Indusface, an award-winning, fast-growing application security SaaS company, announced the release of AcuRisQ on Indusface WAS, its award-winning Dynamic Application Security Testing (DAST) platform, today.
AcuRisQ will help security leaders in large enterprises prioritise the most critical vulnerabilities to fix based on automatically derived factors including business criticality, discoverability, and east-west dependence among others. With AcuRisQ, Indusface WAS users will now not only be able to perform deep vulnerability analysis but also get a prioritized list of vulnerabilities to patch first.
A critical vulnerability in a QA environment, for example, needn’t be patched at the same urgency as the same vulnerability in a customer-facing app. There are many other scenarios like this where CVSS scores minus business context can lead to vulnerability fatigue. No wonder that 85% of CISOs acknowledge that their teams suffer from alert fatigue as per Help Net Security.
Speaking about this, Ashish Tandon, Founder & CEO, Indusface, said “Alert fatigue is not only putting large enterprises at risk but also putting CISOs at the risk of losing credibility. Especially when they directly send VAPT reports with hundreds of open vulnerabilities across tens of applications. With AcuRisQ, they can reduce this number by up to 80% and help application teams find and patch the vulnerabilities that cause the biggest business risk. As this becomes a standard practice, CISOs will increasingly be seen as business enablers rather than blockers.”
According to the Annual State of Application Security Report 2023 by Indusface, an average enterprise company sees hundreds of critical and high-level vulnerabilities throughout the year. Furthermore, one-third of these vulnerabilities are open for more than 6 months. Understanding the vulnerabilities that pose the highest business risk and fixing those as a priority is crucial.
AcuRisQ goes deeper into each business asset and provides “risk-based metrics” that help quantify security risk accurately and prioritize the top vulnerabilities to patch first.
Salient features of AcuRisQ include:
-Zero false positives guaranteed on all reported vulnerabilities
-A prioritised list of vulnerabilities that need to be patched first
-Risk score of each open vulnerability on multiple parameters, including the criticality of the application, severity & discoverability of the vulnerability, and more
-Detailed remediation guidelines
