Many organizations are on the wrong end of an intrusion or data breach. Your board is likely reading a ton of press on this subject each week. While boards have great literacy on reading financials, they likely don’t have much clarity into your information security practices.
The inevitable question is “Will that happen to us?” Be ready. By taking a risk-based approach to threats, you can focus on the vulnerabilities that have the biggest risk impact for your organization. Resolver’s vulnerability management software can help you provide this education to your board and C-Suite using customized risk scoring algorithms and powerful dashboards to show your remediation efforts. We do all of this out-of-the-box.
Over 1000 of the world’s largest organizations use Resolver software to protect their employees, customers, data, brand, inventory, and shareholders.
We're here to answer any questions you may have.
With regards to vulnerability management, the RiskVision platform can allow you to perform the following:
With regards to threat management, the RiskVision platform can automatically import threat intelligence and correlate it with vulnerabilities when the threat intelligence provides CVE references.
Beyond vulnerability prioritization and importing threat intelligence, the team responsible for mitigating IT threats can assign remediation tickets required against a specific threat. The platform can also link to events and incidents to provide greater visibility into the impact of a specific threat in your environment.
Resolver’s RiskVision platform enriches vulnerability data with both exploit data and threat intelligence data. Both are used as important inputs to provide risk-based prioritization for vulnerabilities so that you can make sure you are prioritizing your riskiest vulnerabilities.
RiskVision supports importing threat data from CrowdStrike Falcon Intelligence and FireEye iSight Intelligence. RiskVision will allow other threat intelligence sources to be imported based on request.
For exploit data, RiskVision supports the Offensive Security Exploit Database. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software that aims to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources.
Yes, the RiskVision platform utilizes a robust risk-based scoring methodology that takes into account two components that together equal the risk of the vulnerabilities being measured. The first component is the Asset Criticality factor which represents how critical the asset is to the business (impact portion of the risk score); the more critical the asset, the higher the risk of a vulnerability being exploited on that asset. The second factor is the Vulnerability Risk Factor (likelihood of the vulnerability to be exploited) which considers CVSS vectors and additional data, including a threat factor, exploit factor, and number of days known.
RiskVision has pre-built connectors with more than 40 third-party products, including device vulnerability scanners like Rapid 7, Nexpose and Qualys; application vulnerability scanners like IBM Rational AppScan and HP Fortify WebInspect; and database scanners like Trustwave DBProtect and Imperva SecureSphere. See the full list of connectors.
The RiskVision platform has its own full-featured automated ticketing system. For organizations that want to integrate with their existing ticketing systems, RiskVision has bi-directional connectors to popular ticketing systems such as ServiceNow and Remedy. See the full list of connectors.
Yes, exceptions can be generated for a single vulnerability on a single or multiple asset, or for one asset for single or multiple vulnerabilities. When the exception is requested, the automated exception management workflow begins by sending a notification to the appropriate stakeholder for review/approval. Once approved, the clock starts ticking towards the expiration date or next review date that was set (i.e., 30, 60, or 90 days out), when it will be reviewed again, and either be extended or closed if no longer needed.
Fill out the form below and we will contact you shortly.