RiskRecon Brings Innovative Approach To Third-Party Risk Assessments

RiskRecon's SaaS solution strengthens third-party IT risk management programs with continuous monitoring and rating of vendor security quality.

Download PDF Here

SALT LAKE CITY, Oct. 6, 2016 /PRNewswire/ -- Today, RiskRecon makes its first formal product announcement after a period of operating production implementations at clients across a variety of industries. RiskRecon's SaaS solution enables organizations to bring greater transparency and accountability to their risk management programs by providing actionable, objective and continuous information on the security posture of their vendors and business associates.

"The methods currently used for managing third-party risk can't keep pace with the rapid growth in the number of vendors, partners and business associates maintained by enterprise organizations nowadays," said RiskRecon CEO Kelly White. "Today's IT ecosystems are highly interdependent, and the protection of assets depends on the security quality of each third party. The big question every company needs to ask itself on a daily basis is, 'Are the security programs of each third party sufficient to ensure the protection of company assets?' Typical methods, most of which require manual tracking or provide snapshot-in-time data, don't provide organizations with the continuous information needed to validate third parties and make smart decisions on trust and priorities."

RiskRecon offers an approach unlike any other option available in the industry. To evaluate a third party, clients simply type in the name of the company, and RiskRecon provides a comprehensive set of security ratings supported by the direct evidence necessary to take action. Using only ethical techniques, RiskRecon automatically discovers the target organization's entire public IT footprint and then applies proprietary methods for capturing and analyzing all relevant security performance signals.

RiskRecon provides visibility and control over third-party risk reality, including:

  • Deep asset discovery and detailed system profiling that reveals third and fourth-party hosting providers, system software and related configurations.
  • Automated analysis of the enterprise and each asset using thousands of proprietary security signatures and millions of threat intelligence data points.
  • Scoring of the overall enterprise security performance based on analytics and assessments across 10 security domains and 50 security performance criteria.
  • Scoring using straightforward ratings system coupled with clear, actionable measurements to pinpoint risk.
  • Actionable findings supported by detailed evidence that identifies specific issues down to the host level and related offending configuration.
  • Trending of security performance over time.
  • Automated alerting of critical events and score changes.
  • A unique capability to rapidly identify exposure to new and emergent risks (e.g., "CIRT" search capability).

"To manage the risk associated with tens and hundreds of third-party providers, companies typically rely on each partner attesting to its effectiveness through security questionnaires, documentation and proof of certifications," said RiskRecon President Eric Blatte. "However, these methods by themselves do not provide sufficient measurement precision and do not scale to meet the demands of today's risk reality."

RiskRecon fills this void with continuous analysis, evidence-based security ratings, root causes and fixes, and alerts on immediate threats and declining security scores. Its third-party risk solution benefits companies of any size, from small local businesses to large- scale global enterprises. RiskRecon's customers include Fortune 500 companies and mid-size organizations across a variety of industries.

About RiskRecon
RiskRecon, your trusted source for third-party risk information, provides a SaaS platform that delivers frequent, comprehensive and actionable security performance measurements and management tools to more effectively manage the risk reality of increasingly interconnected organizations.

Using proprietary data gathering techniques, RiskRecon creates a comprehensive risk management view of an extended enterprise's public IT footprint. Clients rely on RiskRecon to bring greater transparency, accountability and productivity to their third-party risk management processes. And, they trust that RiskRecon's continuous monitoring solution employs only ethical techniques – no proprietary vendor data, no permissions and no invasive scans. Learn more at www.riskrecon.com.


Subscribe to Email Updates

Recent Posts