Vendor: RiskRecon
Price: Base contract size starts at $10,000 and increases based on the number of companies monitored (licenses purchased). Per license costs are tiered and decrease based on the volume of licenses purchased.
Contact: riskrecon.com

Quick Read

Strengths:
Ability to create custom risk policies based on specific risk tolerances.
Weakness:
None that we found.
Verdict:
Intuitive tool uses machine learning algorithms, which ultimately gives you a skillfully put together risk-prioritized security findings.

Rating Breakdown

SC Labs Reviews

Reviews from our expert team

Features:
Rating: %s
Documentation:
Rating: %s
Value for Money:
Rating: %s
Performance:
Rating: %s
Support:
Rating: %s
Ease of Use:
Rating: %s
Rating: 5.00/5 5.00/5

Summary

RiskRecon is a highly intuitive, user-friendly application that offers third-party risk management teams the necessary understanding for risk mitigation. The customizable out-of-the-box questionnaires, automated risk scoring, downloadable reports and built-in search feature make this an attractive option.

The Portal Dashboard Page shows a high-level view of risk and assigns overall portfolio scores. Risk is scored zero to 10 and measured across 10 different domains: software patching, web applications, web encryption, threat intelligence, data loss history, defensibility, governance, system hosting, email security and DNS security. Each domain has 39 different security criteria and shows details driving the scores. Quadrant category breakdowns of the scoring model (stop, fix, limit and proceed) quickly draw attention to areas with additional need for improvement.

The Security Profile Tab assesses risk specific to vendors. The domains, criteria and subsequent weighted rating breakdowns can also be viewed here. This information can be shared in downloaded reports or exported as CSV files for total footprint visibility. The easily readable action plans can be distributed and tracked, kickstarting the conversation on risk management without overwhelming.

The Priority Matrix Asset Values panel ranks risk for the entire portfolio of a company, scored as high, medium, low or idle. Zeroing in on high-risk critical assets ensures prioritization, allowing security teams to mitigate weaknesses, build policies and demonstrate risk reduction over time.

The IT Profile Tab shows a very organized, high-level view of similar data. You can investigate specific areas of an organization’s program to see details at the host level. You can search pretty much anything across a portfolio for quick location, identification and mitigation of areas with concentrated risk.

Multiple support options are offered during and after business hours, including a ticketing system, a live support widget, various user guides, texting and an intuitive support center full of self-help information, including videos, white papers and FAQs. After-hours calls may not get a response until the following day, but there is an online community, monitored daily and available for requests and general discussions.

RiskRecon’s intuitive toolset and focus on risk prioritization of valued assets make it an attractive option. Response to risk is tailored to help companies control risk themselves and grow their programs. This user-friendly, consultant-like approach combined with out-of-the-box options and flexible customizations make this a suitable option for all, regardless of expertise level. 

Tested by Matthew Hreben