Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. © 2017 RiskSense, Inc.
SOLUTION BRIEF
RiskSense Platform
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 1
SOLUTION BRIEF
Executive SummaryThe RiskSense Platform is a Software-as-a-Service (SaaS) solution designed to assist organizations in identifying, prioritizing, and orchestrating cyber risk remediation. The Platform consumes and correlates vulnerability scan data, threat feeds, passive threat analysis, and human intelligence to provide organizations with an automatically generated, comprehensive risk score known as the RiskSense Security Score (RS³).
RiskSense quantifies and measures risk at the asset level for both internal and external assets (see Figure 1). RiskSense’s threat-centric risk scoring methodology provides the capability to measure, monitor, and track overall cyber-attack susceptibility and presents risk scores for every individual asset. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility.
To strengthen an organization’s cyber risk posture, it is essential to not only test for vulnerabilities but also assess whether vulnerabilities are exploitable and what risks they represent. RiskSense identifies the vulnerabilities most likely to be used by adversaries to carry out infiltration and utilize post-exploitation techniques to launch a successful lateral attack across the enterprise. RiskSense provides visibility, prioritization, and actionable remediation recommendations to shrink an organi-zation’s attack surface and cyber risk exposure.
The RiskSense Platform provides organizations with a flexible, scalable solution capable of addressing critical business needs. Utilizing the Smart Connector Framework, organizations have numerous options for uploading data to and exporting data from the Platform. RiskSense’s scalable framework allows the Platform to handle significant amounts of data, ensuring that organizations have the most comprehensive view of their security posture.
The Executive Dashboard (see Figure 2) presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. Organizations can customize their Dashboard to provide critical information quickly, allowing leadership to prioritize and measure their remediation strategies and protect their networks and data.
BUSINESS CRITICALITY
EXTERNAL THREAT DATA
INTERNAL SECURITY INTELLIGENCE
Exploits Malware Threats Reputation Geo
Vulnerabilities Events
Many More…
Many More…Configuration Controls Patches
Board
BusinessStakeholders
IT Operations
Auditor
SecurityOperations
Figure 1
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 2
SOLUTION BRIEF
Platform and Risk Scoring OverviewData Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.
Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.
RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.
An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.
Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.
Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates
The RiskSense PlatformThe RiskSense Platform is an interactive and collaborative solution for cyber risk management, providing up-to-date information about an organization’s current cyber risk posture across a dynamic, growing attack surface of network assets, web applications, and databases. The Platform is a fully functional, commercially available technology ready for demonstration and implementation.
The RiskSense Platform consumes and correlates data from tools such as vulnerability scanners, application scanners, database scanners, configuration management systems, threat feeds, open source threat Intelligence, and human intelligence.
One of the core differentiators of RiskSense is a threat-centric approach to risk scoring and vulnerability prioritization. Threat-centric risk scoring and vulnerability prioritization focuses on remediating the vulnerabili-ties with the highest probability of being targeted and exploited in the wild. The probability of a vulnerability being targeted is not based on its criticality, its Common Vulnerability Scoring System (CVSS) score, nor the business context of where the vulnerability resides—it is based on which vulnerabilities are actively being targeted by threat actors in the wild and leveraged in malware, exploit kits, and ransomware. Remediating these first will permit a gradual risk reduction approach for the remaining vulnerabilities.
a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.
Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.
Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.
In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also
incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.
Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.
The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.
SOLUTION BRIEF
Data Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.
Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.
RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.
An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.
Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.
Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 3
a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.
Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.
Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.
In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also
incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.
Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.
08/26/2016 11/19/2017
Group Details
+2
Overall RiskSense Security Score (RS³)
616
12.0KTotal # of Assets Vulnerability Distribution
High1361
Med
1010Low
443 Oct 1 Oct 1Jan 1 Apr 1 Jul 1
RiskSense Security Score (RS³) Trend
300
400
550
850800
700
START DATE END DATE
Friday, Aug 29 2016
Oct 31 2016 RS3 614Sunday, Nov 19 2017
High Risk Critical Assets 1625
+2
Average Remediation Time 198d
Average Response Time 123d
Assets with High Severity Vulnerability
5948
Age of Oldest High Severity Vulnerability
4.2yr
0
0
Exploitable Assets3724
-5
-15
-1
Overview
16/10
16/3
0/0
34/12
0/0
0/0
0/0
10/3
49/5
0/0
44/16
0/0
0/0
0/0
0/0
0/0
21/10
0/0
31/5
34/3
0/0
0/0
0/0
51/49
0/0
124/83
19/17
10/11
0/0
0/0
31/24
0/0
137/73
41/21
6/5
0/0
0/0
5/3
0/0
99/50
44/19
4/4
Teachers Retirement System
Sales Portal
Real Estate Commision
Payroll
New BST Group
Med Center-South
Judicial Branch
10
0
484
0
583
697
460
609
637
0
1
4
1
23
49
1
0
0
4
0
23
49
1
1
1
0
1
0
0
0
Group Name RS³BusinessCriticality
Network Vulns (Total/Unique) Application Vulns (Total/Unique)Assets
Total Network App High Med Low High Med Low
2
0/0 0/0 0/036.4K/408 10.9K/346 13.4K/61Human Resources 5198 5198 03
0/0 0/0 0/061/61 43/32 14/11Finance 283 283 04
0/0 0/0 0/00/0 0/0 0/0End of Life 0 0 01
2
1
1
4
2
1
Color shows RS3 scoreSize shows # of assets
RiskSense Security Score (RS³) by Group
Groups with RS³
13
300 400 550 700 800 850
Executive > Executive Dashboard
EXECUTIVE NETWORK APPLICATION FILES ANALYTICS TEST USERNAMETEST CLIENT
The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.
0/00/0
Figure 2
Human ResourcesRS3 Score 609Hosts 5198High Risk Hosts 3244
288
SOLUTION BRIEF
Data Import/Export FlexibilityThe RiskSense Platform includes a Smart Connector Framework, which allows for ingestion of internal security intelligence via CSV, XML, STIX, and API upload. The data is then reconciled and correlated before being contextualized with external threat data to put meaning behind the findings. Tying back into your organization’s asset criticality enables us to provide risk-based prioritization of necessary remediation actions, which can be visualized in a variety of formats. The data can be exported into various formats such as XML, XLSX, and CSV.
Near-Real Time Risk ScoringThe RiskSense Platform uses a threat-centric approach and proofs of compromise (validated real live exploits by bypassing existing security controls during red team exercises) to derive the RiskSense Security Score (RS³), which continuously measures, monitors, and tracks your organization’s overall exposure to risk and generates a score and visual representation of cyber risk posture at the organization, business unit level, and asset level. The score accounts for your internal security findings, external threats, and business criticality.
RS³ is a measure of resilience against cyber risks and is modeled after conventional credit scores. RiskSense uses several factors to calculate RS³, including vulnerability risk rating, exploitability, asset criticality, and external accessibility. Every asset is given a score, and the overall RS³ for an organization and its constituent groups is the average of all asset scores. Under the current scoring model, scores range from a maximum of 850 to a minimum of 300.
An organization can obtain risk scores for their entire organization, hosts, groups of assets, all the way down to individual assets. RiskSense’s RS³ scores are calculated at multiple levels of granularity. At the most granular level, RS³ can be calculated at the asset level. Additionally, the score can be propagated to different infrastructure hierarchical levels to which that asset belongs, all the way up to the organizational level.
Advanced Risk Scoring AlgorithmThe underlying RS³ computation algorithm uses a weight-based summation methodology. All attributes contributing to the RS³ algorithm are assigned (a) severity and (b) pre-defined weights. Examples of these attributes include CVE, internal/external asset, business criticali-ty, etc. For a given attribute, its severity (on a standard scale) is determined based on the certainty of its existence on the target asset. Weight of an attribute is determined based on its impact while attempting to compromise the target asset.
Each attribute’s severity assignment follows a different methodology based on its contextual importance in an organization’s overall security posture. For example, RiskSense calculates
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk. Page 4
a custom risk rating for CVEs that goes beyond the standard CVSS ranking, utilizing that information while calculating the severity of the CVE.
Versatile Dashboard InterfaceRS³ scores and vulnerability and threat data from the Platform is integrated into the RiskSense Platform Executive Dashboard, providing senior leadership with quick access to their risk scores and asset information. The Platform’s Executive Dashboard presents a holistic view of organizational cyber risk trend by bringing temporal analytics to cyber risk management. This Dashboard provides executives with a number of features, includ-ing a high-level overview of the organization’s risk posture, custom-izable dashboard views and filters, and interactive visualizations that provide additional contextual information.
Figure 2 shows the overview of the Executive Dashboard and its visual elements that provides actionable intelligence for efficient cyber risk management.
In addition to the Executive Dashboard, the RiskSense Platform also provides a number of different customizable reports that users can tailor to provide the details of different attributes of an organization’s security and cyber risk posture. The Platform also
incorporates an integrated ticketing system to assist organizations in monitoring their progress in remediating or mitigating vulnerabil-ities and reducing risk.
Scalable ArchitectureThe end-to-end data processing system pipeline is implemented using a combination of SQL and NoSQL technologies for scalability purposes. The data collection is performed using scheduled services that scrape for both structured and unstructured vulnera-bility and threat data over the Internet. The structured data is stored in SQL format, sustaining the relationships, and the unstruc-tured data is stored and processed using NoSQL (MongoDB) technologies. A master index is created that maps the relation-ships between structured data (vulnerabilities) and unstructured data (threat and OSINT). This index plays a crucial role in risk contextualization while computing RS³. Hence, a combination of partition-based batch processing is implemented while performing RS³ computations over millions of assets and findings. Finally, the data retrieval at scale is supported using ElasticSearch indices that pre-compute user-defined filters. Currently, the ElasticSearch indices allow RiskSense to store and retrieve more than 50 million data rows for different pre-defined filters, resulting in the Platform scaling to handle millions of assets.
The RiskSense DifferenceRiskSense, Inc., is the pioneer and market leader in proactive cyber risk management. The company enables enterprises and governments to reveal cyber risk, quickly identify, prioritize, orchestrate remediation, and monitor the results. This is done by unifying and contextualizing internal security intelligence, external threat data, and business criticality across a growing and changing attack surface. The company’s Software-as-a-Service (SaaS) threat-based platform transforms cyber risk management into a more proactive, collaborative, and real-time discipline. The RiskSense Platform embodies the expertise and intimate knowledge gained from real world experience in defending critical networks from the world’s most dangerous cyber adversaries.
Figure 3
THREAT DATAAttack Prediction
S T I X & T A X I I *
X
ML • API • CSV
TIP
600600600625
600625
600550
Millions of Findings
Sc
alable Solution for
Threat Intelligence Platform• Client Threat Feeds• Partner Threat Feeds• Industry Threat Feeds
RS³ Weight Distribution
RS³ Weight
Distribution
Client Data
Vulnerability FeedsVulnerabilities (CVEs) •
Product Version •Patches (CVRF) •
Mapping (OWASP, CWE, CPE) •Zero Day • RS³ Weight Distribution
RS³ Weight Distribution
VULNERABILITY DATA
Timely Vulnerability Alert
Import and Export through API
Vulnerability-Centric Threat ProgramCVE Risk Rating •
RiskSense Verified (RSV) •IP Reputation •
CVE Exploitability & Susceptibility •CVE to Exploit , Malware Mapping •Weaponization Timeline Analysis •
* Version 1.2
• CVE• CWE• OWASP• Exploit• Malware• CVSS
• Database Vulnerabilities• Default Passwords• RiskSense Proof-of-Compromise• IP-Based Accessibility• User Specified Business Criticality• Business Criticality from Asset Management System
Attributes with Weights Contributing to RS³
RiskSense Solution At-a-GlanceNear real-time RS³ cyber risk scores
© 2017 RiskSense, Inc. All rights reserved. RiskSense and the RiskSense logo are registered trademarks of RiskSense, Inc. SB_RiskSensePlatform_12072017
RiskSense Platform – the industry’s most comprehensive, intelligent platform for managing cyber risk.
Contact Us Today to Learn More About RiskSenseRiskSense, Inc. | +1 844.234.RISK | +1 505.217.9422 | [email protected]
SCHEDULE A DEMOCONTACT US