Risk I/O, a vulnerability intelligence platform designed to help organizations report and mitigate security vulnerabilities, has released the latest version of its SaaS-based vulnerability threat management platform.
With the release, Risk I/O offers a perimeter scan and a breach analysis that displays the most likely entry points with a prioritized remediation list to quickly reduce the risk of a breach.
All of this information is summarized in a “Risk Meter”, the company said. Risk I/O is also offering a free “Technology Threat Service” via RiskDB, identifying a technology’s security risk based on known Internet breaches and attacks.
“Vulnerability assessment and remediation is a daunting task for any business, particularly those with small security teams that are strapped for resources. There is such a vast amount of vulnerability data generated every day, many companies just don’t know where to start,” said Ed Bellis, CEO and cofounder of Chicago-based Risk I/O.
“With Risk Meter scoring, you know which assets are most at risk, so you know exactly where to start. This saves time and helps reduce risk exposure,” Bellis said.
“Relying solely on the knowledge of existing vulnerabilities, provided by vulnerability scanners, is only the first step in a streamlined vulnerability management process,” Torsten George, VP of Worldwide Marketing and Products at Agiliance, noted in a recent SecurityWeek column. “Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources.”
This problem is exactly what Risk I/O hopes to resolve.
Risk I/O’s platform continuously aggregates attack data, breach data and exploit data from across the Internet, and correlates the data with an organization’s vulnerability scan results to monitor exposure.
According to Risk I/O, highlights from the latest release of Risk I/O include:
▪ Risk Meter Risk Scoring – With Risk I/O’s unique Risk Meter scoring, security teams now have a prioritized view of their greatest exposure to known Internet breaches and exploits, in near real-time. The risk score includes a summary of the number of vulnerabilities found in each environment, as well as how many are easily exploitable, observed as breaches in the wild, and how many are popular targets.
▪ Bundled Perimeter Scan – For businesses that need to understand their vulnerability and exploit risk in real-time but lack vulnerability scan data, Risk I/O now bundles a perimeter scan with its service. The perimeter scan can be up-and-running within minutes and allows organizations to start gaining visibility immediately.
▪ Technology Threat Service – Risk I/O offers RiskDB, a free, centralized, and open repository of security vulnerabilities sourced from vulnerability databases. It provides up-to-the-minute information on security-related software flaws, misconfigurations, vulnerabilities, and threat advisories that can be used to aid in vulnerability remediation and compliance. Security teams can now receive an immediate risk score in near real-time.
“Any group dealing with a sizable environment isn’t struggling with finding security defects, but rather with managing the mountain of data produced by their vulnerability assessments, penetration testing, and threat modeling in order to fix what’s most important first,” explained Risk I/O Data Scientist, Michael Roytman.
“Its our goal to help companies understand their security risk and prioritize what is most important,”continued Bellis. “By offering a free risk profile through RiskDB and a perimeter scan, any company can understand where they are most at risk regardless of the tools they have deployed.”
“In today’s fast moving threat environment, vulnerability management, when deployed as a stand-alone discipline that does not apply risk-based metrics for ranking and prioritizing remediation efforts may be making organizations less, not more secure,” George concluded in his column.