Deep Assessment
RiskRecon asset discovery is engineered to be extraordinarily thorough while having an extremely low false-positive rate of less than 1%.

See what your own rating is with a free Risk Report

Asset Discovery

Our asset profiles are completely refreshed every two weeks, because even if a company owned an asset a month ago, it doesn't mean that they still do. At the heart of our asset discovery are analysts who train supervised machine learning models for each company monitored. These models enable RiskRecon to efficiently mine the internet for company systems and to ensure accurate company asset attribution as companies shift over time.

IT Profiling

RiskRecon builds a detailed profile of every asset discovered. This asset profile provides you with an intimate understanding of how the organization has constructed their business-computing architecture. This profile includes:

  • Software
  • IT Infrastructure
  • Geolocation
  • Hosting Providers
  • Fourth Parties
  • Domains
  • Systems
  • Configurations

For each security domain, RiskRecon reports overall current performance, trends, and industry benchmarks. Each issue is backed with detailed information issue summary and detailed descriptions, related CVEs, hostname, IP address, asset value, issue severity, and risk priority.

Custom Risk Prioritization
We wanted a cyber risk assessment system that produced custom-tuned assessments to match risk appetite. So we built it.
Automatic data filtering

Just configure our policy and the alerting and action plans to send you the issues that matter most to you.

Risk prioritization

Stop digging through mountains of issues to get to the most important ones. With risk prioritization, you know exactly where to start.

My Risk Policy

Configuring RiskRecon to match your risk appetite is simple: For each inherent risk category, simply tune a risk policy for each security criterion.

Building on RiskRecon's unique capability to automatically risk prioritize issues, RiskRecon announced a cutting-edge capability that lets organizations automatically produce third-party cyber risk assessments and action plans that are custom-fitted to match their unique risk appetite.

In addition to automatically creating custom-fitted risk assessments and action plans, organizations can tune RiskRecon's continuous monitoring to show only the material risk issues that violate their risk policy.

2023 06 05 09 42 30 Why RiskRecon RiskRecon Mozilla Firefox

RiskRecon streamlines your vendor security risk management program, saving your third-party risk team time and money.
Maximize Efficiency

Get instant visibility of each vendor's compliance to your custom risk policy requirements. Engaging non-performing vendors is super easy just send them the action plan that details only the issues violating your risk policy. RiskRecon automatically and continuously assesses your vendors for compliance to your risk policy, making it easy for you to understand and act on your third-party risk.

Focus on the lowest-performing vendors

RiskRecon arms your management team with the information needed to allocate assessment resources based on risk. Instead of assessing vendors at a fixed frequency, you can adjust the assessment frequency based on vendor performance, assessing well-performing vendors less frequently than poor-performing ones.

RiskRecon's objective assessments give you insight into which vendors are performing well and which ones are problematic. Now you can allocate more resources to those performing poorly and fewer to those that are not.

Onboard new vendors faster

Evaluating vendors can take weeks, resulting in frustrating project delays. RiskRecon dramatically speeds up the process of initial vendor evaluation, providing you with a simple method to screen vendors. Compare the risk performance ratings of multiple vendors side by side and dive into the details to which ones best meet your risk performance requirements.

2023 06 05 09 42 47 Why RiskRecon RiskRecon Mozilla Firefox

Assess existing vendors more efficiently

The goal of a third-party risk assessment is to determine if the vendor performs to your requirements. Unfortunately, analysts go into assessments blind, with minimal to no knowledge of the vendors' systems or security risk posture. This makes it difficult to conduct an efficient and informed assessment.

Manually assess only when necessary

RiskRecon arms your analysts with deep knowledge of your vendors IT environment security risk performance before ever engaging the vendor. This lets your vendors skip areas of strength and go deep into areas of weakness.

Automatically create action plans tuned to your risk priorities

It's easy to have your vendors address their problematic areas of risk: every RiskRecon vendor assessment has a share-ready action plan that contains only the issues that violate your risk policy. Email it or invite them to collaborate with you online.

Automatically verify vendor issue remediation

RiskRecon continuously monitors your vendors, frequently checking to see if they have addressed the issues you asked them to fix. As they fix the issues, their RiskRecon rating improves, and the issues are removed from the vendor action plan. Super simple.

Critical Vulnerability Management

When critical vulnerabilities hit, every resource is quickly employed to ensure the protection of your enterprise. With RiskRecon, remediation maximizes your resources so your enterprise stays secure.

Traditional Approach
Send a questionnaire to every vendor to determine if they're operating the vulnerable software. If they're exposed, assess the adequacy of their remediation efforts.
RiskRecon-powered Approach
Identify the vendors running the vulnerable software on the internet by querying the RiskRecon search engine. Prioritize risk management efforts towards those exposed to the risk.

RiskRecon’s asset attribution is independently certified to 99.1% accuracy.

Data Accuracy

Accuracy counts when assessing the risk third and fourth parties introduce into every enterprise organization. Without it, organizations are blind to where they are vulnerable.

Reducing that risk across the ecosystem of vendors you do business with is challenging when False Positives are present - and RiskRecon proves that it is providing the highest level of accuracy possible for customers.

RiskRecon’s asset attribution is independently certified to 99.1% accuracy. And we don’t hide any of the assessment details. It’s all visible to you and your vendors at no additional fee. Action requires accuracy and transparency. RiskRecon provides you both.

RiskRecon traces its beginnings to 2011 when our founder, Kelly White, asked himself, “Is it possible to measure the security program quality of any company simply by looking its Internet-facing presence?”

Kelly is a long-time information security practitioner and bank CISO who witnessed first-hand the need for adapting third-party risk controls to meet the new challenges resulting from decentralized IT and SaaS apps. He has many years of hands-on experiencing building big data and analytics solutions to detect fraud and security vulnerabilities in high-velocity transaction environments.

Like most organizations at the time, his bank’s third-party risk management assessments relied heavily on questionnaires and other vendor attestations. This approach worked well ten years ago with a small number of large vendors, mostly in-house deployments, purchases controlled by central IT, and a well-defined set of Internet vulnerabilities. With the decentralization of IT purchasing and rapid adoption of SaaS, this approach was becoming less effective and more resource-intensive.

What if instead of trying to use the “old” risk management model, his institution could trust an objective source that automatically pinpointed specific gaps in any organization’s security programs and performance? Questionnaires and surveys are helpful in evaluating one’s intent but provide little verifiable insight into actual practices and discipline.

After realizing there were no such solution available, he decided to build his own. After testing and validating his solution with many peers, Kelly decided to pursue the idea full time and founded RiskRecon, officially incorporating in October of 2015.

RiskRecon is headquartered in Salt Lake City, UT with a presence in Boston, MA and representatives around the world.

See what your own rating is with a free Risk Report