Silicon100 2017

Not Just Security, the Right Security: Risk Based Security


Risk Based Security, Inc. (RBS), is primarily a cyber threat intelligence company providing organizations access to two knowledge bases, Cyber Risk Analytics, (CRA), for data breach statistics and VulnDB for software vulnerabilities. Both are offered as cyber threat intelligence subscription services and feature interactive SaaS portals and RESTFUL APIs for easy-to-integrate data downloads.

RBS began strictly as a data intelligence feed supporting the cyber threat intelligence industry with access to CRA, the most comprehensive source for data breach information, and VulnDB, the largest collection of software vulnerabilities available in the market. Both CRA and VulnDB have transitioned into full service products providing clients with not just easy to integrate data feeds, but also breach severity ratings, organizational Pre-Breach metrics, Vendor Ratings, and Cost of Ownership calculations. 

Technology at its best

RBS provides the action-quality security intelligence necessary for controlling risk from a potential compromising event. RBS does this by supplying firms with detailed information on software vulnerabilities, and specific and relevant data breach intelligence combined with organization based Pre-Breach security ratings. The extensive vulnerability and data breach classification systems coupled with passive analysis of trust indicators allows organizations to reduce exposure to the security threats most likely to impact their organization.

RBS provides organizations with the ability to make informed risk-based decisions about current and potential third party service providers, websites, cloud services, software products and their own Internet security posture. RBS products’ SaaS features, including breached organization alerts, exposed email alerts, new vulnerability alerts, vendor evaluations and security performance scoring are unique discriminators. RBS is best-in-class with its calculation of a trust-score for evaluating an organization’s risk profile along with the ability to measure trust within its partner, network and vendor environment.

RBS directly improves an organization’s security posture and regulatory compliance by providing the tools necessary to enable organizations to reduce its exposure to the security threats most likely to impact the organization. Minimizing data compromise has a direct and quantifiable impact on organizations, clients, consumers, the security industry and society.

‘Better Data Matters,’ executives say

When businesses address vulnerability management most think in terms of using a network scanner and applying patches. While both are important aspects of vulnerability management, the approach is nowhere near as effective as integrating “real” vulnerability intelligence into a workflow which maps to your actual assets.

VulnDB is the most timely, highest quality and most comprehensive vulnerability intelligence service available and currently includes over 148,000 vulnerabilities. VulnDB has a 100% mapping to CVE and has identified and cataloged over 48,000 vulnerabilities not currently available through the government funded National Vulnerability Database, (NVD). Every hour every day, RBS researchers identify new sources, validate, verify and add over 1,200 new software vulnerabilities to VulnDB each month. Customers, via the VulnDB SaaS portal, are able to conduct in depth research, setup email alerts for products and/or vendors, and gain access to raw data via the API feature for easy integration into internal systems. Selecting the right products from the right software vendors has never been easier using VulnDB’s fact-based due diligence during the selection and performance monitoring process with our Vendor and Product evaluations.

When it comes to data breach intelligence, RBS’ Cyber Risk Analytics database comprises the details on nearly 24,000 data breaches with more than 4,100 breaches added in 2016. With Cyber Risk Analytics, an organization can perform real vendor due diligence and performance monitoring, implement a fact-based information security strategy and internal data security program, and review the Pre-Breach ratings for nearly 100,000 organizations.

At the current rate of data compromise, RBS believes that C-level executives responsible for protecting sensitive information, developing secure software, or supplying security solutions, need access to the most comprehensive data set available to be successful.

Equipping organizations to mitigate risk

RBS products and services, using vendor and product specific metrics, provide organizations an efficient data aggregation and analysis process that minimizes the time from data breach and software vulnerability disclosure to reporting and mitigation. VulnDB and CRA have a global focus on software vulnerabilities, including third party libraries, and all reported data breaches, not just USA centric or only those involving consumer data. 

Multiple efficient data feed options, including raw data export via API with simple integration with client applications/systems, shorten the time from vulnerability/data breach reporting and mitigation. Full alerting features allow organizations to monitor specific software vendors and products as well as organizations. Key to RBS’ services is that there is no requirement to install software or upload confidential information into the cloud.

The next step

Risk Based Security equips organizations with security intelligence, risk management, and vulnerability research through innovative, action enabling, predictive, and evidence based threat intelligence solutions.

For companies with mature security teams, RBS helps those teams be more effective by providing access to the best and most comprehensive vulnerability and breach intelligence available. For others that need unbiased, straight-forward help with their security program, RBS backs up its data with practical solutions designed to help leadership teams make informed decisions about how to best protect their company from cyber threats.

Meet the Founders

Barry Kouns, Co-founder & CEO: Barry has held Executive positions in program management, manufacturing, quality assurance and professional staffing and is known as an ISO/IEC 27001 information security expert. Barry holds a BS in Statistics, MS in Industrial Engineering Management, a CISSP, and CSA STAR Auditor certification.

Jake Kouns, Co-founder & CISO: Jake has held Technical and Management positions in network architecture, information security, and cyber liability insurance.  Jake is an acknowledged information security industry expert, author, and accomplished speaker. He holds a BS and a MBA in Information Security, CISSP, CISM, CISA, CEGIT, NSA INFOSEC, and CSA STAR Auditor certifications.

“Focused on providing clients with the right technology to turn security data into information and information into competitive advantage.”