// THREAT DETECTION AND DATA PRIVACY TERM

Risk Mitigation

Risk mitigation is the process of taking specific actions to reduce the probability or impact of a potential threat. It involves implementing safeguards and countermeasures to protect assets from identified risks.

Risk Mitigation — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

Risk mitigation is a core function of cybersecurity risk management that involves deploying security controls, countermeasures, and procedural safeguards to reduce the likelihood or impact of threats exploiting vulnerabilities in IT systems, networks, and organizational assets.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • Risk reduction
  • Threat mitigation
  • Risk treatment
  • Countermeasure implementation
  • Exposure reduction
  • Vulnerability remediation

USAGE NOTE

This strategy is chosen when a risk is deemed unacceptable in its current state but cannot be entirely eliminated or transferred.

DEVELOPERS

Organizations developing technology related to Risk Mitigation.

  • Tenable

    Develops the Tenable One exposure management platform, which provides technology to continuously discover, assess, and prioritize vulnerabilities and cyber risks across an organization's entire attack surface, from IT to cloud to OT.

  • Palo Alto Networks

    Offers a comprehensive security platform that includes technologies for risk mitigation such as the Cortex XSOAR for security orchestration and automated response (SOAR) and Prisma Cloud for managing security posture and compliance in cloud environments.

  • CrowdStrike

    Provides the Falcon platform, a cloud-native solution that uses AI and threat intelligence to offer endpoint security, cloud security, and identity protection, enabling organizations to proactively identify and mitigate threats and vulnerabilities.

  • Rapid7

    Develops the Insight Platform, which integrates vulnerability management, SIEM, and application security technologies to provide unified visibility and analytics, helping security teams reduce their attack surface and mitigate risks.

  • Mandiant (Google Cloud)

    A leader in threat intelligence and incident response, Mandiant develops technology platforms like Mandiant Advantage that provide threat intelligence, security validation, and attack surface management to help organizations understand and mitigate the risks posed by sophisticated attackers.

  • Lockheed Martin

    As a major defense contractor, Lockheed Martin develops intelligence-driven cybersecurity solutions. It created the Cyber Kill Chain framework, a widely used model for understanding and mitigating the stages of a cyberattack.

  • Fortinet

    Develops the Fortinet Security Fabric, a broad, integrated, and automated cybersecurity platform. Its technology helps organizations manage and mitigate risk by providing unified control and visibility across the entire digital attack surface.

  • Cybersecurity and Infrastructure Security Agency (CISA)

    A U.S. federal agency that develops and promotes tools, frameworks, and information sharing platforms to help public and private sector partners manage and mitigate cyber risks. They provide services like vulnerability scanning and risk assessments.

RELATED TERMS IN DEFENSE & ARCHITECTURE