Risk Based Security

Risk Based Security provides data breach and vulnerability intelligence to equip organizations with evidence-based threat analysis and risk management strategies to address information security and compliance challenges.

Risk Based Security, Inc. equips organizations with security information, security program toolkits, risk management methodologies and on-demand security expertise to establish customized risk-based solutions to address information security and compliance challenges.

We are technology enhanced information security and risk management experts ready to assist your organization in identifying your true risks to your most valuable assets in order to guide the implementation of security controls where they are needed most, resulting in the right security at the best price.

Specialties
Data Breach Analytics, Security Intelligence Reports, Vulnerability Intelligence, Risk Management, Incident Response, ISO/IEC 27001:2005

Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have experienced a data breach or leaked credentials.
Along with our PreBreach Risk Ratings, this provides a deep dive into the metrics driving cyber exposures, as well as understanding the digital hygiene of an organization and predicting the likelihood of a future data breach.
The integration of PreBreach ratings into security and underwriting processes, vendor management programs, and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to act quickly and appropriately to proactively protect it’s most critical information assets.

VulnDB monitor more than 3000+ sources for disclosure of new Vulnerabilities:

We monitor everywhere possible and all the products you care about
We standardise all the reports
We collect everything in one place
We assess the validity and accuracy of reports to a certain extent, correcting mistakes and weeding out invalid and duplicate reports
We add technical details that cannot be found in the original reports
We add a lot of extra metrics to help you better prioritize remediation including information about severity, exploit availability, and report confidence.
We provide metrics about how well a given vendor handles vulnerabilities in their products, so you know which vendors care the most about security
We provide metrics about the code maturity of a given product, so you know how secure it has been coded and how the vendor has invested into security
We provide metrics about vendors and products that are most likely to put your organization at risk for a data breach, which you cannot get anywhere else.

We do all of this, so you don’t have to and can focus on the issues at your organization! In the past, while still not advisable, it was possible for an organization to at least cover the basics themselves. These days it is too costly and resource intensive.

VulnDB is the by far most comprehensive Vulnerability Database available.

Comprehensive Vulnerability Intelligence:

• Vulnerability source information, extensive references, links to Proof of Concept code and solutions
• Disclosure timeline, researcher & other vulnerability metadata
• Full mapping to CVE
• Identified and cataloged over 72,022 vulnerabilities not found in CVE/NVD

**Vulnerability Alerting Without Scanning: **

• RESTful API provides access to raw vulnerability data
• Vulnerabilities identified without having to scan your network by mapping to your assets
• Real time alerting and threat modeling
• Integrate vulnerability intelligence into your existing tools or workflow
• Leverage existing GRC, ITIL, Asset Management/CMDB or SIEM products

**Vendor and Product Risk Ratings: **

• Proprietary Vulnerability Timeline and Exposure Metrics (VTEM)
• Determine which products and vendors are putting your organization at risk, including how quickly they respond to researchers and provide patches
• Extended classification system and our own CVSS scores
• Extensive historical data, for a full picture of a vendor or product
• Ability to compare vendor and products
• Cost of Ownership Analysis

3rd Party Libraries

• Over 2,000 software libraries identified
• Comprehensive insight on vulnerabilities in 3rd Party Libraries used in products and software development
• Single source of information to monitor each library to ensure that newly disclosed vulnerabilities are addressed
• Metrics provide the ability to evaluate and select the best third-party libraries

Connectors & Integrations

• Easily link VulnDB with existing IT tools and security software at your organization
• Automatic identification of dependencies/libraries that are used by development teams
• Faster setup to monitor products for vulnerability alerts
• Easily map your critical assets to vulnerabilities in your Asset Management systems
• Numerous options including Github, Slack, RSA Archer, Splunk and more!

Application Framework

• Ability to group products and dependencies used by applications or projects
• Track and alert on vulnerabilities for applications
• Track the various open source licenses by dependency
• Connect to Github or upload a dependency file to automatically create an Application
• Multiple languages supported including .NET, Java, JavaScript, PHP, Python and Ruby

“Swisscom evaluated various suppliers of vulnerability intelligence. We have been convinced by VulnDB superior coverage, timeliness in the updates, and long term monitoring of exploits. We are also really appreciating RBS’ own CVSS rating and classification, based on expert knowledge of the standard and practical use in the industry. Having all these curated information at your fingertip is a game changer.”

Stéphane Grundschober
Vulnerability Manager, Swisscom (Switzerland) Ltd.

For more information please visit https://vulndb.cyberriskanalytics.com/