RiskRecon's SaaS solution strengthens third-party IT risk management programs with continuous monitoring and rating of vendor security quality.
SALT LAKE CITY, Oct. 6, 2016 /PRNewswire/ -- Today, RiskRecon makes its first formal product announcement after a period of operating production implementations at clients across a variety of industries. RiskRecon's SaaS solution enables organizations to bring greater transparency and accountability to their risk management programs by providing actionable, objective and continuous information on the security posture of their vendors and business associates.
"The methods currently used for managing third-party risk can't keep pace with the rapid growth in the number of vendors, partners and business associates maintained by enterprise organizations nowadays," said RiskRecon CEO Kelly White. "Today's IT ecosystems are highly interdependent, and the protection of assets depends on the security quality of each third party. The big question every company needs to ask itself on a daily basis is, 'Are the security programs of each third party sufficient to ensure the protection of company assets?' Typical methods, most of which require manual tracking or provide snapshot-in-time data, don't provide organizations with the continuous information needed to validate third parties and make smart decisions on trust and priorities."
RiskRecon offers an approach unlike any other option available in the industry. To evaluate a third party, clients simply type in the name of the company, and RiskRecon provides a comprehensive set of security ratings supported by the direct evidence necessary to take action. Using only ethical techniques, RiskRecon automatically discovers the target organization's entire public IT footprint and then applies proprietary methods for capturing and analyzing all relevant security performance signals.
RiskRecon provides visibility and control over third-party risk reality, including:
- Deep asset discovery and detailed system profiling that reveals third and fourth-party hosting providers, system software and related configurations.
- Automated analysis of the enterprise and each asset using thousands of proprietary security signatures and millions of threat intelligence data points.
- Scoring of the overall enterprise security performance based on analytics and assessments across 10 security domains and 50 security performance criteria.
- Scoring using straightforward ratings system coupled with clear, actionable measurements to pinpoint risk.
- Actionable findings supported by detailed evidence that identifies specific issues down to the host level and related offending configuration.
- Trending of security performance over time.
- Automated alerting of critical events and score changes.
- A unique capability to rapidly identify exposure to new and emergent risks (e.g., "CIRT" search capability).
"To manage the risk associated with tens and hundreds of third-party providers, companies typically rely on each partner attesting to its effectiveness through security questionnaires, documentation and proof of certifications," said RiskRecon President Eric Blatte. "However, these methods by themselves do not provide sufficient measurement precision and do not scale to meet the demands of today's risk reality."
RiskRecon fills this void with continuous analysis, evidence-based security ratings, root causes and fixes, and alerts on immediate threats and declining security scores. Its third-party risk solution benefits companies of any size, from small local businesses to large- scale global enterprises. RiskRecon's customers include Fortune 500 companies and mid-size organizations across a variety of industries.
RiskRecon is the only continuous vendor monitoring solution that delivers risk-prioritized action plans custom-tuned to match your risk priorities, providing the world’s easiest path to understanding and acting on third-party cyber risk. Partner with RiskRecon to build your scalable, third-party risk management program to realize dramatically better risk outcomes. To learn more about RiskRecon’s approach, request a demo or visit the website at www.riskrecon.com.
Connect with RiskRecon: