Risk

10/15/2018
01:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New RiskRecon Asset Risk Valuation Algorithms Manage Third-Party Cyber Risk

New algorithms solve the cyber risk equation by automatically determining the risk value of computer systems, enabling precise cyber risk assessment and action.

Salt Lake City, Utah -- RiskRecon, a platform provider for understanding and acting on third-party cyber risk, announced asset valuation algorithms that automatically determine the inherent risk value of any Internet-facing system. Automatically determining asset value is critical to managing cyber risk because it enables organizations to easily create action plans focused on addressing risk.

"Risk professionals spend too much time analyzing mountains of issues to determine the risk relevance," explained Kelly White, Co-Founder and CEO of RiskRecon. "RiskRecon automatically contextualizes every issue with issue severity and asset value that enables professionals to easily identify risk priorities and needed action."

RiskRecon visually summarizes issue risk priority within a "Risk Prioritization Matrix," showing each issue within the context of issue severity and asset risk value. Summarizing the risk priority of 3,000,000 issues existing in commercial Internet-facing systems reveals that only 0.12% are critical severity issues in high-value assets. "The vast majority of risk resides in less than 6% of total issues," explained White. "RiskRecon enables you to easily identify the issues of risk that matter and, just as importantly, identify the issues that don't."

Jack Jones, Chairman of the FAIR Institute and Co-founder of RiskLens, noted that: "Far too much energy in information security is wasted on resolving issues that don't matter. As the FAIR model promotes, effective risk management requires understanding the probable frequency and magnitude of loss; that depends on understanding asset value. I am really pleased to see RiskRecon bring the ability to automatically determine asset value to market."

RiskRecon's asset valuation algorithms automatically assign a value to cyber assets such as systems, domains, and networks. The algorithms also tag each asset with value indicators, including the system's functionality and the data types it collects; these indicators enable risk professionals to immediately understand any asset's value.

Deployed to third-party risk management, RiskRecon's automated risk assessments provide precise visibility into vendor cyber risk performance, enabling better third-party risk outcomes with greater efficiency.

RiskRecon customers use this capability to better solve third-party cyber risk, enabling them to identify and act on the vendors and issues that expose them to the greatest risk. Organizations also leverage RiskRecon to better understand their own risk surface and exposures.

To learn more about RiskRecon's approach, request a demo or visit the website at www.riskrecon.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469
PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146
PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727
PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.