I&T Solution

Reference No.

S-0820

Solution Name

RISK.HK VULNERABILITY AGGREGATION

Solution Description

RISK.HK Vulnerability Aggregation is part of RISK.HK risk assessment & compliance automation solution, which is a vendor-neutral vulnerability and exposure aggregation platforms as well as a process of integrating, deduplicating, and normalising exposure data from multiple security tools (such as SAST, DAST, and network scanners) onto a unified platform.

Application Areas

Commerce and Industry

Technologies Used

Artificial Intelligence (AI)

Cloud Computing

Data Analytics

Machine Learning

Use Case

Multiple vulnerability scanners are used for scanning different types of vulnerabilities, however, overwhelming amounts of duplicate, conflicting data are also created. RISK.HK Vulnerability Aggregation platforms resolve this by offering:

1) Deduplication: Modern discovery tools find more flaws than ever. AI rapidly filters millions of raw scan results into a short, manageable list of actual operational risks. Merging the same vulnerability found by different tools or same type of vulnerability by a tool into a single, comprehensive record;

2) Normalisation: Translating different types of dataset of different tools into a single, standardised vulnerability dataset;

3) Contextualisation: Enriching vulnerabilities with asset criticality and live threat intelligence to help prioritise what to patch first; and

4) Vulnerability Management to aggregate assets, findings, and threat data to provide risk-based workflows and accelerate remediation.

If any government department would like to conduct PoC trial or technology testing on the I&T solution, please contact Smart LAB.