RISKSENSE PLATFORM FEATURES

• SaaS Solution• REST APIs• Threat & Vulnerability Correlation• Flexible Asset Grouping Options• Custom Asset Tagging• Configurable Dashboards• Orchestration &

Automation Playbooks• Role-Based Access Control• Custom Data Upload Configuration

The RiskSense platform is the foundation for our solutions and services:

• Risk-Based Vulnerability Management (RBVM)

• Security Rating Service (SRS)• Vulnerability Scanning service• Penetration Testing service

RiskSense Penetration Testing services deliver findings as they are uncovered in near real-time via the platform

¹ Gartner Group, A Guide to Choosing a Vulnerability Assessment Solution, April 2019

THE CHALLENGEThreat and vulnerability management is the toughest job in cybersecurity. Security analysts must wade through piles of vulnerabilities to determine which ones matter today knowing that they’ll have to repeat the same process tomorrow with the same incomplete data. The result is “cyber risk mayhem”, in which it is impossible to know at the end of the day if the enterprise is more secure or less so. While many active threats continue to exploit older well-known vulnerabilities, the emergence of new sophisticated ransomware threats has only increased the urgency for security teams to identify, prioritize, and act to counter the most dangerous and active exploits.

Gartner asserts that by 2022, organizations using risk-based vulnerability management will suffer 80% fewer breaches.1 Conversely, organizations utilizing CVSS, CWE, and scanner vulnerability scoring suffer from alert overload and threat fatigue. What is required is the ability to identify those vulnerabilities and risks that pose a real and present danger to the enterprise, resolve them, and then validate that the most pressing threats have in fact been addressed.

USE CASE OUTCOMESFull Spectrum Vulnerability Management

• 90% reduction in time spent managing scan data and performing vulnerability analysis

• Experience 50-70% faster remediation times using detailed findings, orchestration of responses based on risk, and automating manual efforts of grouping assets, assigning tickets, and updating remediation status

• Continuous intelligence updates and threat analytics that predict and pinpoint exploit trends in the wild

• Enhanced visibility to vulnerabilities that put you at risk of ransomware attacks and their malware variants

• One platform supporting all perspectives of enterprise vulnerability; asset, application weaknesses (SAST/DAST/OSS), AWS cloud, and the reflection of how an attacker sees your organization externally (Security Rating Service)

• Accountability across complex organizations with up-to-the-minute vulnerability status, details of manual and automated changes, and built-in features to conditionally allow limited risk acceptance and the views show security profile scores before and after risk acceptance

TECHNOLOGY BRIEFFull Spectrum

Risk-Based Vulnerability Management Platform

Page 1

A Platform that Predicts, Prioritizes, and Gives You Control Over Your Cyber Risk Exposure

Vulnerability Prioritization Vulnerability scanners find thousands of vulnerabilities. The RiskSense platform, however, is designed to continuously keep track of all elements needed for vulnerability prioritization. From an internal perspective this includes customer asset types, business criticality and custom-defined tags, current findings and historical scanning details, state of risk-acceptance and by whom, and other refined details not found in other solutions. From an external perspective the platform is built to analyze the growing number of threat intelligence and manual feeds to predict the most dangerous vulnerabilities within an organization mapping it against its scan data. What would take an expert security analyst weeks of work is done continuously by the platform, mapping threats to vulnerabilities and identifying trending exploits in the wild actively being used within attacks. Security analysts can now coordinate and immediately direct remediation activities instead of research.

The RiskSense platform takes a complex problem and in minutes reveals the vulnerabilities that wouldcause the highest-impact and maps the vulnerabilities that have exploits currently trending in the wild.

Page 2

The RiskSense platform delivers critical interpretation and presentation of an organization’s specific threat and vulnerability landscape. The Risk-Based Vulnerability Management solution transforms vulnerability management into a key, continuous, and effective means to control cybersecurity risk exposure. While the number of weaponized vulnerabilities is constantly increasing, RiskSense empowers enterprises to quickly achieve their desired cybersecurity risk posture by prioritizing the remediation efforts that matter most across their organization.

Platform Designed to Adeptly Handle Complexity at ScaleThe RiskSense platform emerged from research done by the RiskSense founders in conjunction with U.S. Department of Defense and U.S. Intelligence Community to develop the Computational Analysis of Cyber Terrorism against the U.S. (CACTUS) system. The platform leverages human and machine intelligence that embodies the expertise and deep knowledge RiskSense has gained from defending critical networks against the world’s most dangerous adversaries.

The platform consumes vulnerability data from all leading network and application vulnerability scanners including Tenable, Qualys, WhiteHat, Rapid7, Veracode, and more. Find the complete list of Integrations on our website.

Full Spectrum Risk-Based Vulnerability Management

Page 3

Knowing what vulnerabilities to act on first is only the first step in providing full spectrum risk-based vulnerability management. The RiskSense platform is designed to deliver easily understood risk metrics that executives and security leaders can use to quickly group and filter the way they need to visualize their vulnerability risk. There is a RiskSense Security Score (RS3) for each asset. Organizational grouping options allow teams to be fully-informed of collective security risk and have views as granular as they desire. Cybersecurity teams have a consistent way to quantify organizational risk and set minimums for vulnerability profiles. It’s no longer valuable to report on quantity of patch activity. It’s now replaced with a proactive risk management approach, set by profiles. Security teams can immediately access summary and detailed findings so they can get to the planning and execution of remediation recommendations. Workflows, ticket creation, and specialized rules for high-risk vulnerabilities can be automated leveraging the platform’s features and integrations with ServiceNow, BMC Remedy, and Jira.

The RiskSense platform utilizes both internal vulnerability scanning data and external perspectives to achieve unique visibility on the most pressing threats and risk. RiskSense Security Rating Service (xRS3) provides scanning of publicly-accessible assets. Findings and security scores are derived from the platform delivering a complete and consistent perspective of enterprise vulnerability risk. RiskSense patch recommendations articulate what will have the greatest effect decreasing risk of exposure and prioritizes accordingly.

With RiskSense, security teams are freed from time-consuming repetitive tasks. They become more effective knowing the immediate actions they perform make a difference and are measurable. Actionable data is no longer enough. The RiskSense platform empowers teams to better control their vulnerability risk. By providing vulnerability and asset prioritization, essential actions, and automation, the platform significantly reduces extended risk exposure caused by the latency between vulnerability weaponization to validated patch remediation.

The platform’s threat analytics leverages the findings from over 100 threat intelligence sources including valuable endpoint telemetry to determine which vulnerabilities have been weaponized, are trending, and present a material risk to enterprise security. Sources include multiple NVDs, the Open Threat Exchange, and Metasploit. RiskSense utilizes our own research and penetration testing teams to identity new vulnerabilities, validate them with exploits, and analyze code weaknesses before they are generally known by the cyber-criminal community. These “manual findings” are inputs into the RiskSense platform enhancing the threat analytics. The platform’s unique Risk Fusion engine represents the combination of human-driven intelligence from our industry-leading exploit writers and the breadth of AI-driven threat intelligence.

Full Spectrum Risk-Based Vulnerability Management

Contact us today to learn more about RiskSenseRiskSense, Inc. | +1 844.234.RISK | +1 505.217.9422 | www.risksense.com© 2020 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. TechnologyBrief_FS-RBVM_20200330

READ OUR BLOGSCHEDULE A DEMOCONTACT US

ABOUT RISKSENSERiskSense®, Inc. provides vulnerability prioritization and management to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. For more information, visit www.risksense.com or follow us on Twitter at @RiskSense.

RISKSENSE PLATFORM BENEFITS

Cover a Growing Attack Surface

Cyber Risk Metrics

Strengthen Security and IT Collaboration

Orchestrate and Automate Responses

Enhanced Threat Visibility

Bring together all vulnerability viewpoints and scan data from network, applications, and AWS cloud sources.

View internal RiskSense Security Scores (RS³) with set or customized asset groupings and know your overall enterprise security level. See how attackers view your organization with external RiskSense Security Score (xRS³). Close the gap and manage your vulnerability exposure from all perspectives.

Set specific risks to have accelerated and customized remediation workflow with automated vulnerability assignments, IT ticket creation, and validation priorities.

Dashboards to view ransomware exposure, application weaknesses (SAST/DAST/OSS), and vulnerability prioritization. Unprecedented threat visibility across assets, departments, agencies, and custom tagged environments.

Flexible and bi-directional integrations remove complexity and overhead when security and IT teams collaborate on remediation. Easily work, track, and report on status in the manner your organization requires.

AI-driven threat analytics guided by industry-leading researchers and penetration testing team. They contribute manual findings, team exploit validations, and newly discovered vulnerabilities enriching the hundreds of intelligence sources used in the RiskSense platform.

Intelligence-Driven Risk Analytics

Full Spectrum Risk-Based Vulnerability Management