SOLUTION BRIEF. RiskSense Platform. RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk.

Similar documents
Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Threat Centric Vulnerability Management

RiskSense Attack Surface Validation for IoT Systems

8 Must Have. Features for Risk-Based Vulnerability Management and More

RiskSense Attack Surface Validation for Web Applications

IBM Security Guardium Analyzer

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Qualys Indication of Compromise

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

THE ACCENTURE CYBER DEFENSE SOLUTION

Automated, Real-Time Risk Analysis & Remediation

RSA NetWitness Suite Respond in Minutes, Not Months

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

SIEM: Five Requirements that Solve the Bigger Business Issues

Threat Centric Vulnerability Management

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Reinvent Your 2013 Security Management Strategy

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Internet of Medical Things (IoMT)

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

ForeScout Extended Module for Splunk

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Integrated, Intelligence driven Cyber Threat Hunting

RSA IT Security Risk Management

Automating the Top 20 CIS Critical Security Controls

align security instill confidence

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Chapter 5: Vulnerability Analysis

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Sustainable Security Operations

ABB Ability Cyber Security Services Protection against cyber threats takes ability

CYBER SOLUTIONS & THREAT INTELLIGENCE

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

INTELLIGENCE DRIVEN GRC FOR SECURITY

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 04/12/2017

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

The New Era of Cognitive Security

WHITE PAPER. The New Enterprise Security Model: Intelligent, Risk-Based Vulnerability Prioritization and Management

Accelerate Your Enterprise Private Cloud Initiative

Enhanced Threat Detection, Investigation, and Response

Trustwave Managed Security Testing

CyberArk Privileged Threat Analytics

An IP.com Prior Art Database Technical Disclosure

McAfee Endpoint Threat Defense and Response Family

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Protect Your Organization from Cyber Attacks

Cyber Resilience. Think18. Felicity March IBM Corporation

Vulnerability Management. June Risk Advisory

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Speed Up Incident Response with Actionable Forensic Analytics

First Look Showcase. Expanding our prevention, detection and response solutions. Marco Rottigni Chief Technical Security Officer, Qualys, Inc.

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

MITIGATE CYBER ATTACK RISK

ForeScout ControlFabric TM Architecture

Technology Roadmap for Managed IT and Security. Michael Kirby II, Scott Yoshimura 05/24/2017

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

First Look Showcase. Expanding our prevention, detection and response solutions. Sumedh Thakar Chief Product Officer, Qualys, Inc.

Proactive Approach to Cyber Security

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

CloudSOC and Security.cloud for Microsoft Office 365

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Department of Management Services REQUEST FOR INFORMATION

Medical Device Vulnerability Management

Buyer s Guide. What you need to know before selecting a cyber risk analytics solution

CYBER RESILIENCE & INCIDENT RESPONSE

Building an Effective Threat Intelligence Capability. Haider Pasha, CISSP, C EH Director, Security Strategy Emerging Markets Office of the CTO

IBM Internet Security Systems Proventia Management SiteProtector

Microsoft Security Management

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Managed Endpoint Defense

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

Six Sigma in the datacenter drives a zero-defects culture

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Tenable.io User Guide. Last Revised: November 03, 2017

McAfee epolicy Orchestrator

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

SIEM Solutions from McAfee

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Machine-Based Penetration Testing

Managing Microsoft 365 Identity and Access

Are we breached? Deloitte's Cyber Threat Hunting

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Cisco Start. IT solutions designed to propel your business

4/13/2018. Certified Analyst Program Infosheet

Office 365 Buyers Guide: Best Practices for Securing Office 365

Protecting organisations from the ever evolving Cyber Threat

McAfee Advanced Threat Defense

Transcription:

RiskSense Platform RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 27 RiskSense, Inc.

Executive Summary The RiskSense Platform is a Software-as-a-Service (SaaS) solution designed to assist organizations in identifying, prioritizing, and orchestrating cyber risk remediation. The Platform consumes and correlates vulnerability scan data, threat feeds, passive threat analysis, and human intelligence to provide organizations with an automatically generated, comprehensive risk score known as the RiskSense Security Score (RS³). RiskSense quantifies and measures risk at the asset level for both internal and external assets (see Figure ). RiskSense s threat-centric risk scoring methodology provides the capability to measure, monitor, and track overall cyber-attack susceptibility and presents risk scores for every individual asset. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. To strengthen an organization s cyber risk posture, it is essential to not only test for vulnerabilities but also assess whether vulnerabilities are exploitable and what risks they represent. RiskSense identifies the vulnerabilities most likely to be used by adversaries to carry out infiltration and utilize post-exploitation techniques to launch a successful lateral attack across the enterprise. RiskSense provides visibility, prioritization, and actionable remediation recommendations to shrink an organization s attack surface and cyber risk exposure. The RiskSense Platform provides organizations with a flexible, scalable solution capable of addressing critical business needs. Utilizing the Smart Connector Framework, organizations have numerous options for uploading data to and exporting data from the Platform. RiskSense s scalable framework allows the Platform to handle significant amounts of data, ensuring that organizations have the most comprehensive view of their security posture. The Executive Dashboard (see Figure 2) presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. Organizations can customize their Dashboard to provide critical information quickly, allowing leadership to prioritize and measure their remediation strategies and protect their networks and data. EXTERNAL THREAT DATA Exploits Malware Threats Reputation Geo Many More Board BUSINESS CRITICALITY Business Stakeholders Security Operations IT Operations Auditor Vulnerabilities Configuration Controls Patches Events Many More INTERNAL SECURITY INTELLIGENCE Figure RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page

Platform and Risk Scoring Overview The RiskSense Platform The RiskSense Platform is an interactive and collaborative solution for cyber risk management, providing up-to-date information about an organization s current cyber risk posture across a dynamic, growing attack surface of network assets, web applications, and databases. The Platform is a fully functional, commercially available technology ready for demonstration and implementation. The RiskSense Platform consumes and correlates data from tools such as vulnerability scanners, application scanners, database scanners, configuration management systems, threat feeds, open source threat Intelligence, and human intelligence. One of the core differentiators of RiskSense is a threat-centric approach to risk scoring and vulnerability prioritization. Threat-centric risk scoring and vulnerability prioritization focuses on remediating the vulnerabilities with the highest probability of being targeted and exploited in the wild. The probability of a vulnerability being targeted is not based on its criticality, its Common Vulnerability Scoring System (CVSS) score, nor the business context of where the vulnerability resides it is based on which vulnerabilities are actively being targeted by threat actors in the wild and leveraged in malware, exploit kits, and ransomware. Remediating these first will permit a gradual risk reduction approach for the remaining vulnerabilities. Data Import/Export Flexibility The RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV. Near-Real Time Risk Scoring The RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality. RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 85 to a minimum of 3. An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level. Advanced Risk Scoring Algorithm The underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticality, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset. Each attribute s severity assignment follows a different methodology based on its contextual importance in an organization s overall security posture. For example, RiskSense calculates RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 2

a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE. Versatile Dashboard Interface RS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, including a high-level overview of the organization s risk posture, customizable dashboard views and filters, and interactive visualizations that provide additional contextual information. Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management. In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization s security and cyber risk posture. The Platform also incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabilities and reducing risk. Scalable Architecture The end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnerability and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstructured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relationships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 5 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets. EXECUTIVE NETWORK APPLICATION FILES ANALYTICS 288 TEST USERNAME TEST CLIENT Executive > Executive Dashboard Overview Overall RiskSense Security Score (RS³) RiskSense Security Score (RS³) Trend +2 625 High Risk Critical Assets -5 3724 Exploitable Assets 66 +2 85 8 7 55 START DATE END DATE 8/26/26 /9/27 Friday, Aug 29 26 Sunday, Nov 9 27 Oct 3 26 RS 3 64 5948-5 Assets with High Severity Vulnerability Total # of Assets 2.K Vulnerability Distribution 4 High Med Low 3 36 443 Oct Oct Jan Apr Jul RiskSense Security Score (RS³) by Group Group Details 4.2yr Age of Oldest High Severity Vulnerability 3 4 55 7 8 85 Groups with RS³ 3 Color shows RS 3 score Size shows # of assets Business Criticality Group Name 4 Teachers Retirement System Sales Portal 2 Real Estate Commision RS³ 484 Assets Network Vulns (Total/Unique) Application Vulns (Total/Unique) High Med Low Total Network App High Med Low 6/ /3 6/3 49/5 4 4 5/49 3/24 5/3 2/ 23d Average Response Time Payroll New BST Group 583 23 23 24/83 37/73 99/5 34/2 44/6 3/5 Human Resources 2 Med Center-South 697 49 49 9/7 4/2 44/9 34/3-98d Average Remediation Time RS3 Score 69 Hosts 598 High Risk Hosts 3244 2 3 4 Judicial Branch 46 Human Resources 69 598 598 Finance 637 283 283 / 6/5 4/4 36.4K/48.9K/346 3.4K/6 6/6 43/32 4/ End of Life Figure 2 RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 3

The RiskSense Difference RiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world s most dangerous cyber adversaries. RiskSense Solution At-a-Glance Near real-time RS³ cyber risk scores Client Data Import and Export through API Vulnerability Feeds Vulnerabilities (CVEs) Product Version Patches (CVRF) Mapping (OWASP, CWE, CPE) Zero Day VULNERABILITY DATA Timely Vulnerability Alert RS³ Weight Distribution XML API CSV RS³ Weight Distribution 6 625 Vulnerability-Centric Threat Program CVE Risk Rating RiskSense Verified (RSV) IP Reputation CVE Exploitability & Susceptibility CVE to Exploit, Malware Mapping Weaponization Timeline Analysis Scalable Solution for Millions of Findings THREAT DATA Attack Prediction 6 625 RS³ Weight Distribution S T 6 I X & TIP T A X I I * Threat Intelligence Platform Client Threat Feeds Partner Threat Feeds Industry Threat Feeds RS³ Weight Distribution 6 55 * Version.2 Attributes with Weights Contributing to RS³ CVE Database Vulnerabilities CWE Default Passwords OWASP RiskSense Proof-of-Compromise Exploit IP-Based Accessibility Malware User Specified Business Criticality CVSS Business Criticality from Asset Management System Figure 3 RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Page 4

RiskSense Platform the industry s most comprehensive, intelligent platform for managing cyber risk. Contact Us Today to Learn More About RiskSense RiskSense, Inc. + 844.234.RISK + 55.27.9422 info@risksense.com CONTACT US SCHEDULE A DEMO 27 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. SB_RiskSensePlatform_2727

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback