Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

10/15/2018
01:35 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New RiskRecon Asset Risk Valuation Algorithms Manage Third-Party Cyber Risk

New algorithms solve the cyber risk equation by automatically determining the risk value of computer systems, enabling precise cyber risk assessment and action.

Salt Lake City, Utah -- RiskRecon, a platform provider for understanding and acting on third-party cyber risk, announced asset valuation algorithms that automatically determine the inherent risk value of any Internet-facing system. Automatically determining asset value is critical to managing cyber risk because it enables organizations to easily create action plans focused on addressing risk.

"Risk professionals spend too much time analyzing mountains of issues to determine the risk relevance," explained Kelly White, Co-Founder and CEO of RiskRecon. "RiskRecon automatically contextualizes every issue with issue severity and asset value that enables professionals to easily identify risk priorities and needed action."

RiskRecon visually summarizes issue risk priority within a "Risk Prioritization Matrix," showing each issue within the context of issue severity and asset risk value. Summarizing the risk priority of 3,000,000 issues existing in commercial Internet-facing systems reveals that only 0.12% are critical severity issues in high-value assets. "The vast majority of risk resides in less than 6% of total issues," explained White. "RiskRecon enables you to easily identify the issues of risk that matter and, just as importantly, identify the issues that don't."

Jack Jones, Chairman of the FAIR Institute and Co-founder of RiskLens, noted that: "Far too much energy in information security is wasted on resolving issues that don't matter. As the FAIR model promotes, effective risk management requires understanding the probable frequency and magnitude of loss; that depends on understanding asset value. I am really pleased to see RiskRecon bring the ability to automatically determine asset value to market."

RiskRecon's asset valuation algorithms automatically assign a value to cyber assets such as systems, domains, and networks. The algorithms also tag each asset with value indicators, including the system's functionality and the data types it collects; these indicators enable risk professionals to immediately understand any asset's value.

Deployed to third-party risk management, RiskRecon's automated risk assessments provide precise visibility into vendor cyber risk performance, enabling better third-party risk outcomes with greater efficiency.

RiskRecon customers use this capability to better solve third-party cyber risk, enabling them to identify and act on the vendors and issues that expose them to the greatest risk. Organizations also leverage RiskRecon to better understand their own risk surface and exposures.

To learn more about RiskRecon's approach, request a demo or visit the website at www.riskrecon.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15151
PUBLISHED: 2019-08-18
AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.
CVE-2019-15149
PUBLISHED: 2019-08-18
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected.
CVE-2019-15145
PUBLISHED: 2019-08-18
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::get_direct_context in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h.
CVE-2019-15146
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has a heap-based buffer over-read (4 bytes) in GPMF_Next in GPMF_parser.c.
CVE-2019-15147
PUBLISHED: 2019-08-18
GoPro GPMF-parser 1.2.2 has an out-of-bounds read and SEGV in GPMF_Next in GPMF_parser.c.