Release Notes - 2024 December

• Sync Failure Notifications

  • You will now receive notifications if an integration sync fails, helping you stay informed about any issues.

• Alerts are sent only for integrations that are configured and enabled, ensuring relevant updates.

• You can enable these alerts through the notification center for In-app, Email, and Mobile.

  

• User Experience Improvements

  • Optional Assignees: Assignee names are no longer mandatory.

• Updated Plan Types

  • Plan types have been updated to Accept and Mitigate for Findings and Improve and Deprecate for Controls.

• Cost and ROI Updates

  • Cost Editing: Adjusting the Cost now automatically updates ROI (Return on Investment) and ALE reduction based on original numbers.

  • Update Risk Reduction Button: Easily update ROI based on the latest group risk estimation and see a timestamp of when it was calculated.

• Enhanced Layouts

  • Loss reduction has been added along with Likelihood reduction under ALE reduction.

  

• 158 new Threat Events were added to the Threat Center between Dec 11th to 24th.

• 51 new CVEs are now marked as exploitable.

• 53 new security incidents added to SAFE for Breach Notification.

• 66 new findings from sources like Wiz, Prisma Cloud and have been mapped to CAM controls.

• Minor Questionnaire mapping update and bug fixes.

• SAFE now integrates with Claroty xDome to pull OT, IoT or IT assets along with their vulnerabilities, helping you manage and secure your environment more effectively.

  

• SAFE now integrates with Rubrik Enterprise Data Protection to check for risks related to on-prem and cloud assets' data protection strategies.

  

• Grouped Questions

  • The FIQ Questionnaire has been updated to improve user experience. Now, child questions are grouped under their main question, which you can expand by clicking a dropdown arrow.

  

We're dedicated to enhancing your experience, and we've made some important updates based on your feedbacks:

• Consistent Email Templates

  All email templates have been updated for consistency across existing and new communications.
  

• Increased Upload Limit for Questionnaires

  You can now upload documents up to 50MB in size, making it easier to upload larger files.
  

• Easier Navigation on Control Pages

  It's now simpler and faster to move between different controls on a page, saving you time and effort.
  

• Better Layout with Suggestions on Third Party Pages

  The pages that show individual third-party details are clearer, and now include Top Control Recommendations and Top Outside-In Recommendations.

• Group by View for Third Party Lists

  You can now see third-party lists grouped together, which makes it easier to organize and review information.

• Added "Global" Option for Service Location in Onboarding

  You can now select "Global" as the country where services are delivered when adding third parties, making onboarding more flexible.
  

• Manual Override for Risk Tiers

  You can manually change the inherent risk tier for third parties, allowing for better risk management based on your insights.

• We are excited to introduce SAFE notification and Settings for personalized control over in-app, push (mobile), and email notifications, including new alerts for known hacks, risk thresholds, and third-party breaches.

  • Customizable Notifications: Easily set preferences for In-App, Push (mobile), and Email notifications.

  • New Alerts: Receive notifications for Known Hack additions, risk scenario threshold breaches, and breaches at organizational and fourth-party levels.

  • Notification Settings: You can enable or disable notifications based on your personal preferences, offering more control over what you see.

  

• SentinelOne Integrations has been enhanced to support  Fully Qualified Domain Names (FQDN) and pull asset tags to easily track and organize your assets in SAFE.

• Axonius Integration in SAFE is now generally available for all customers. For details, see New Integration - Axonius.

• New Threat Actors: Volt Typhoon and Medusa have been added to the Threat Center.

• The Threat Actors library has been updated with adjusted last seen dates based on Threat Actors recent activities.

• 139 new threat events were added from November 27th to December 10th.

• 45 new CVEs are now flagged as exploitable.

• 55 new security incidents are integrated into SAFE for breach notifications.

• 269 new findings from sources like Tanium Comply, Wiz, Prisma, Microsoft 365 Defender, Microsoft Defender for Cloud, and Qualys Policy Compliance have been mapped to CAM controls.

• You can now drill down Aggregate risks to see most impactful controls across all aggregated risks for a group.

• You can now drill down Aggregate risks to see most impactful controls across all aggregated risks for a third-party.

• We have also introduced a widget for Top Control Recommendation.

SAFE now offers a Daily Digest feature to help you stay informed about important changes at a Group level. Key features include:

• Daily Notifications: Receive a daily summary via email and in-app on mobile and desktop.

• Key Updates: See changes in risks, controls, and threat intelligence at a Group level.

• Aggregate Changes: Track risks and groups moving above or below thresholds; monitor control maturity changes.

• Breach Alerts: Get notified of breach incidents and significant threat actor activities.

• Drill-Down Capability: Click on notifications for detailed insights and information related to your risks, groups, and controls.

This feature is currently available for select customers only. Contact your Customer Success Advisor (CSA) to enable this in your environment.

• We’re excited to introduce multi-currency support in SAFE!

  • You can now manage over 16 currencies during organization setup, simplifying global operations.

  • The default currency is USD, but you can change it at the user profile level.

  • All risk scenarios, dashboards, and reports will display values in the selected currency, and organizations can override the default to view loss and ALE values in their preferred currency.

• This feature is currently available for select customers only. Contact your Customer Success Advisor (CSA) to enable this in your environment.

We're dedicated to enhancing your experience, and we've made some important updates based on your feedbacks:

• Detailed Risk Factor Tracking

  Now, when TEF Risk Factors are manually overridden, you can see the previous and current values, who made the change, when it was done, and why.

• Resize Columns width

  You can now easily adjust the width of columns in the Risk Scenario list for improved readability.

• Owner Column in Control Export

  We have added an extra column to the CAM Control export that shows the control owner. This change will make it easier for you to see who is responsible for each control when you send them out for review.

• Top Risky Third Parties

  Added new scatter plot widget for top risky third parties to help you manage third-parties efficiently.
  

• Sticky Questionnaire Pagination

  The pagination on questionnaires will stay in place when you switch between different groups and third-party views.
  

• Location Filter Support

  You can now use a filter for locations when viewing the findings in the asset list.
  

• Security Domains Filter

  There is now a filter for Security Domains in the findings list to help you narrow down your search.

• Hybrid Role Restrictions

  Hybrid roles can now be limited to specific groups and third parties for better control.

• Drill Down in Third Party Charts

  You can click into the Third Party Charts to get more detailed information.

• Consistent Actions for Individual Third Parties

  Actions taken for individual third parties are now consistent throughout the platform.
  

• Questionnaire Findings on Control Page

  You can see findings from linked questionnaires on the control page for a clearer overview.

• Renaming of External Risks

  The term “External Risks” has been changed to “Third-party Risks” for clarity.
  

• CAM Export Enhancements

  When you export CAM data, it will now include the group or organization name in the file name for easier reference.
  

• Conflict Management Settings

  You have the option to turn off conflict management for control mappings during questionnaire assessments in the settings.

• Refined Third Party Invitation Process

  The process for inviting third parties has been improved for a smoother experience.
  

• Rejected Third Parties Cleanup

  Third parties that are rejected will no longer appear in the output widgets, keeping your results cleaner.
  

• Improved Date Picker

  The date picker on the Threat Center page has been enhanced for a better user experience.