How URIP Works
Last updated: 2026-04-29 Status: Stable Audience: CISOs, Security Analysts, Compliance Officers, IT Administrators
Three Layers, One Platform
URIP sits between your existing security tools and your dashboards. You keep every tool you already have. URIP connects to them, makes sense of everything they produce, and gives you one unified view.
Layer 1 — Your Tools Layer 2 — URIP Layer 3 — Your Dashboards
───────────────── ────────────── ──────────────────────────
Tenable ┌──────────────┐ Risk Intelligence Dashboard
CrowdStrike ──────────►│ Normalise │────────────► (live risk register,
SentinelOne │ Score │ threat map, SLA tracker)
Zscaler ──────────►│ Deduplicate │
Okta │ Enrich │────────────► Compliance Dashboard
...57 more tools ──────────►│ │ (frameworks, controls,
└──────────────┘ evidence, audit reports)
Every finding from every tool is normalised into one Risk Record — scored on a 0–10 scale, deduplicated if the same vulnerability appears in multiple tools, and enriched with live intelligence about whether it is being exploited in the wild right now.
What Happens to Your Data
When a connector runs, it follows five steps automatically — no configuration required:
- Collect — URIP securely retrieves findings from your tool using the API credentials you provided.
- Normalise — Every vendor uses its own severity labels. URIP converts them all to a single 0–10 scale so you can compare a CrowdStrike detection to a Tenable finding side by side.
- Deduplicate — If the same vulnerability appears on the same asset in three different tools, URIP shows it as one row — not three. Your risk count reflects reality, not scan overlap.
- Enrich — URIP cross-references every finding against four live intelligence sources: exploit probability scores (FIRST.org EPSS), the actively-exploited vulnerabilities catalog (CISA KEV), threat actor attribution (MITRE ATT&CK), and real-time IOC feeds (AlienVault OTX).
- Score — URIP computes a composite score that balances theoretical severity, actual exploit likelihood, whether it is being exploited right now, and how critical the affected asset is to your business.
Both dashboards — Risk Intelligence and Compliance — draw from the same processed data. When a CVE causes a SOC 2 control to fail, you see the exact CVE in the compliance view.
Deployment Options
URIP offers three deployment modes. Your account manager will recommend the right one based on your regulatory environment and data sovereignty requirements.
CISO Decision Table
| Factor | Pure SaaS | Hybrid-SaaS | On-Premise |
|---|---|---|---|
| Time to first risk | ~30 minutes | ~2 hours (agent deployment) | 1–2 days (infrastructure provisioning) |
| Operational burden | None — URIP manages everything | Low — you run a lightweight agent; URIP manages the rest | High — your IT team manages all infrastructure |
| Data residency | Data processed on URIP infrastructure | Raw findings stay in your network; scored records only leave your perimeter | Everything stays inside your perimeter |
| Credential exposure | Credentials stored encrypted on URIP infrastructure | Credentials never leave your network | Credentials never leave your network |
| Best for | Startups, mid-market, non-regulated industries | Financial services, healthcare, enterprises with hybrid cloud | Defence, public sector, strict data-sovereignty jurisdictions |
| Cost structure | Subscription per user/seat | Subscription + agent hosting cost (minimal compute) | License + full infrastructure cost |
| Upgrade responsibility | URIP | URIP (control plane); your IT team (agent) | Your IT team |
| Custom integrations | Standard connector catalogue | Standard + custom connectors via on-premise agent | Full customisation possible |
How to choose: - If you have no data-residency restrictions and want to start today → Pure SaaS - If you are regulated and your CISO's top concern is "do my raw findings leave my network?" → Hybrid-SaaS - If your contract or jurisdiction requires all data to stay on sovereign soil → On-Premise
Pure SaaS (Recommended for Getting Started)
URIP hosts everything. You connect your tools and log in. No infrastructure to manage.
- Fastest time to value — you can have your first risks on the dashboard within 30 minutes
- URIP manages uptime, backups, and upgrades
- Best for: organisations not subject to data residency restrictions
Hybrid SaaS (Most Common at Enterprise Tier)
The control plane (dashboards, compliance engine, user management) runs on URIP's infrastructure. The connector workers — the components that actually authenticate to your tools and retrieve findings — run inside your network.
This means your raw tool credentials and raw findings never leave your perimeter. URIP only receives the normalised, scored risk records.
- Best for: regulated industries (financial services, healthcare, defence)
- Requires: a small agent deployed inside your network (your IT team runs it; URIP provides the package)
On-Premise
Everything runs in your own infrastructure. URIP provides the software; you operate it.
- Best for: defence contractors, public sector, or organisations with strict data sovereignty requirements
- Requires: infrastructure provisioned by your IT team; URIP provides installation documentation and support
Contact your account manager to discuss deployment options.
Security at a Glance
URIP is built for security organisations — its own security posture is held to the same standard.
| Area | What URIP does |
|---|---|
| Authentication | Single sign-on with multi-factor authentication enforced for all users |
| Session management | Sessions are time-limited and automatically expire; re-authentication is required after inactivity |
| Tenant isolation | Your data is logically isolated from every other URIP customer — no data sharing between tenants |
| Credential storage | Connector credentials you enter are encrypted using a unique key for your tenant; they are never stored in plaintext and are never displayed after saving |
| Data in transit | All communication between your browser and URIP uses industry-standard TLS encryption |
| Data at rest | All stored data (findings, credentials, audit logs) is encrypted at rest |
| Audit trail | Every action taken in URIP — risk assignment, connector configuration, compliance control changes, user management — is written to a tamper-evident audit log |
| Access control | Six built-in roles (Viewer, Analyst, CISO, Compliance Officer, Super-Admin) control what each user can see and do |
| MFA for all users | Multi-factor authentication is mandatory and cannot be disabled at the platform level |
Six Built-In Roles
| Role | What they can do |
|---|---|
| Viewer | Read-only: dashboards, risk register, reports |
| Analyst | Viewer + assign risks, add comments, upload evidence |
| CISO | Analyst + configure connectors, manage users, export reports |
| Compliance Officer | Analyst + full compliance module (manage frameworks, invite auditors, generate reports) |
| Super-Admin | Full access including multi-tenant management and module licensing |
How Compliance Connects to Risk
The compliance dashboard does not require separate data entry. It reads the same risk data your CISO dashboard reads.
When you activate a compliance framework (for example, SOC 2), URIP evaluates all of that framework's controls against your connected data. If a control requires multi-factor authentication to be enforced and your identity provider connector is showing MFA bypass attempts, that control is flagged as failing — with a link to the exact findings causing the failure.
This means you always know the answer to: "If the audit landed next week, which controls would fail and why?"
Privacy & Data Handling
What data does URIP store about you and your organisation?
| Data category | What URIP stores | How it is protected |
|---|---|---|
| User account data | Name, email, role, MFA enrolment status, session history | Encrypted at rest; access limited to your tenant's admins |
| Connector credentials | API keys, OAuth tokens, secrets you enter in the Tool Catalog | Encrypted with a unique per-tenant key; never displayed after saving; never logged |
| Security findings | CVEs, misconfigurations, alerts from your tools | Logically isolated per tenant; encrypted at rest |
| Asset inventory | Hostnames, IPs, cloud resource IDs, device metadata | Same protections as security findings |
| Compliance evidence | Policy PDFs, screenshots, log exports you upload | Stored in encrypted object storage; access scoped to your tenant |
| Audit log | Every action taken in URIP by every user | Tamper-evident cryptographic chain; cannot be deleted or modified by any user |
| Auditor session data | Pages viewed, files downloaded, evidence requests submitted | Retained by the inviting tenant; not used by URIP for any other purpose |
Data retention: - Active tenant data is retained for the duration of your subscription - Cancelled subscriptions: your data is retained for 90 days after cancellation to support reactivation, then securely erased - You can request a full data export at any time via your administrator — see Admin & Settings
Data processing locations: - Pure SaaS: primary processing in URIP's cloud regions; your account manager can confirm the specific region - Hybrid-SaaS: raw data processing happens inside your network; only normalised records reach URIP's cloud - On-Premise: all processing happens on your infrastructure
See Also
- Quickstart — Get started in 15 minutes
- Connector Catalogue — All 61 supported tools
- Compliance Frameworks — All 20 supported frameworks
- Troubleshooting — Common questions and fixes