RiskRecon released its asset valuation algorithms that determine the inherent risk value of any Internet-facing system. Automatically determining asset value is critical to managing cyber risk because it enables organizations to create action plans focused on addressing risk.
“Risk professionals spend too much time analyzing mountains of issues to determine the risk relevance,” explained Kelly White, Co-Founder and CEO of RiskRecon. “RiskRecon automatically contextualizes every issue with issue severity and asset value that enables professionals to easily identify risk priorities and needed action.”
RiskRecon visually summarizes issue risk priority within a “Risk Prioritization Matrix,” showing each issue within the context of issue severity and asset risk value. Summarizing the risk priority of 3,000,000 issues existing in commercial Internet-facing systems reveals that only 0.12% are critical severity issues in high-value assets.
“The vast majority of risk resides in less than 6% of total issues,” explained White. “RiskRecon enables you to easily identify the issues of risk that matter and, just as importantly, identify the issues that don’t.”
Jack Jones, Chairman of the FAIR Institute and Co-founder of RiskLens, noted that: “Far too much energy in information security is wasted on resolving issues that don’t matter. As the FAIR model promotes, effective risk management requires understanding the probable frequency and magnitude of loss; that depends on understanding asset value. I am really pleased to see RiskRecon bring the ability to automatically determine asset value to market.”
RiskRecon’s asset valuation algorithms assign a value to cyber assets such as systems, domains, and networks. The algorithms also tag each asset with value indicators, including the system’s functionality and the data types it collects; these indicators enable risk professionals to understand any asset’s value.
Deployed to third-party risk management, RiskRecon’s automated risk assessments provide the visibility into vendor cyber risk performance, enabling better third-party risk outcomes with much greater efficiency.
RiskRecon customers use this capability to better solve third-party cyber risk, enabling them to identify and act on the vendors and issues that expose them to the risk. Organizations also leverage RiskRecon to better understand their own risk surface and exposures.