Flashpoint Buys Risk Based Security To Better Quantify Risk

‘Supply chain risk and third-party vendor risk is front and center with CISOs and the broader security community across the enterprise and the public sector,’ Flashpoint CEO Josh Lefkowitz tells CRN.

ARTICLE TITLE HERE

Flashpoint has purchased Risk Based Security (RBS) to help businesses quantify third-party risk and determine which vulnerabilities they should prioritize for remediation.

The New York-based threat intelligence vendor said Richmond, Va.-based RBS is the only tool on the market providing real-time vulnerability intelligence with vendor and product risk ratings, which allows security teams to quickly assess and remediate bugs based on their unique risk profile. Flashpoint hasn’t up until now quantified its risk assessments by attaching a score to its findings, CEO Josh Lefkowitz said.

“RBS has a phenomenal reputation in the market as the leader in vulnerability and breach and third-party risk ratings,” Lefkowitz told CRN. “[CEO] Jake [Kouns] and his team at RBS have built something incredibly special over the last ten years.”

id
unit-1659132512259
type
Sponsored post

[Related: REvil: We Accidentally Leaked Kaseya Universal Decryptor Key]

RBS was founded in 2011 and employs 50 people, all of whom have joined Flashpoint, Lefkowitz said. Terms of the acquisition - which closed last week - aren’t being disclosed, according to Lefkowitz. Kouns will become part of Flashpoint’s senior leadership team and focus on the integration roadmap as well as Flashpoint’s future strategy around vulnerability intelligence, management, and third-party risk ratings.

“Supply chain risk and third-party vendor risk is front and center with CISOs and the broader security community across the enterprise and the public sector,” Lefkowitz said. “It was a strategic priority for us to continue to advance and develop our capabilities in that domain.”

Flashpoint’s near-term integration priority is having in-depth conversations with both customer bases and getting in front of key stakeholders who could benefit the most from having both Flashpoint and RBS in their IT environment. Flashpoint channel partners will in the near-term be able to cross-sell RBS’ capabilities and vice versa as part of the integration process, according to Lefkowitz.

Lefkowitz said Flashpoint and RBS will also bring their go-to-market engines together so that the joint sales teams, customer success teams, and marketing teams are working closely together as quickly as possible. Flashpoint tripled the number of employees supporting sales and partner enablement heading into 2022 and will provide support and enablement so partners can get off to the races around RBS.

The technology integration of RBS into Flashpoint will follow the go-to-market integration and take place over the coming quarters, Lefkowitz said. Specifically, Lefkowitz said RBS’ core data collection capability will be integrated into the Flashpoint platform, while RBS’ asset-based approach to threat and risk mapping of potential vulnerabilities will be expanded and applied to the entire Flashpoint portfolio.

Flashpoint customers will likely lean on channel partners to fuse RBS’ risk ratings into the M&A due diligence process, ensuring that data-driven risk and compliance programs are complemented with services. Partners must also provide services around vulnerability prioritization and patch management, specifically related to devising a programmatic approach to implementing playbooks and processes.

From a metrics perspective, Lefkowitz said Flashpoint plans to focus on upsell and cross-sell to ensure new capabilities are being brought into customer environments where there’s already been major success. Flashpoint will also track net new and upsell win rates within the company’s partner ecosystem, as well as the company’s progress in releasing net new capabilities from the joint product roadmap.

Turning raw vulnerability and risk data from a variety of toolsets into strategy and tactics can be an incredibly time-consuming and labor-intensive process for businesses, according to HoneyTek Systems CIO Jason Hammerschmidt. As a result, mid-market clients often spend a lot of time figuring out how to prioritize vulnerabilities that have been identified, which leaves little time for fixing the actual issues.

“Having tools like this allows organizations to focus more on remediation efforts, which is the thing missing from the [vulnerability] programs so many medium-sized organizations run,” Hammerschmidt said.