Ivanti Buys RiskSense To Boost Risk Assessment and Patch Intelligence Capabilities
Ivanti on Monday announced the acquisition of risk assessment solutions company RiskSense with the aim of enhancing the Ivanti Neurons for Patch Intelligence product.
Sunnyvale, Calif. RiskSense makes a platform that assesses an organization's risk posture based on a RiskSense Security Score, as described in this document (PDF download). The RiskSense platform uses machine learning and human expertise as part of this assessment process, which is said to be contextualized for a particular organization's computing environment.
Vulnerabilities get prioritized via RiskSense's Vulnerability Risk Rating, which is conceived as an advance over other scoring systems, such the Common Vulnerability Scoring System for networks and the Common Weakness Enumerations scoring for applications. Such notions are explained in this RiskSense document.
Ivanti Neurons and RiskSense
RiskSense is already available for use with the Ivanti Neurons for Patch Intelligence solution, which prioritizes risks based on threat trends. For customers already using the two products, nothing essentially will change with the acquisition. However, coordination between patching and risk assessment is expected to improve with Ivanti's integration.
"Nothing will change," said Srinivas Mukkamala, RiskSense's CEO, regarding how the acquisition might affect Ivanti Neurons for Patch Intelligence and RiskSense users, via e-mail. "This [acquisition] will enhance our ability to provide additional context from an attacker's perspective on what patches to apply."
Mukkamala, who now takes the reigns as Ivanti's senior vice president of security products, further explained that customers can buy RiskSense solutions, expand to Ivanti's offerings, or purchase a bundled solution. The RiskSense team is joining Ivanti, he added.
The RiskSense platform was first launched in 2012, but the company has a deeper roots in government intelligence work. RiskSense originally conducted research for the New Mexico Institute of Mining and Technology. It branched off into a separate company and then conducted cyberterrorism analyses for "the U.S. Department of Defense and U.S. Intelligence Community," according to a RiskSense company description.
The ability to protect against ransomware will be enhanced with the RiskSense acquisition, Ivanti suggested.
"Solutions from the combined companies are expected to reduce the mean time to detect, discover, remediate, and respond to cyber threats, particularly critical vulnerabilities linked to or associated with ransomware," the announcement stated.
"This combination will allow us to provide our customers with a holistic view of vulnerabilities and exposures, and then enable them to take fast action through Ivanti Neurons for Patch Intelligence," explained Jim Schaper, Ivanti's chairman and CEO, in a released statement. "Customers will be able to greatly reduce their attack surface and risk of breach because of the vulnerability intelligence and the resulting remediation prioritization based on actively trending exploits and ransomware attacks."
The terms of the deal weren't described. Ivanti, known for its security and patch management solutions, was formed about four years ago from the merger of LANDesk and Heat Software. The acquisition of RiskSense follows Ivanti's purchase of MobileIron and Pulse Secure back in September.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.