Cyber risk management company RiskSense Inc. expanded on Wednesday its RiskSense Attack Surface Validation capabilities beyond networks, Web applications, and databases to Internet of Things (IoT) devices and Operational Technology (OT) networks to provide a holistic view of an organization’s cyber risk exposure.
RiskSense has expanded its Attack Surface Validation capabilities to cover technologies and environments including microservices and containers; smart logistic systems like a smart vending machines; Internet of Things such as irrigation systems and traffic guidance systems; Proprietary healthcare systems like pacemakers; Internet-connected physical access control systems such as mobile keyless entry systems; industrial control systems such as electrical grid distribution control systems; and self-driving car technology and automotive control systems.
RiskSense has already implemented these capabilities with customers in key industry sectors. The RiskSense Attack Surface Validation Service provides a fully-managed assessment of vulnerabilities most likely to be exploited by cyber adversaries to infiltrate an organization and carry out lateral attacks inside the network. This service provides the visibility, prioritization, and actionable remediation recommendations to shrink an organization’s attack surface and reduce overall cyber risk exposure.
The RiskSense Attack Surface Validation Service is delivered via the company’s RiskSense Platform, which contextualizes scanned data with external threat information. The resulting threat intelligence is then supplemented with human-interactive machine learning analysis.
This leads to a more accurate prioritization of risk impacts. In addition, the RiskSense Platform provides synchronous access to findings in real-time and can be used to quickly orchestrate remediation actions and monitor the results. The platform is supported by a deep bench of security researchers and exploit writers.
Organizations are already faced with monitoring and protecting a wide and deep attack surface that spans the network, endpoints, applications, cloud services, and mobile devices. The advent of microservices, connected IoT devices, and erosion of the air-gap security perimeter around industrial control systems (ICS) is extending this surface area exponentially.
“For decades, organizations have focused their security efforts on network perimeter defenses to protect servers, endpoints, and network equipment,” said Dr. Srinivas Mukkamala, co-founder and CEO at RiskSense. “However, in an interconnected world, a ‘hardware-defined’ approach has lost its relevance. As organizations transition to software-defined networks, they need to look beyond the network layer to protect their IT assets. RiskSense’s expanded Attack Surface Validation was designed to address this visibility gap and the risks associated with it.”
RiskSense unveiled earlier this year RiskSense Platform 7.0 integrated platform that allows governments and enterprises to identify cyber risk exposure across their network, endpoint, application and database layers. In addition to continuously assessing, scoring, and prioritizing cyber risks, RiskSense assists in orchestrating remediation and validating the results.
The RiskSense Platform 7.0 enables organizations to manage their cyber risks by unifying and contextualizing internal and external security intelligence into a single view, and then correlating these findings with business criticality to drive risk-based remediation.