RiskSense,
Inc., pioneering risk-based vulnerability prioritization and
management, today announced its AI-Assisted Pen Testing Service called
Attack Surface Validation for Election Systems which provides complete
visibility and prioritization of security vulnerabilities that enables
any district to remediate problems before the midterms. Immediate
findings are delivered through the RiskSense cloud-service and cover the
assessment of a district's entire voting ecosystem, including devices,
applications, databases, networks, etc., for vulnerabilities, missing
patches, misconfigurations, and more. RiskSense allows resource and
security expert-constrained districts to know what to urgently fix, and
receive validation that remediation actions were successful.
"I
am not a security expert, but I knew it was important to assess the
security of the technology and processes used in my district," said the
New Mexico Secretary of State. "The priorities and prescriptive actions
provided to our IT staff by RiskSense allowed us to prepare and
remediate quickly as findings came to light with the specialized attack
scenarios. We have the results to share amongst our constituents that
our district will not be idle nor let our community be vulnerable to
tampering."
Most
states and counties still rely on a complex, decentralized and aging
election infrastructure. With limited resources and varying levels of
cybersecurity expertise, many struggle to stay ahead of the increasing
threat of unauthorized access, compromise and cyberattacks. They also
lack sufficient experience or funding to adequately assess their
potential exposure, and keep up with the threat intelligence and
exploits that may be targeting their systems. RiskSense Attack Surface
Validation for Election Systems addresses these challenges with a modern
approach that delivers findings as they are encountered within the
cloud platform.
"While
internet-connected systems used for online voter registration and
election night reporting have a significant attack surface, an
end-to-end assessment of election systems is needed to understand which
vulnerabilities truly matter," said Srinivas Mukkamala, CEO of
RiskSense. "RiskSense looks at the security of the entire election
ecosystem, including management, infrastructure, voter registration
systems, poll books, vote tabulation, publishing systems, and more, to
establish vulnerability priorities, and validate and measure the
effectiveness of remediation actions."
Service Overview
RiskSense Attack Surface Validation for Election Systems is comprised of the following five phases:
- Passive Reconnaissance:
Obtains a comprehensive fingerprint of the client's test systems
through passive reconnaissance. Reconnaissance is used to identify
intelligence attackers can collect through passive means, without
triggering alerts from security monitoring solutions.
- Attack Surface Enumeration: Enumerates the sum of an organization's security risk exposure.
- Automated Scanning: Uses leading network vulnerability scanners to test a targeted network for critical vulnerabilities.
- Penetration Testing:
Attempts to validate the discovered vulnerabilities manually to
determine possible methods of network compromise and/or access to
sensitive data. RiskSense uses multiple post-exploitation techniques to
properly demonstrate the nature and potential consequences of a breach.
- Reporting:
Collects all evidence in the form of screenshots, requests, responses,
and commands issued during all phases of the assessment. Provides
results with details of the exploited vulnerabilities, their severity
and recommendations for remediation.
Availability
RiskSense
Attack Surface Validation for Election Systems is available
immediately. Pricing is based on number of monitored assets.