RiskRecon Advisor™

RiskRecon Advisor™ delivers a more comprehensive assessment that includes not just scores and issue counts, but also detailed evidence and findings, automated action plans, and full IT and 4th party risk profiles. Examples when Subscriber may require these capabilities are:

  • After reviewing the initial Discover™ diagnostic, Subscriber identifies poor performing vendors that require
  • additional investigation
  • When receiving a Discover™ alert or new information from other sources, Subscriber requires further information
  • to understand root cause of performance change and recommended actions
  • As part of the new vendor RFP or onboarding process, Subscriber’s third-party risk program requires detailed
  • vendor assessment
  • Subscriber organization already has identified some higher risk vendor relationships which require ongoing security monitoring to identify any material findings, determine performance gaps, and recommend remediation steps
  • Subscriber desires objective validation of vendor’s security questionnaire responses

RiskRecon Advisor™ solution combines: (a) an analyst-built company profile, (b) analyst trained supervised machine learning model, and (c) RiskRecon automated scanning service. As with the RiskRecon Discover™, Subscriber supplies a company name and at least one company domain name. But rather than a fully-automated process, the next step involves a RiskRecon analyst who curates and builds a subsidiary profile of the company to ensure complete coverage of the entity, including all subsidiaries. The analyst then initiates a supervised machine learning model to recognize company and subsidiary domains and networks automatically.

RiskRecon algorithms discover systems based on the supervised machine learning model and conduct a passive analysis of every domain, domain hosts, email servers, and so forth. To ensure data quality, analysts review exceptions in cases where the algorithms cannot determine domain or network ownership automatically with a high degree of confidence.

Subscriber receives comprehensive ratings, evidence and action plans. This solution provides the accuracy and depth needed for Subscriber to understand root causes for each security gap, understand corrective actions recommended, share confidently with Subscriber’s vendors, and collaborate on remediation steps.

Subscribers can choose from two different update schedules for the RiskRecon Advisor™ service:

Snapshot Report

To obtain a one-time report with all of the above information on an existing vendor or a new vendor that you wish to assess before signing contracts. This one-time report remains available during license term, but the information is not updated once published.

Continuous Monitoring

Subscriber receives regularly updated assessment information, refreshed approximately every 2 weeks, which contains comprehensive data from the most recent scan plus historical ratings trends. Since this scan is fully refreshed approximately every 2 weeks, Subscriber can set alerts. Subscriber can set these notifications based on (a) overall vendor score changes (b) individual security criteria score changes and/or (c) specific events that exceed Subscriber-defined risk policy.

Subscribers licensed for Advisor - Continuous Monitoring service, can also take advantage of RiskRecon Collaborate™ and RiskRecon Search™ modules (see descriptions below and note that these modules may be licensed separately).