third-party security assurance platform with a Cloud/SaaS focus
Security assurance with Cloud/SaaS focus
iRisk applies a multi-layered approach to assess and monitor a large spectrum of 20+ risk components, ranging from fully automated non-intrusive security scans to intrusive penetration scans that require user authorization.
Complementary to the monitoring of traditional cyber risk vectors such as Network, iRisk covers emerging Cloud and SaaS risk scenarios, such as Shadow IT, Cloud Storage, Code Repositories, API security, SaaS subdomain hijacking, etc.
Monitor third parties' cyber risk continuously
iRisk provides an executive dashboard with alerts, security findings, risk indexes, benchmarks, and trend analyses to help users effectively manage cyber risks of a large number of third parties.
Customize your third-party security assurance to your organization’s needs
iRisk allows you to customize the management of each third party as the relationship and interaction with each one may vary. For example, you can:
Define the scope of the assurance: The automated process can discover and classify third-parties’ digital assets of both premiere and cloud, while the user-defined process can specify the scope of subdomains, IP ranges, Application URLs, API endpoints, etc.
Guide the scan of Open Source Intelligence (OSINT): Users can define a specific group of keywords to drive how OSINT components assess and monitor.
Provide feedback and validation: Users can validate or filter security findings and direct the flow of further in-depth assessments.
Create your own risk index to identify third-party risks that are most critical
iRisk allows you to specify your risk preference on different risk categories and components. Based on your risk preference, you can create your own transparent third-party risk index (TRI). TRI, with automated regular scans and real-time alerting, helps you monitor the risk changes of third parties and continuously benchmarks their performance against each other.
Analyze the risk-aggregation of fourth parties
iRisk builds a graph model for your IT supply chain and evaluates the relevance of each third party as well as their corresponding fourth parties with proprietary algorithms. Organizations that have a high risk index in your supply chain are highlighted in the visualized graph and can be inspected on specific issues.
Data residency, isolation, encryption and access control
iRisk commits to strong data isolation. For example, customers’ assessment data, user-defined assessment scopes, and OSINT keywords are strictly isolated from each other. Customers’ data are encrypted and stored per data residency requirements.