Better Data Matters - The Leading Provider of Vulnerability Intelligence and Organization Cyber-Security Ratings: Risk Based Security

“We equip our clients with data and insight to understand the real risks their organizations face, to ensure they implement, not just security, but the right security.”

Headquartered in Richmond, VA, Risk Based Security was founded by security experts with over 15 years of practical security experience. Established in 2011, Risk Based Security (RBS) provides detailed information and analysis on Data Breaches and Vulnerability Intelligence. The firm’s products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.

Risk Based Security’s blend of dedicated research and technical expertise, delivers two unique enterprise solutions – Cyber Risk Analytics for third party security assessments including security risk ratings and data breach experience, and VulnDB, the most comprehensive source for vulnerability intelligence. Whether used together or independent, these solutions provide clients with meaningful intelligence for cost-effective implementation of vendor risk management and vulnerability patching solutions. Furthermore, RBS’ YourCISO offering provides organizations with on-demand access to high-quality security and information risk management resources in one, easy to use web portal.

With office locations in Denver, Chicago, Jacksonville, and Copenhagen, Risk Based Security stands out among other security information providers by offering companies comprehensive insight into data security threats and vulnerabilities most relevant to their industry.

Let’s Talk Turkey with Jake Kouns, Co-founder and Chief Information Security Officer of RBS:

What led to the inception of the company?

RBS initially began as a data intelligence feed supporting security and risk managers with two core feeds, the first called Cyber Risk Analytics (CRA), which contains security ratings on organizations and data breach analytics, and the second is called VulnDB which is the largest collection of software vulnerabilities available. Both feeds were initially offered as standalone services, with the data accessible via SaaS portal or RESTful API. More recently, the VulnDB and CRA data feeds have been integrated into other security products such as Splunk and Archer, bringing customers more options for accessing our intelligence. Additional product enhancements have also been added to our interactive SaaS portals, such as data analysis, vendor alerting, Pre-Breach security posture metrics, product and vendor ratings, organization risk management and aggregation reporting.

How successful was your first product launch? Share the experience.

Our first product featured a comprehensive database covering all publicly reported data breaches and came to be known as Cyber Risk Analytics (CRA). Success came early as CRA was the first comprehensive database of data breach details in the market. Enterprise clients, as well as cyber liability insurers, were the early adopters, embracing the wealth of historical information we could provide. From there, the Cyber Risk Analytics service grew to include vendor risk ratings, known as Pre-Breach, while our software vulnerability product, VulnDB, started to take off. The combination of the two products has been widely embraced by the marketplace, with several customers taking advantage of both services.

Describe the conundrums facing the software security industry.

Without question, the greatest challenge to software security is developing and maintaining secure code. Nearly 2,000 new software vulnerabilities are identified each month and 50% of the nearly 400 newly reported data breaches each month are from exploiting insecure code. Organizations need access to a timely, high quality and comprehensive database of software vulnerabilities to assist in both secure software development as well as vulnerability mitigation.

Tell us about the challenges you faced in your early years?

When we started RBS in 2011, there were numerous challenges (opportunities) facing our budding company. As with all start-ups we faced the daunting task of finding clients willing to try a new approach to managing software vulnerabilities and organizational risk. Building a team of employees to develop, deliver, and service the products was not far behind while retaining a culture true to our values and principles. Real growth took off once we faced the challenge of establishing our brand through marketing and sales efforts. And lastly, deciding where we would spend money and resources to drive growth was the key, especially in selecting partners.

Brief us on your latest market expansion plans.

There is no shortage of markets for our products. Any organization with a computer network connected to the Internet or any organization depending on a vendor base is a future client. That said, we are seeing an uptick in interest from governmental entities, ranging from smaller, local governments looking to YourCISO for help with their security programs to large federal agencies interested in our unique data sets. The ever growing risks of nation-state cyber-warfare is causing governments to look for an advantage to guarding against attacks. Government agencies, military departments, and the cyber liability insurance industry are our targets for market expansion.

What is the roadmap ahead for RBS?

Today our data drives many of the most well-known security services on the market. In five years our data will be globally recognized as the most timely, highest quality and most comprehensive intelligence data available and the “go-to” data source for any security service provider in the market. The massive deployment of Internet of Things (IoT) devices, combined with the rise in cybercrime, ransomware, and more sophisticated cyber-attacks, we see our data deployed in a growing number of businesses, governments, educational institutions, and consumers alike.

The Founding Partners

Barry Kouns, Co-Founder, and CEO: Barry has more than 20 years of demonstrated success in building information security and professional services businesses. Barry leads the organization’s efforts to grow the global demand for RBS’ cyber-threat security intelligence, risk management services, and consulting solutions.Barry is a CISSP with a degree in Statistics from Virginia Tech and an M.S. in Industrial Engineering from NDSU. He is an ISO 27001 Trained Auditor & ISMS Implementer and is ITIL Foundation Certified.

Jake Kouns, Co-Founder, and CISO: Jake Kouns is the CISO for Risk Based Security that provides vulnerabilities and data breach intelligence. He previously oversaw the operations of the Open Sourced Vulnerability Database (OSVDB.org) and DataLossDB. He holds both a bachelor of business administration and master of business administration degree from James Madison University, with a concentration in information security. In addition, he holds a number of certifications, including ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT.

“Our mission is to disrupt the security industry by delivering innovative software vulnerability and threat intelligence products allowing our clients to turn data into information and information into a competitive advantage.”