RiskIQ Named Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q4 2019

For the past decade, RiskIQ has been helping organizations discover and manage risk across their digital attack surface. Since our inception, we’ve continued to enhance our capabilities and data sets to uncover more of the internet and better understand how attackers interact with it. Now, RiskIQ is proud to have been named a strong performer in The Forrester Wave™: Vulnerability Risk Management, Q4 2019, which recognized our platform as “a strong tool to have in your vulnerability management toolbox.”

With breaches of businesses via internet-connected digital assets making headlines every day, the need for organizations to manage their full attack surface, from inside the network to all that lies beyond the firewall, is gaining serious momentum. Today’s internet-scale threats can overwhelm the defenses of businesses that lack visibility into their vulnerable digital assets, which makes vulnerability risk management (VRM) a crucial element of attack surface management.

According to the Forrester Wave report, VRM is a four-stage process involving asset management, vulnerability enumeration, prioritization, and remediation. One of the new capabilities evaluated in the Forrester Wave™: Vulnerability Risk Management, Q4 2019, was how well these products help organizations with digital footprinting to understand what internet-exposed assets they may not be aware of. Traditional security scanners, which can only identify and scan a portion of an organization’s external attack surface, have failed to help businesses adequately manage their digital risk because they cannot provide a full inventory of internet-facing assets.

With a sophisticated sensor network working in tandem with virtual users, RiskIQ has been assisting customers in finding digital assets connected to their attack surface for over a decade. By building an inventory of digital assets and issuing alerts as soon as someone in the company stands up something new, vulnerability and pen-testing teams can evaluate a better picture of what their organization looks like to attackers. In RiskIQ’s view, it is because of these capabilities that it was described in the Forrester report as “a strong tool to have in your vulnerability management toolbox.”

Because our virtual user network continually interacts with these assets and downloads their page content, our platform can also help determine which page components are vulnerable. These include third-party software components such as frameworks, programming languages, and client-side JavaScript libraries. This unique capability finds assets with security misconfigurations and applications showing indications of compromise, identifying exactly where they reside.

In this evaluation, we believe that there was also a particular emphasis on prioritization. With the data and intelligence RiskIQ provides customers, organizations can monitor their application portfolio for indicators of compromise (IOCs), which show how an attacker is approaching an asset in the wild. This point of view helps teams to prioritize the applications that need to be scanned and reviewed. Once remediation of those assets has taken place, RiskIQ’s continuous discovery process automatically reflects the reduced risk for reprioritization.

RiskIQ’s ability to continuously help organizations discover their digital attack surface and evaluate risk has made us a trusted partner of over 300 organizations. Our ability to map the internet attack surface and provide external threat intelligence to inside-the-firewall knowledge makes RiskIQ part of a complete vulnerability management solution. According to the Forrester report, RiskIQ is “a great fit for large enterprises that need help identifying unknown and vulnerable assets.”

Read more about how RiskIQ can supercharge Vulnerability and Pen-testing solutions here, and be sure to download your copy of the Forrester Wave™: Vulnerability Risk Management, Q4 2019 here.