully functional, commercially available technology ready for demonstration and implementation. The RiskSense Platform consumes and correlates data from tools such as vulnerability scanners, application scanners, database scanners, configuration management systems, threat feeds, open source threat Intelligence, and human intelligence. One of the core differentiators of RiskSense is a threat-centric approach to risk scoring and vulnerability prioritization. Threat-centric risk scoring and vulnerability prioritization focuses on remediating the vulnerabilities with the highest probability of being targeted and exploited in the wild. The probability of a vulnerability being targeted is not based on its criticality, its Common Vulnerability Scoring System (CVSS) score, nor the business context of where the vulnerability resides it is based on which vulnerabilities are actively being targeted by threat actors in the wild and leveraged in malware, exploit kits, and ransomware. Remediating these first will permit a gradual risk reduction approach for the remaining vulnerabilities. Data Import/Export Flexibility The RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV. Near-Real Time Risk Scoring The RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality. RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 85 to a minimum of 3. An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level. Advanced Risk Scoring Algorithm The underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticality, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset. Each attribute s severity assignment follows a different methodology based on its contextual importance in an organization s overall security posture. For example, RiskSense calculates RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 2

4 a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE. Versatile Dashboard Interface RS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, including a high-level overview of the organization s risk posture, customizable dashboard views and filters, and interactive visualizations that provide additional contextual information. Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management. In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization s security and cyber risk posture. The Platform also incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabilities and reducing risk. Scalable Architecture The end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnerability and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstructured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relationships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 5 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets. EXECUTIVE NETWORK APPLICATION FILES ANALYTICS 288 TEST USERNAME TEST CLIENT Executive > Executive Dashboard Overview Overall RiskSense Security Score (RS³) RiskSense Security Score (RS³) Trend High Risk Critical Assets Exploitable Assets START DATE END DATE 8/26/26 /9/27 Friday, Aug Sunday, Nov 9 27 Oct 3 26 RS Assets with High Severity Vulnerability Total # of Assets 2.K Vulnerability Distribution 4 High Med Low Oct Oct Jan Apr Jul RiskSense Security Score (RS³) by Group Group Details 4.2yr Age of Oldest High Severity Vulnerability Groups with RS³ 3 Color shows RS 3 score Size shows # of assets Business Criticality Group Name 4 Teachers Retirement System Sales Portal 2 Real Estate Commision RS³ 484 Assets Network Vulns (Total/Unique) Application Vulns (Total/Unique) High Med Low Total Network App High Med Low 6/ /3 6/3 49/ /49 3/24 5/3 2/ 23d Average Response Time Payroll New BST Group /83 37/73 99/5 34/2 44/6 3/5 Human Resources 2 Med Center-South /7 4/2 44/9 34/3-98d Average Remediation Time RS3 Score 69 Hosts 598 High Risk Hosts Judicial Branch 46 Human Resources Finance / 6/5 4/4 36.4K/48.9K/ K/6 6/6 43/32 4/ End of Life Figure 2 RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 3

5 The RiskSense Difference RiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world s most dangerous cyber adversaries. RiskSense Solution At-a-Glance Near real-time RS³ cyber risk scores Client Data Import and Export through API Vulnerability Feeds Vulnerabilities (CVEs) Product Version Patches (CVRF) Mapping (OWASP, CWE, CPE) Zero Day VULNERABILITY DATA Timely Vulnerability Alert RS³ Weight Distribution XML API CSV RS³ Weight Distribution Vulnerability-Centric Threat Program CVE Risk Rating RiskSense Verified (RSV) IP Reputation CVE Exploitability & Susceptibility CVE to Exploit, Malware Mapping Weaponization Timeline Analysis Scalable Solution for Millions of Findings THREAT DATA Attack Prediction RS³ Weight Distribution S T 6 I X & TIP T A X I I * Threat Intelligence Platform Client Threat Feeds Partner Threat Feeds Industry Threat Feeds RS³ Weight Distribution 6 55 * Version.2 Attributes with Weights Contributing to RS³ CVE Database Vulnerabilities CWE Default Passwords OWASP RiskSense Proof-of-Compromise Exploit IP-Based Accessibility Malware User Specified Business Criticality CVSS Business Criticality from Asset Management System Figure 3 RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 4

6 RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Contact Us Today to Learn More About RiskSense RiskSense, Inc RISK info@risksense.com CONTACT US SCHEDULE A DEMO 27 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. SB_RiskSensePlatform_2727