C2SEC iRisk SaaS Platform

iRisk discovers an organization's internet-exposed on-premise and cloud assets: IPs, sub domains, root domains, shadow ITs, cloud storage accounts, code repositories, etc., in real time. 


It then classifies and tags these assets based on numerous gathered internal and external data points, and provides an interactive asset explorer for security teams to identify, monitor, and secure critical assets.

Asset Management, Discovery and Classification

iRisk continuously analyzes an organization's exposed attack surfaces via both non-intrusive and intrusive assessments, such as 0-day vulnerability scans.

Complementary to traditional vectors such as network and web application, iRisk covers emerging Cloud and SaaS risks, such as Cloud Storage, Code Repository Secrets, SaaS API Security, SaaS subdomain hijacking, etc.

In-Depth Attack Surface Analysis with Cloud/SaaS Focus

iRisk correlates thousands of data points, including public data, partner data, digital asset data, security scan data, users' proprietary data input etc. to build actionable insights for security teams to prioritize each reported risk and guide the corresponding remediation. 


iRisk also provides peer, industry benchmark, and historical trend risk analysis.

Real-time Operation Insights for Remediation and Prioritization

Third-party cyber risks introduced by IaaS, PaaS, or SaaS providers are daily OPERATIONAL security risks, not just compliance risks. iRisk provides a single platform that enables security teams to centralize security operation management for both first party and third parties.


iRisk ​automatically identifies third-party IaaS, PaaS, and SaaS dependencies. Security teams can perform the same level of in-depth analysis for these third parties as they would with the first party. For example, a fully automated penetration test of SaaS API integration endpoints. 

Security Operation for Both First Party and Third Parties

iRisk builds a visual model of the organization's IT supply chain and evaluates the aggregation risk of each third party as well as their corresponding fourth parties with proprietary algorithms. Organizations that have high aggregation risk index in your supply chain are highlighted in the visualized graph and can be inspected for specific issues.

Aggregation Risk Analysis for Fourth Parties

iRisk is a cloud-native SaaS platform with a multi-cloud focus that can be deployed globally within minutes. No software agent is required to be installed locally.

iRisk commits to strong data isolation. Customers’ data are strictly isolated, encrypted, and stored in global data centers per customers' data residency requirements.

Global Deployment, Data Isolation, and Data Residency