A few years ago, ransomware was just a nuisance. If that’s how you’re still treating it, this blog is for you.

Ransomware started making more headlines in 2016, but it was treated largely as a nuisance – not a tangible, resource-worthy threat. Fast forward to 2021 and ransomware has graduated to the big leagues, buoyed by a pandemic-fueled, hasty scramble toward decentralized workforces and digital everything. But this rising threat can’t be entirely blamed on the pandemic. I had a front-row seat to the rise of ransomware as the founder of RiskSense, a pioneer in risk-based vulnerability management and prioritization. We started sounding the alarm years ago – we released a report in 2019 that identified three patterns that we felt were likely to become increasingly salient in the following years:

  • Ransomware will be offered as ransomware as a service.
  • Ransomware will be disruptive and destructive.
  • Ransomware will go beyond an endpoint and move into SaaS, apps, and the cloud.

We were right to sound the alarm: our predictions were accurate on all counts. But this isn’t to say, “we told you so.” Instead, it’s to demonstrate how excited I am that Ivanti and RiskSense hold a shared mission of increasing awareness and delivering solutions to fight ransomware. And now, we get to work on that shared mission together. In case you haven’t heard the news, Ivanti today announced that it has acquired RiskSense. I truly believe the whole is greater than the sum of its parts – and the timing couldn’t be more critical.

Today, the impact of ransomware is widespread: healthcare, critical infrastructure, supply chain – no one is immune. Unpatched vulnerabilities remain one of the common points of infiltration into organizations’ ecosystems.

Ivanti has been a leader in patch management for many years, and as the ransomware threat elevated, they ramped up their efforts to stay ahead of the problem. RiskSense is part of that aggressive approach. The cloud-based RiskSense platform leverages risk-based scoring, exploit analytics and attack feasibility to identify critical security weaknesses with corresponding remediation action plans. This acquisition enables Ivanti to drive the next evolution of patch management, grounded in a proactive, risk-based approach. Combined with Ivanti’s existing capabilities, I believe this acquisition delivers a level of defense that is urgently needed right now.

Specifically, this defense translates to context and adaptive intelligence for security and IT teams around an organization’s exposures to actively exploited vulnerabilities. This includes intelligence on whether those vulnerabilities are tied to ransomware. And because insight is only half the battle, organizations will also be able to leverage our capabilities to quickly remediate those threats. The result: security and IT operations teams can be more efficient and effective in combating weaponized vulnerabilities used by cyber adversaries.

In case your eyes glazed over during the preceding paragraph (understandable!) let’s highlight two key terms: context and adaptive intelligence. Patching without threat context is not effective. Too many organizations throw on patches without really understanding what they’re up against. This is an inefficient use of resources and is more likely to result in a frustrated IT team than an effective anti-ransomware campaign. Ivanti has the most robust data on patches, and RiskSense has the most robust data on vulnerabilities and exploits – including the ability to map them back to threat sources. These unique capabilities build on each other for a blended offering that’s unmatched in the market today.

The impact: Learn. Patch. Adapt. Stay ahead of threats. A version of these capabilities, often piecemeal, are in place in a lot of companies. However, organizations are often plagued by missing elements: patching without context, or intelligence without the ability to take action. And even if they have most of the elements in place, the whole process is convoluted, resource-heavy and lengthy. Threat actors are rapidly increasing in boldness and sophistication, and all too often, a quasi-solution is developed long after the damage has been done.

Ivanti x RiskSense means being able to do in seconds what used to take days – and do it better.  Threat actors are efficient: they take the smoothest path to success, which means exploiting the most vulnerable opportunities. This often means taking advantages of organizations with a lot at stake like those in healthcare, education, and utilities.

Ivanti and RiskSense are not the only ones who’ve noticed that there is a problem. There is a global fight against ransomware, with a lot on the line. We’re committed to our part in that fight and, now that Ivanti and RiskSense have combined forces, we’re ready for the front lines.