Fill in all the gaps, then press "Check" to check your answers.
Hi! I'm Scott Ferguson an editor with Light Reading and Security Now. We're at
RSA 2018 here in San Francisco and I'm talking with Sage Wagner . He is the senior
sales engineer for RiskSense- Sage- thank you very much for talking to us
today

Happy to be here Scott, thanks.

Um so what are you doing here at RSA this year?
So, we're demoing our Risksense solution which is a and
cyber risk platform to help companies, large companies, small companies, all
sizes of all industry to manage their through the vulnerabilities.

Now who is the audience for this type of product? Who's your customer based for?

That's a good question. So our audience is primarily threefold:
First and foremost, like a CIO. With a , it really adapts our cyber risk , really helps them talk to a about the risk at a level that they can translate. You know, not in the bits and bytes of the cyber speak. And then we also relate very well with the CISOs the because they have the more technical track, and so our vulnerability management solution does a lot around attack , helping them to understand the true risk from a vulnerability perspective. And then finally we also the security analysts because they are the ones who have to actually vulnerabilities, and ultimately solve them. So, we a lot of what the platform does works very effectively for them.

And now you have a.. you have a demo set up for us. You're going to take us through this a little bit, you know, can we see what you got?

Sure, I'll be happy to, absolutely.
As you see this is our and so the primary thing is our risk score, and our what it does is allows us to understand an like a server or a vulnerable...or even maybe a router, and when we know that asset and the vulnerabilities that exist we can now then look at external for exports, malware , default credentials, things that might raise the likelihood of an event. And ultimately, we also provide a business criticality so the organization's might know that one server is very critical to the organization for another server may not be so then we allow them to label that all factoring into the risk score which rolls from the asset all the way up to the organizational
level what this allows them to do Scott is to be able to understand their entire organization the risk from a vulnerability perspective and then we also provide a and ultimately we even provide the ability to what we call a collection manager and that allows us to bring things into a project like, let's say, a PCI where it's a compliance initiative so we can track vulnerabilities not just in mass numbers, but we can track them by projects whether it be the compliance initiative or any other project that they're related to. And then finally, when we get to the actual vulnerabilities themselves, you'll see large numbers in the thousands we're able to leverage our intuitive which then allows us to prioritize the vulnerabilities for whatever makes sense
for what their initiatives are a quick example would just be the criticality of an asset if it's 5 and I add this, you'll see a significant reduction in the number of assets or vulnerabilities. We went from 8,000 to 297. This is how we're able to condense information for what matters most to the organization and then ultimately allowing them to make the effective decision to prioritize these and then assign them to the users for . That's the goal.

Jeez, that was a great demo! where does risk sense want to take this product From here what's the future going to look like?

Well, that's a really good question and so we have a lot of great ideas for what we want to do in the future.
The real challenge is just trying to figure out what matters most now to
ultimately get there but ultimately what we want to do Scott is take this platform and get deeper into the
management more around obviously. That's a big issue in today's society integrating the and the
containers and how that ties back to a full system view and then again bringing all this information for web applications for network infrastructure for databases for IOT devices and again being able to track and give them a true understanding of their attack surface the ability to patch quickly and know which ones will provide the most value and to key project initiatives so that's where we're headed with a project.

sage thank you very much. Happy to be here

thank you.