RiskRecon: Fostering Better Vendor Security Visibility

Kelly White, Founder & CEO

Operations and business activities executed through third-party relationships are more than what we normally expect them to be. It doesn’t end with contracting and paying the agreed sum once the job is done. Shockwaves originating due to weak security at a third-party company can permeate beyond its epicenter to even jolt companies that work with it. Various market reports underline this fact and suggest that around 72 percent of data breaches are due to failures at the third-party’s end. This is where Boston-based RiskRecon marks a unique presence. It provides organizations deep and continuous vulnerability visibility into the IT and security profile of their vendors for an ultimate understanding of the vendor’s risk performance.

We conversed with Kelly White, RiskRecon’s Founder and CEO, to gather insights about the firm and the strategic innovations it brings to the market.

1. What are the pain points RiskRecon addresses?

Over the past few decades, CIOs have led their enterprises in adopting a service provider first strategy. This decision to go for an external provider model is because of its economy scale, efficiencies, and the specializations they offer. However, this finally results in the expansion of risks threatening an organization and sharing the controls with external parties. When an enterprise engages a third-party, it hands over its reputation to the third-party and entirely relies on them to operate the systems and services. Nonetheless, any failure in the third-party side is a failure of the company’s security program. We can see such organizations struggling to gain a proper understanding of the risk and managing it. Managing cybersecurity risk is not just about the investments that the company has made, but also how well the company implements and manages the outsourcing approach, and that requires data which can provide fact-based evidence. That’s where we come in.

2. Give us some more in-depth insights into RiskRecon’s offering.

We provide continuous measurement to organizations about how well each of their third-party partners implement and operate cyber risk management programs. Our ability to offer deep vulnerability visibility into the IT profile of vendors allows organizations to create a risk-prioritized action plan to address cybersecurity gaps in their vendor’s performance. We provide a platform that offers a very detailed and integrated risk profile of our customers’ vendors. Organizations like financial institutions that used to manage vulnerabilities within their third-party by surveying their vendors can now adopt RiskRecon. Rather than surveying all the vendors, they can use our platform to seamlessly identify risks. We can automatically determine which of their vendors and systems have digital certificates. This data helps in identifying the risky vendors. Moreover, with RiskRecon, we have seen that our customers double their productivity by being better informed.

RiskRecon provides continuous measurement to organizations about how well each of their third parties implements and operates their cyber risk management program

RiskRecon’s algorithms can discover all the systems that a company has on the internet and build an IT profile from which our customers can develop a deep understanding of third parties’ security performance. We even break down the systems according to the way a company operates on the internet, based on the operating system used, geo-hosting locations, service providers, configurations and so on. Customers can simply log in to RiskRecon’s platform and view data to understand which of their vendors are not performing well.

Simply give us the company and domain name, and RiskRecon does the rest.

3. Please explain an instance that portrays RiskRecon’s unique value proposition.

A wide array of global companies leverages data from RiskRecon to identify their vendor’s security environment. In an instance, a large financial institution used RiskRecon’s data to manage vulnerabilities within their vendor environment. Harnessing data from our platform, the client could seamlessly identify their vendors' risk profile.

4. Walk us through the company’s innovations and future roadmap.

We are delivering our solution to a large number of leading organizations across the northern U.S. and internationally. We are winning customers because our platform provides rapid visibility into each of their vendor’s true cyber risk performance. Our home-grown solution stack including data and security measurements allows us to add innovative features and functionality such as search capability that adds value for our customers. We also have a well-defined roadmap that is built considering the requisites and suggestions from the customers and our advisory board.