Security teams can now gain in-depth insights into threats that matter most to their organisation, rather than purely depending on CVSS metrics.
Indusface, an award-winning, fast-growing application security SaaS company, announced the release of AcuRisQ on Indusface WAS, its award-winning Dynamic Application Security Testing (DAST) platform, today.
AcuRisQ will help security leaders in large enterprises prioritize the most critical vulnerabilities to fix based on automatically derived factors including business criticality, discoverability, and east-west dependence among others. With AcuRisQ, Indusface WAS users will now not only be able to perform deep vulnerability analysis but also get a prioritized list of vulnerabilities to patch first.
A critical vulnerability in a QA environment, for example, needn’t be patched at the same urgency as the same vulnerability in a customer-facing app. There are many other scenarios like this where CVSS scores minus business context can lead to vulnerability fatigue. No wonder that 85% of CISOs acknowledge that their teams suffer from alert fatigue as per Help Net Security.
Speaking about this, Ashish Tandon, Founder & CEO, Indusface, said “Alert fatigue is not only putting large enterprises at risk but also putting CISOs at the risk of losing credibility. Especially when they directly send VAPT reports with hundreds of open vulnerabilities across tens of applications. With AcuRisQ, they can reduce this number by up to 80% and help application teams find and patch the vulnerabilities that cause the biggest business risk. As this becomes a standard practice, CISOs will increasingly be seen as business enablers rather than blockers.”
According to the Annual State of Application Security Report 2023 by Indusface, an average enterprise company sees hundreds of critical and high-level vulnerabilities throughout the year. Furthermore, one-third of these vulnerabilities are open for more than 6 months. Understanding the vulnerabilities that pose the highest business risk and fixing those as a priority is crucial.
AcuRisQ goes deeper into each business asset and provides “risk-based metrics” that help quantify security risk accurately and prioritize the top vulnerabilities to patch first.
Salient features of AcuRisQ include:
- Zero false positives guaranteed on all reported vulnerabilities
- A prioritized list of vulnerabilities that need to be patched first
- Risk score of each open vulnerability on multiple parameters, including the criticality of the application, severity & discoverability of the vulnerability and more
- Detailed remediation guidelines
For more information on how AcuRisQ works, please visit: https://www.indusface.com/
About Indusface WAS:
Indusface WAS is a comprehensive DAST Scanner that helps find application and infrastructure-level vulnerabilities and provides malware scanning in a single platform. It is one of the few DAST scanners in the market with salient features like asset discovery, risk-based scanning, authenticated scanning and comes with a zero false positive guarantee, and 24/7 support.
About Indusface:
Indusface is a leading application security SaaS company that secures critical Web, Mobile, and API applications of 5000+ global customers using its award-winning fully managed platform that integrates web application scanner, web application firewall, DDoS & BOT Mitigation, CDN, and threat intelligence engine.
Indusface, funded by Tata Capital Growth Fund II, is the only vendor to receive 100% customer recommendation rating three years in a row and is a global customer choice in the Gartner Peer Insights™ Web Application and API Protection (WAAP) Report 2023. Indusface is also a “Great Place to Work” 2022 Winner in the Mid-Size category in India and is PCI, ISO27001, SOC 2, GDPR certified and has been the recipient of many prestigious start-up awards.