RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. © 2018 RiskSense, Inc.

SOLUTION BRIEF FOR RISKSENSE VULNERABILITY DISCOVERY

RiskSenseVulnerability Discovery

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 1

SOLUTION BRIEF FOR RISKSENSE VULNERABILITY DISCOVERY

Raise the Bar on Finding Risk Exposure“Having the flexibility to leverage RiskSense Vulnerability Discovery service allows our team to focus on other higher priority projects.”

Combatting the new normal for digital business requires discovering what is critical emerging from the volume of vulnerabilities across an organization. Fighting back takes more than just prioritizing security hygiene. Actions and remediation have to make measurable steps to reduce cyber risk, as there will always be a backlog of vulnerabilities and growth of exploits in the wild. Do you have the manpower,experience, and tools to uncover and inventory your exposure? This entails having a complete picture of all of your IT assets and their criticality to your business. Are you leveraging the most relevant intelligence to assess threats and likely attack methods? Our customers had vulnerability management programs didn’t scale well and lagged behind in correlating exposure and attack risk. With RiskSense they achieved immediate risk-based prioritization of their vulnerabilities and the assessment ensured that nothing was missed across their IT infrastructure. Comprehensive view of their risk profile along with the delivery of results through the RiskSense platform accelerated and made their remediation effort more effective.

The RiskSense Vulnerability Discovery service greatly reduces an organization’s risk profile. Previously unknown network, application, and database vulnerabilities emerge daily, and organizations realize that they must detect and mitigate these vulnerabilities before a cyber adversary can exploit them. The quantity and diversity of vulnerabilities is makes it difficult for organizations to confidently manage risk exposure by themselves. RiskSense Vulnerability Discovery helps organizations, from mid-size to Fortune 500, to quickly identify, quantify, and ultimately prioritize their remediation actions. Whether it is a one-time engagement or ongoing service, RiskSense provides our findings immediately through our RiskSense platform. Our customers can easily track the vulnerabilities, see the recommended remediation activities and leverage our integrated external threat intelligence uncovering the most likely attack scenarios. This allows for a risk-based, rather than CVE-based vulnerability prioritization.

The RiskSense Vulnerability Discovery service includes:

• Vulnerability discovery using our library of scanners and custom-built tools• The identification of misconfigurations and vulnerabilities on an organization’s network• Reconnaissance and device discovery within scope for the engagement• Detailed analysis of the assessment results, including the scanning and obtained

configuration data• Remediation recommendations• Delivery of findings through our RiskSense Platform that calculates priority and

provides an executive-friendly risk profile score

MethodologyThe RiskSense Vulnerability Discovery service methodology follows a four-step process:

Immediate Risk-based Prioritization

• Configuration of multiple remote scanning tools

• Set goals and objectives• Scope of targets• Timelines• Roles and responsibilities

• Scanning• Reconnaissance• Device discovery• Enumeration and mapping • Contextualization

• Detail Analysis• Recommendations

Scoping Tool Configuration and Deployment Execution Final Results

1 2 3 4

SOLUTION BRIEF FOR RISKSENSE VULNERABILITY DISCOVERY

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 2

Modernizing Results DeliveryRiskSense Vulnerability Discovery services leverages the RiskSense Platform as a key component enhancing the value we provide to our customers. All findings and associated data are passed into the platform, quickly identifying relevant vulnerabilities with risk ranking and providing easy to understand remediation recommendations. As results come in from the various scans and tests, organizations can start to take immediate action. Valuable time is recovered, and focused toward remediation, versus waiting for reports to be formalized, interpreted, and then delegated for remediation.

ServiceThe service will provide passive reconnaissance, without triggering alerts on an organization’s security defenses, using our library of service tools. Vulnerability discovery using our library of scanning tools include common, off-the-shelf, open source, and RiskSense developed tools from our industry-leading security analysts. Our analysts verify the identification of misconfigurations and vulnerabilities to eliminate false positives using both automated and manual efforts.

Frequency and Scope• External and Internal Network Vulnerability Discovery is recommended• One-time Assessment• Quarterly• Monthly

Customers that opt for re-occurring services benefit with the ability to measure against their risk profile score from their previous findings and have immediate visibility to re-occurring vulnerabilities and exposed areas within their networks.

DeliverablesThe following three deliverables are the product of the RiskSense Vulnerability Discovery service:

Detailed Findings and Recommendations: Describes the findings in detail, with evidence, and calls out recommendations based on the risk to the business.

Remediation Priorities: Provides a prioritized view of all the findings based on the potential negative impact to the business and likelihood of exploit correlating with threat intelligence within the RiskSense platform.

Cyber Profile Risk Analysis: Details high-priority risks and provides an executive summary with risk score, much like a credit score, to easily communicate the most beneficial actions that will reduce potential exposure.

© 2018 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. SB_RSVulnerabilityDiscovery_08132018

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk.

Contact Us Today to Learn More About RiskSenseRiskSense, Inc. | +1 844.234.RISK | +1 505.217.9422 | info@RiskSense.com

SCHEDULE A DEMOCONTACT US READ OUR BLOG

About RiskSenseRiskSense, Inc., is the pioneer and market leader in pro-active cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing attack surface. The company’s Software-as-a-Service (SaaS) platform transforms cyber risk management into a more pro-active, collaborative, and real-time discipline.

The RiskSense Platform® embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries. As part of a team that collaborated with the U.S. Department of Defense and U.S. Intelligence Community, RiskSense founders developed Computational Analysis of Cyber Terrorism against the U.S. (CACTUS), Support Vectors Intrusion Detection, Behavior Risk Analysis of Vicious Executables (BRAVE), and the Strike Team Program.