RiskSense released its AI-Assisted Pen Testing Service called Attack Surface Validation for Election Systems which provides visibility and prioritization of security vulnerabilities that enables any district to remediate problems before the midterms.
Findings are delivered through the RiskSense cloud-service and cover the assessment of a district’s entire voting ecosystem, including devices, applications, databases, networks, etc., for vulnerabilities, missing patches, misconfigurations, and more.
RiskSense allows resource and security expert-constrained districts to know what to fix, and receive validation that remediation actions were successful.
“I am not a security expert, but I knew it was important to assess the security of the technology and processes used in my district,” said the New Mexico Secretary of State.
“The priorities and prescriptive actions provided to our IT staff by RiskSense allowed us to prepare and remediate quickly as findings came to light with the specialized attack scenarios. We have the results to share amongst our constituents that our district will not be idle nor let our community be vulnerable to tampering.”
Most states and counties still rely on a complex, decentralized and aging election infrastructure. With limited resources and varying levels of cybersecurity expertise, many struggle to stay ahead of the increasing threat of unauthorized access, compromise and cyberattacks.
They also lack experience or funding to assess their potential exposure, and keep up with the threat intelligence and exploits that may be targeting their systems. RiskSense Attack Surface Validation for Election Systems addresses these challenges with an approach that delivers findings as they are encountered within the cloud platform.
“While internet-connected systems used for online voter registration and election night reporting have a significant attack surface, an end-to-end assessment of election systems is needed to understand which vulnerabilities truly matter,” said Srinivas Mukkamala, CEO of RiskSense.
“RiskSense looks at the security of the entire election ecosystem, including management, infrastructure, voter registration systems, poll books, vote tabulation, publishing systems, and more, to establish vulnerability priorities, and validate and measure the effectiveness of remediation actions.”
RiskSense Attack Surface Validation for Election Systems is comprised of the following five phases:
Passive reconnaissance: Obtains a fingerprint of the client’s test systems through passive reconnaissance. Reconnaissance is used to identify intelligence attackers can collect through passive means, without triggering alerts from security monitoring solutions.
Attack surface enumeration: Enumerates the sum of an organization’s security risk exposure.
Automated scanning: Uses network vulnerability scanners to test a targeted network for critical vulnerabilities.
Penetration testing: Attempts to validate the discovered vulnerabilities manually to determine possible methods of network compromise and/or access to sensitive data. RiskSense uses multiple techniques to demonstrate the nature and potential consequences of a breach.
Reporting: Collects all evidence in the form of screenshots, requests, responses, and commands issued during all phases of the assessment. Provides results with details of the exploited vulnerabilities, their severity and recommendations for remediation.
RiskSense Attack Surface Validation for Election Systems is now available. Pricing is based on number of monitored assets.