RiskSense platform now provides visibility across both infrastructure and application vulnerability risk
RiskSense announced a new version of the cloud-delivered RiskSense platform that harmonizes threat analysis, prioritization and risk scoring across network-based assets as well as applications.
Unlike competitive approaches which provide separate views of infrastructure and application vulnerabilities, RiskSense automatically calculates risk across CVEs and CWEs for a full-spectrum view.
“RiskSense helps organizations rapidly reduce risk and provides a new understanding of how applications and their vulnerabilities affect the entire attack surface,” said Dr. Srinivas Mukkamala, CEO of RiskSense.
“This enables customers, for example, to assess security risks present on servers and the applications running on them in a holistic fashion, and to take the best, most cost-effective steps to decrease their exposure”.
Unified, normalized, and prioritized full stack vulnerability management
To provide visibility across both infrastructure and application vulnerability risk exposure from development through production, RiskSense aggregates and normalizes outputs from multiple data sources including SAST, DAST, Open Source Software (OSS), containers, pen testing and bug bounty programs.
This holistic approach enables organizations to easily pinpoint and fix vulnerabilities in their attack surface regardless of the application stack, code weakness location, or infrastructure point.
RiskSense consumes heterogeneous vendor and application scanner data, including both CVE and CWE information, incorporates threat context, and calculates risk as a single unit of measure called the RiskSense Vulnerability Risk Rating (VRR) to deliver the highest-fidelity risk prioritization.
The RiskSense Application Security Dashboard provides developers and DevOps personnel a global view of application vulnerabilities allowing them to drill-down to detailed findings and their locations.
The OWASP Top 10 and CWE Top 25 Most Dangerous Software Errors are also presented to help improve developer knowledge and productivity. With full support for popular ticketing systems, cross-functional teams can manage remediation assignments step-by-step through to validation, knowing exactly what to do next.