Ivanti announced it has acquired RiskSense to drive the next evolution of patch management. This combination will enable organizations to shrink their attack surface, prioritize vulnerabilities to remediate, and reduce their exposure to cyber threats and ransomware attacks by taking a proactive, risk-based approach to patch management. Several robust risk-based vulnerability prioritization and remediation capabilities are already available to Ivanti Neurons for Patch Intelligence customers. The terms of the RiskSense transaction were not disclosed.
“Over the past two years, cyberattacks such as ransomware have crossed the line from being a nuisance to truly disrupting society,” said Srinivas Mukkamala, CEO of RiskSense. “And unpatched vulnerabilities remain one of the common points of infiltration into organizations’ ecosystems. I’m committed to the global fight against ransomware. And I truly believe that the combination of risk-based vulnerability prioritization and automated patch intelligence can help organizations reduce their exposure and make a major impact in global cyberspace. Together, RiskSense and Ivanti will help customers drive operational efficiencies and defend against the next wave of sophisticated cyber threats, including ransomware attacks.”
Solutions from the combined companies are expected to reduce the mean time to detect, discover, remediate, and respond to cyber threats, particularly critical vulnerabilities linked to or associated with ransomware.
Together, Ivanti and RiskSense will provide security and IT teams with context and adaptive intelligence regarding what their organization’s exposures are to vulnerabilities that are being actively exploited, including whether those vulnerabilities are tied to ransomware, and then enable them to quickly remediate those threats. This will improve the efficiency and effectiveness of security and IT operations teams in combatting weaponized vulnerabilities used by cyber adversaries.
Ivanti has already integrated the RiskSense Vulnerability Intelligence and Vulnerability Risk Rating, which prioritizes and quantifies adversarial risk based on factors such as threat intelligence, in-the-wild exploit trends, and security analyst validation, into Ivanti Neurons for Patch Intelligence. This feature is currently available to Ivanti Neurons for Patch Intelligence customers who also have RiskSense licenses.
This combination is occurring at a critical time, as the White House recently released a memo encouraging organizations to use a risk-based assessment strategy to drive patch management and bolster cybersecurity against ransomware attacks. Furthermore, Gartner listed risk-based vulnerability management as a top security project that security and risk management professionals should focus on in 2021 to drive business value and reduce risk.
“Ivanti has been a leader in patch management for many years, but the acquisition of RiskSense will take our capabilities to an even higher level,” said Jim Schaper, Ivanti Chairman and CEO. “This combination will allow us to provide our customers with a holistic view of vulnerabilities and exposures, and then enable them to take fast action through Ivanti Neurons for Patch Intelligence. Customers will be able to greatly reduce their attack surface and risk of breach because of the vulnerability intelligence and the resulting remediation prioritization based on actively trending exploits and ransomware attacks.”
“The combination of risk-based vulnerability prioritization and automated patch intelligence is completely unique to the market,” continued Mukkamala. “Ivanti and RiskSense are bringing two powerful data sets together. RiskSense has the most robust data on vulnerabilities and exploits, including the ability to map them back to ransomware families that are evolving as ransomware-as-a-service, along with nation states associated with APT groups. And Ivanti has the most robust data on patches. Together, Ivanti and RiskSense will enable customers to take the right action at the right time and effectively defend against ransomware, which is the biggest security threat today.”
“Patching without threat-context is not effective. Yet many IT and security teams attempt to patch every vulnerability,” said Michael Montoya, a Fortune 500 Chief Information Security Officer. “The combination of Ivanti and RiskSense is going to drive real value for organizations by enabling them to identify their prioritized vulnerability weaknesses and then accelerate remediation.”
Ivanti is a private company backed by investors Clearlake Capital Group, L.P., Charlesbank Capital Partners and TA Associates. BMO Capital Markets acted as exclusive financial advisor to Ivanti and Momentum Cyber acted as exclusive financial and strategic advisor to RiskSense on this transaction. Fenwick & West LLP acted as counsel to RiskSense. Sidley Austin LLP acted as counsel to Ivanti.