RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. © 2017 RiskSense, Inc.

SOLUTION BRIEF

RiskSense Platform

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 1

SOLUTION BRIEF

Executive SummaryThe RiskSense Platform is a Software-as-a-Service (SaaS) solution designed to assist organizations in identifying, prioritizing, and orchestrating cyber risk remediation. The Platform consumes and correlates vulnerability scan data, threat feeds, passive threat analysis, and human intelligence to provide organizations with an automatically generated, comprehensive risk score known as the RiskSense Security Score (RS³).

RiskSense quantifies and measures risk at the asset level for both internal and external assets (see Figure 1). RiskSense’s threat-centric risk scoring methodology provides the capability to measure, monitor, and track overall cyber-attack susceptibility and presents risk scores for every individual asset. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility.

To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities but also assess whether vulnerabilities are exploitable and what risks they represent. RiskSense identifies the vulnerabilities most likely to be used by adversaries to carry out infiltration and utilize post-exploitation techniques to launch a successful lateral attack across the enterprise. RiskSense provides visibility, prioritization, and actionable remediation recommendations to shrink an organi-zation’s attack surface and cyber risk exposure.

The RiskSense Platform provides organizations with a flexible, scalable solution capable of addressing critical business needs. Utilizing the Smart Connector Framework, organizations have numerous options for uploading data to and exporting data from the Platform. RiskSense’s scalable framework allows the Platform to handle significant amounts of data, ensuring that organizations have the most comprehensive view of their security posture.

The Executive Dashboard (see Figure 2) presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. Organizations can customize their Dashboard to provide critical information quickly, allowing leadership to prioritize and measure their remediation strategies and protect their networks and data.

BUSINESS CRITICALITY

EXTERNAL THREAT DATA

INTERNAL SECURITY INTELLIGENCE

Exploits Malware Threats Reputation Geo

Vulnerabilities Events

Many More…

Many More…Configuration Controls Patches

Board

BusinessStakeholders

IT Operations

Auditor

SecurityOperations

Figure 1

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 2

SOLUTION BRIEF

Platform and Risk Scoring OverviewData Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.

Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.

RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.

An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.

Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.

Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates

The RiskSense PlatformThe RiskSense Platform is an interactive and collaborative solution for cyber risk management, providing up-to-date information about an organization’s current cyber risk posture across a dynamic, growing attack surface of network assets, web applications, and databases. The Platform is a fully functional, commercially available technology ready for demonstration and implementation.

The RiskSense Platform consumes and correlates data from tools such as vulnerability scanners, application scanners, database scanners, configuration management systems, threat feeds, open source threat Intelligence, and human intelligence.

One of the core differentiators of RiskSense is a threat-centric approach to risk scoring and vulnerability prioritization. Threat-centric risk scoring and vulnerability prioritization focuses on remediating the vulnerabili-ties with the highest probability of being targeted and exploited in the wild. The probability of a vulnerability being targeted is not based on its criticality, its Common Vulnerability Scoring System (CVSS) score, nor the business context of where the vulnerability resides—it is based on which vulnerabilities are actively being targeted by threat actors in the wild and leveraged in malware, exploit kits, and ransomware. Remediating these first will permit a gradual risk reduction approach for the remaining vulnerabilities.

a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.

Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.

Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.

In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also

incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.

Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.

The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.

SOLUTION BRIEF

Data Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.

Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.

RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.

An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.

Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.

Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 3

a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.

Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.

Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.

In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also

incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.

Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.

08/26/2016 11/19/2017

Group Details

+2

Overall RiskSense Security Score (RS³)

616

12.0KTotal # of Assets Vulnerability Distribution

High1361

Med

1010Low

443 Oct 1 Oct 1Jan 1 Apr 1 Jul 1

RiskSense Security Score (RS³) Trend

300

400

550

850800

700

START DATE END DATE

Friday, Aug 29 2016

Oct 31 2016 RS3 614Sunday, Nov 19 2017

High Risk Critical Assets 1625

+2

Average Remediation Time 198d

Average Response Time 123d

Assets with High Severity Vulnerability

5948

Age of Oldest High Severity Vulnerability

4.2yr

0

0

Exploitable Assets3724

-5

-15

-1

Overview

16/10

16/3

0/0

34/12

0/0

0/0

0/0

10/3

49/5

0/0

44/16

0/0

0/0

0/0

0/0

0/0

21/10

0/0

31/5

34/3

0/0

0/0

0/0

51/49

0/0

124/83

19/17

10/11

0/0

0/0

31/24

0/0

137/73

41/21

6/5

0/0

0/0

5/3

0/0

99/50

44/19

4/4

Teachers Retirement System

Sales Portal

Real Estate Commision

Payroll

New BST Group

Med Center-South

Judicial Branch

10

0

484

0

583

697

460

609

637

0

1

4

1

23

49

1

0

0

4

0

23

49

1

1

1

0

1

0

0

0

Group Name RS³BusinessCriticality

Network Vulns (Total/Unique) Application Vulns (Total/Unique)Assets

Total Network App High Med Low High Med Low

2

0/0 0/0 0/036.4K/408 10.9K/346 13.4K/61Human Resources 5198 5198 03

0/0 0/0 0/061/61 43/32 14/11Finance 283 283 04

0/0 0/0 0/00/0 0/0 0/0End of Life 0 0 01

2

1

1

4

2

1

Color shows RS3 scoreSize shows # of assets

RiskSense Security Score (RS³) by Group

Groups with RS³

13

300 400 550 700 800 850

Executive > Executive Dashboard

EXECUTIVE NETWORK APPLICATION FILES ANALYTICS TEST USERNAMETEST CLIENT

The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.

0/00/0

Figure 2

Human ResourcesRS3 Score 609Hosts 5198High Risk Hosts 3244

288

SOLUTION BRIEF

Data Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.

Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.

RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.

An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.

Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.

Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 4

a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.

Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.

Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.

In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also

incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.

Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.

The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.

Figure 3

THREAT DATAAttack Prediction

S T I X & T A X I I *

X

ML • API • CSV

TIP

600600600625

600625

600550

Millions of Findings

Sc

alable Solution for

Threat Intelligence Platform• Client Threat Feeds• Partner Threat Feeds• Industry Threat Feeds

RS³ Weight Distribution

RS³ Weight

Distribution

Client Data

Vulnerability FeedsVulnerabilities (CVEs) •

Product Version •Patches (CVRF) •

Mapping (OWASP, CWE, CPE) •Zero Day • RS³ Weight Distribution

RS³ Weight Distribution

VULNERABILITY DATA

Timely Vulnerability Alert

Import and Export through API

Vulnerability-Centric Threat ProgramCVE Risk Rating •

RiskSense Verified (RSV) •IP Reputation •

CVE Exploitability & Susceptibility •CVE to Exploit , Malware Mapping •Weaponization Timeline Analysis •

* Version 1.2

• CVE• CWE• OWASP• Exploit• Malware• CVSS

• Database Vulnerabilities• Default Passwords• RiskSense Proof-of-Compromise• IP-Based Accessibility• User Specified Business Criticality• Business Criticality from Asset Management System

Attributes with Weights Contributing to RS³

RiskSense Solution At-a-GlanceNear real-time RS³ cyber risk scores

© 2017 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. SB_RiskSensePlatform_12072017

RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk.

Contact Us Today to Learn More About RiskSenseRiskSense, Inc. | +1 844.234.RISK | +1 505.217.9422 | info@RiskSense.com

SCHEDULE A DEMOCONTACT US