For those of us who have the task of finding vulnerabilities and patching computer systems we know how complex and tough a task this can be. When you have 60,000 or more vulnerabilities which need to be patched where do you start? How can your patching team keep up with the load? How do you know your actions are making your organization more protected from cyber threats?
RiskSense has taken this very complex and very difficult cybersecurity challenge and made it easy, actionable and calculable. The platform takes in any kind of vulnerability scan and will create a score for your organization of the total risk you currently have. This "risk" score was designed to be similar to a credit score so that it can be easily understandable to the users. Doing so allows clear visibility and understanding of how much risk your organization is currently taking. Going deeper into the dashboards you can view your risk over time as you continue to patch your systems so you can see the effects and know beyond a doubt you are making a positive impact.
How can we trust RiskSense's scoring capabilities? They evaluate risk in a number of very intelligent ways.
There are two main methods the system uses to determine how much risk you are taking which go above and beyond the CVSS(Common Vulnerability Scoring System) associated with vulnerabilities. First the system associates the organization's vulnerabilities with vulnerabilities currently being used by malware. Second it associates your vulnerabilities with the vulnerabilities which are currently being used by malicious hackers and criminals. A CVSS may show a CVE(Common Vulnerability and Exposure) as HIGH or CRITICAL but does that actually mean it is a danger to your organization? The answer to this is sadly no. The CVSS does not determine which CVEs are used by malware or people. With tens of thousands of vulnerabilities which need patching why would you spend time patching ones not being used by malicious software or people? You wouldn't. Without RiskSense this analysis would be extremely time consuming and troublesome. RiskSense does this automatically, allowing you to focus your efforts on aspects of your environment which are leaving you truly at risk. They funnel your vulnerabilities so that your patching team knows which to focus on first truly alleviating your risk and in tandem decreasing your "risk" score. It makes the work your patching team does highly focused and effective and the RiskSense team is constantly updating definitions by identifying trending vulnerabilities used by bad actors now.
Another difficulty with this type of work is organizing who does the patching, when and how. RiskSense allows complex workflows and integrates with other products to keep everyone up to date on the status of patching. It provides an audit history of all actions taken on past vulnerabilities and its powerful console allows you to assign tasks to individuals on how to handle your current CVEs as well as your patches. Now everyone knows what was patched and by who and when. If your team decided not to patch certain systems, mitigation notes can be added and you can choose to remove the impact of the vulnerability from your risk score at your discretion.
RiskSense is a highly complex platform with many more features still not mentioned. Some features of note include it's ability to add detailed playbooks, integrations, as well as it's ability to organize vulnerabilities across teams and business units. Additionally, we only scratched the surface of its dashboard and reporting capabilities. If you are looking for a clear way to truly understand your cybersecurity risk, there is no better solution than RiskSense.
RiskSense is one of our partner products that is highly respected within Wholepoint Systems. If you are interested in a demo or have any questions feel free to set a time with us below.