Release Notes - June 2021
  • 10 Minutes to read
  • PDF

Release Notes - June 2021

  • PDF

1. Single Sign-On (SSO) for SAFE (Cloud)


This release brings Single Sign-On (SSO) feature to SAFE (Cloud). This feature enables organizations to use the SAML 2.0 authentication provider for authenticating login into SAFE. Now, SAFE Admin can onboard and manage users right from their SSO platforms such as Active Directory, Okta, One Login, etc., eliminating the need to maintain a separate user authentication mechanism for SAFE.


Notes:
  • SAFE continues to support normal Sign In via local username and password also.
  • SAFE Cloud supports Azure AD, Okta, One Login, and many more SAML2.0 authentication providers.
  • SAFE requires the creation of a local SAFE Admin user at the time of onboarding.

2. SAFE Recommendations: What’s going well? What can be done better?


We are introducing a new feature, “SAFE Recommendation,” in SAFE. This feature provides you better insights into understanding “What’s going well?” and “What can be done better?” for the technology assessment and helps you make informed business decisions to improve the cyber risk posture.

The SAFE Recommendations include quick insights on the technology assessment, such as how the critical assets are doing, how many assets are being assessed daily, what percentage of assets have a healthy score, and many more.

Info
The SAFE Recommendations are available on the Technology Inside-Out Assessment Dashboard.

SRFinal

Notes:
  • Users can generate the SAFE Recommendation reports by clicking the Report Download icon available at the top-right corner of the SAFE Recommendations section.
  • Users can also generate/schedule these reports from the Reports > Overall Report section.

3. SAFE Score on a scale of 0 to 5 based on Bayesian Network Model


SAFE brings in a new and more holistic approach to calculating breach likelihood for a company. SAFE uses the Bayesian Network model to quantify the cyber risk on a scale of 0 to 5 along with Confidence grade (Low, Medium, and High). The score confidence depends on the coverage of controls provided to the scoring model.

The new approach doesn’t evaluate People, Policies, Technology, Cybersecurity Products, and Third Parties in silos but interlinks its dependencies on individual verticals. For example, an Asset score also considers the impact from Policies and Cybersecurity Products that it may have. The inherent risk of an organization is evaluated based on its Geography, Industry, Size, and Business Criticality, and the unknowns reside in its residual risk.

4. Technology Assessment


4.1. Simulate SAFE Scores based on Asset Controls

SAFE now allows users to simulate the SAFE Score for an asset and see the simulation result for the asset score, its vertical score, overall technology score, and overall SAFE score.

Users can simulate the SAFE Scores by:

  • Qualifying the unqualified controls associated with assets.
  • Changing the asset’s Confidentiality, Integrity, and Availability (CIA) Requirements and Business parameters.
  • Changing the associated Policies’ or Cybersecurity Products’ scores

A new button titled “Simulate Score” has been added to the asset details page. Clicking this button redirects users to the Score Simulation page to do various kinds of score simulations.

4.2. Rapid Onboarding of Cloud AWS Accounts and Cloud Azure Subscriptions

Now, SAFE offers rapid onboarding of Cloud AWS Accounts and Cloud Azure Subscriptions. SAFE Admins can configure them from Safe Hooks.

Upon successful configuration and confirmation, SAFE scans the added AWS accounts and Azure subscriptions and automatically onboards the assets under "Cloud-AWS" and "Cloud-Azure" verticals, respectively.

SAFE Admins can trigger the on-demand scan of the onboarded accounts/subscriptions. They can also set Global Auto Scan Frequency for AWS accounts and Auto-sync frequency for Azure subscriptions.

Info
We have added the assessment capability for 30+ new Azure services and 25+ Cloud AWS services in SAFE.

4.3. Technology Inside-Out Assessment Dashboard

We are introducing an Inside-out assessment dashboard to provide analytics on the Technology SAFE Score and provide better insights on the technology assessment in SAFE.
IN-out Dashbaord

The new Inside-out assessment dashboard displays the following in graphical as well as tabular view:

  • Technology and Vertical-wise SAFE Score trend
  • SAFE Recommendations for technology assessment
  • Vertical-wise assessment Statistics
  • Asset Score distribution
  • Control Gaps
  • Prioritized Actionable Insights
  • Asset Onboarding Statistics

4.4. Prioritized Actionable Insights

SAFE displays a prioritized view of Actionable Insights on Assets and Controls. These actionable insights are available on the Inside-out assessment dashboard.

For assets, it's based on the SAFE Score. The Asset having the lowest SAFE Score will appear first. For controls, it's based on severity and impacted assets.
Actionalble Insight

Note

Actionable Insights will no longer be available on the SAFE Main Dashboard.

4.5. On-Demand Assessment of macOS-based Assets

We added the assessment capability for macOS-based assets in the last release of SAFE, version 1.9. Now with this release, SAFE also allows on-demand assessment of macOS-based assets.
We have also added the following capabilities:

  • Users can configure the Heartbeat (sync of Mac agent with SAFE) interval for Mac agent via Agent Global Policy in SAFE.
  • Assessment of Latest macOS BigSur

4.6. Assessment of Cloud SaaS Products; Salesforce, Snowflake, Mulesoft, and Adobe Experience Manager

SAFE can now do the security assessment of the Salesforce account, Snowflake account, Mulesoft, and Adobe Experience Manager experience account of your organization. SAFE displays these SaaS products under the Cloud SaaS vertical.
SaaS Products

The asset of Salesforce and other SaaS products will be available in the Cloud SaaS vertical. Users can do the assessment as well as on-demand scans for these assets from the technology distribution.

4.7. Introducing remediation guidelines for Windows controls to be followed on Microsoft Intunes

SAFE displays the remediation steps to be followed on Microsoft Intunes in the Remediation Guidelines tab on Windows control pages. A new section titled “Microsoft Intune GUI Remediation” has been added to the Windows controls page.

Intune

Note

For Windows controls that cannot be remediated using Intune, SAFE displays a message, “This control cannot be remediated using Microsoft Intunes.”

4.8. User Audit Logs

SAFE records all the important user audit logs in the CEF format. Refer to User Audit Log in CEF Format for more information.

5. New Integrations


new Integrations

5.1. Yet another integration with leading PIM (Privileged Identity) Tools - BeyondTrust

BeyondTrust helps in managing, controlling, and monitoring privileged user activities. The SAFE-BeyondTrust integration eliminates the manual entry of the assets’ passwords on the SAFE platform for assessment. With this integration, SAFE pulls the assets’ credentials from the BeyondTrust server via API, authenticates the assets using these credentials, and does the assessment.

BT1

BeyondTrust configuration is available under the Administration > SAFE Hooks > Management Tools. SAFE Admins can configure BeyondTrust by entering the values for BeyondTrust API URL, Username and Password, or Certificates.

5.2. Integration with ServiceNow CMDB with SAFE for Assets synchronization

SAFE now seamlessly integrates with the ServiceNow CMDB (Configuration Management Database) via REST APIs and updates the assets in SAFE. This reduces the need for managing assets on SAFE separately.
ServiceNow CMDB 1(1)

SAFE Admin can configure the ServiceNow CMDB from Administration > SAFE hooks > Management Tools.

6. People Assessment via SAFE Me app


6.1. Sign In to SAFE Me made easy via SSO

SAFE Me users can Sign In to the app via Single Sign-On (SSO) based on SAML 2.0 used in their organization. This feature helps you to onboard and manage users on the SAFE Me right from the SSO platform used in your organization and eliminates the need to maintain a separate user authentication mechanism.

Note

SAFE Me supports Azure AD, Okta, and many more SAML2.0 authentication providers.

6.2. Get the Dark Web exposures for your 5 email addresses

Now, the Enterprise edition of the SAFE Me app allows you to add 5 email addresses of yours to find the leaked credentials on the Dark Web. You can add the additional email from the Manage Emails option available under Profile.
Add Emails Final

Note

The SAFE Me does an OTP verification for each of the additional emails.

6.3. Automated User Management via Azure Active Directory

With this release, the user’s management for people assessment via SAFE Me has been made easy. Now, SAFE uses automated user provisioning provided by Azure AD of your organization and automatically manages (add/delete) the SAFE Me users. This feature eliminates the manual effort of the SAFE Administrators to manage users on the SAFE Me.

7. Third-party


7.1. SAFE Score for overall Third-party portfolio


SAFE does assessments for all the onboarded third parties of your organizations and quantifies their cyber risk posture by assigning a SAFE Score to them. Now, SAFE rolls up the third-parties score to the overall third-party portfolio score for your organization.
Third-party

7.2. Assessments of Malware Servers for First-party and Third-party

The external assessment capability of SAFE has been enhanced to include the Malware Servers assessment for the organization as well as their third parties. Upon completion of the scan, you can view the control level insights for Malware Servers.

7.3. Assessment of DNS Security and TypoSquat Domains for First-party and Third-party

SAFE assessment includes the DNS Security and TypoSquat Domains for the organization as well their third parties. Once the scan is completed, you can see control level insights for DNS Security and TypoSquat Domain.

Info
  • DNS Security assessment: DNS Security identifies gaps in the configuration of a DNS server; it also suggests best security practices to keep the client's DNS information secure by enforcing the implementation of DNS Security Extensions.
  • TypoSquat Domains: Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting that relies on the possibility of people causing errors while entering the domain URL such as a common misspelling or a different TLD (Top Level Domain) and arriving at the Fake, unintended domains which are registered and controlled by malicious actors.

8. Financial Risk Exposure


We have added new features to the Financial Risk Exposure module, which allows users to:

  • Know how much $ amount you actually have at risk - Understand how much financial risk your security posture will translate into (does it fall in the range of your risk appetite?)
  • Know what is the ROI of your Cybersecurity investments - Inbuilt simulator to view how to reduce the financial loss via security investments (improved SAFE score or more insurance coverage)
  • Negotiate for better insurance policies - Transfer your high-risk areas (like Ransomware) into specific insurance types (Cyber Extortion)

8.1. Breach Cost Calculator

By responding to simple 7 questions on the Breach Cost Calculator, users can estimate the range of financial impact that their organization is sitting at. The estimated financial impact ranges from upper bound to lower bound with a value of most likely impact. These responses are available for all industries and 5 different geographies, i.e., USA, UK or EU, India, Southeast Asia, and Japan, to ensure that the impact is most accurate based on the regulatory laws of an organization’s industry and region of operation.

BCC

Estimated Financial Impact is calculated both at the aggregate level for the entire organization and individual for each Cyber Insurance policy inclusion.

8.2. Loss Event Likelihood

After the calculation of the Estimated Financial Impact, the dashboard also quantifies the likelihood of different breaches such as Ransomware, DDoS, Phishing, etc., to evaluate how likely an organization is to raise a cyber insurance claim.

8.3. Expected Annual Loss

SAFE uses Monte Carlo simulation to calculate Expected Annual Loss, i.e., the Financial Loss that a company might expect in the next 12 months (with or without insurance), based on the range of Estimated Financial Impact and the likelihood of different breaches.

9. Content Updates


We have added the following new technologies for configuration assessments.

  • Server
    • Ubuntu 20.x
    • Customized Linux OS
  • Middleware
    • IBM Websphere 8.5.x
    • IBM HTTP Server 9.0.x.x
    • IBM Websphere Application Server 9.x
  • Network and Security Nodes
    • Cisco iOS XE 15.x Router
    • Cisco iOS XE 15.x Switch
    • Palo Alto 9.x
  • Storages (manual assessment)
    • Hitachi VSP G400
    • DELL SC5020
    • DELL SC8000
    • Dell SC7000
    • HP 3PAR 7200
  • Printers (manual assessment)
    • Canon Imagerunner
    • Toshiba e-Studio2309A

10. Enhancements


10.1. Enhanced People Dashboard with Campaign Analytics

To provide a complete understanding of your employee’s security posture and their progress on the assigned campaigns, we have added the following enhancements:

  • SAFE People Dashboard: SAFE People dashboard is enhanced to display the user’s awareness (the courses they passed, failed, and not attempted), devices (iOS or Android), and employees’ exposure on the Dark Web.
  • Campaign Analytics: The Campaigns page has been enhanced to display the analytics over the campaign that includes the campaign details (no of users, no of course, user groups), graphical view for the number of users who have completed the campaign, and the user’s list along with their SAFE Score.

Campaign Analytics

10.2. Enhanced REST APIs for Asset Onboarding

The SAFE REST APIs have been enhanced, allowing users to onboard assets in unconfirmed verticals and add confirmed assets in any verticals.

Refer to the SAFE API Guide for more details.

11. Known Issues


  • The asset score may vary between the asset page and the score simulator page. The score simulator re-calculates the asset score afresh to start the simulation, while the score for the asset on record is updated after a subsequent assessment.
  • A user can not change his/her primary email address in SAFE Me. If necessary, we recommend you a fresh sign-up with your new email address.
  • The SAFE ID user cannot be an SSO user in SAFE Me. The SAFE ID user must be a native SAFE ME user with Admin privileges.
  • Changing the Remediation Timeline does not have any impact on the SAFE scores.
  • The SAFE application does not support the browser’s back button. The system does not display the correct data if users navigate to the previous screen using the back button.
  • For Azure integration with SAFE (on Cloud), the system displays the subscription discovery time or onboarding time as per the Browser’s time zone. Furthermore, the system displays the Last Assessment time as per the SAFE Instance timezone on the Azure configuration page.
  • The system fails to update the control history when the Policy is disabled from Governance Management.

Was this article helpful?