- 8 Minutes to read
- Print
- PDF
Release Notes- 2024 November
- 8 Minutes to read
- Print
- PDF
What’s New in Safe?
Release v4.93
November 30, 2024
Total: 5 Updates
SAFE One
Loss Drivers at Group Level
Loss Drivers at Group Level
You can now manage FAIR MAM loss categories and drivers at the Group level, which will apply to all risk scenarios within that group. This simplifies the process of overriding loss drivers, as you won't need to do it for each risk scenario. Current overrides will remain unchanged, except for the loss drivers detailed in the document Impact due to FAIR-MAM at Group Level; please note these and reapply them after the update.
Additionally, 7 loss drivers have been restructured into scenario-specific drivers with updated benchmark values based on current industry data. This may lead to changes in overall Loss Magnitude and Annualized Loss Exposure (ALE) for risk scenarios related to System Outage or DDoS.
For more information, please reach out to your Customer Success Advisor.
Threat Centre Update
Threat Centre Update
The Threat Actors library has been updated with adjusted last seen dates based on Threat Actors recent activities.
148 new Threat Events were added to the Threat Center from November 13th to 26th.
78 new CVEs are now marked as exploitable.
273 new security incidents added to SAFE for Breach Notification.
165 new findings from sources like Tanium Comply, Wiz, Prisma, Microsoft 365 Defender, Microsoft Defender for Cloud, and Qualys Policy Compliance have been mapped to CAM controls.
Early Access Features for Select Customers
New Integration - Akamai App and API protector
New Integration - Akamai App and API protector
Web Application Security: SAFE now supports integration with Akamai Web Application Firewall (WAF), allowing you to manage web application security effectively.
Threat Protection: This integration captures WAF settings and policies to assess breach likelihood, maps findings to CAM controls, and ensures your applications are protected against threats like SQL Injections and DDoS attacks.
This integration is currently available for select customers only. Contact your Customer Success Advisor (CSA) to enable this in your environment.
Aggregated Risk Detail Page
Aggregated Risk Detail Page
Aggregate risk is enhanced with ability to drill down.
Aggregate Control Recommendation: View a prioritized list of control recommendations, highlighting their potential impact on reducing likelihood, loss, and annualized loss across multiple scenarios.
Aggregate Findings Recommendation: Access a prioritized list of findings recommendations based on findings scores across scenarios.
Risk Contributing to Aggregation: Display and manage risk scenarios that contribute to overall risk aggregation.
This feature is currently available for select customers only. Contact your Customer Success Advisor (CSA) to enable this in your environment.
Miscellaneous
Exciting Enhancements for You!
Exciting Enhancements for You!
We're dedicated to enhancing your experience, and we've made some important updates based on your feedbacks:
Group Details Widget: The revenue figure in the Group Details widget now shows with commas, making it easier to read.
Azure AD Rename to Microsoft Entra ID: Azure AD has been rebranded as Microsoft Entra ID. We've updated the integration card name to reflect this change, aligning with Microsoft's new branding.
Integration Reset: You can now reset integrations directly from the SAFE UI! This feature allows you to easily reset any integration, if you do not want to continue using a configured integration.
Filter Findings by Mapped Controls: You can now filter findings by applicable controls on the What-If page. For example, you can easily view all findings impacting Secured Software ( SSW).
Thank you for your valuable feedback! If you have more suggestions or questions, please don't hesitate to reach out.
Release v4.92
November 16, 2024
Total: 7 Updates
SAFE One
Top Riskiest Groups
Top Riskiest Groups
SAFE now includes a new widget that aggregates your riskiest groups across your organisation based on likelihood and loss magnitude and displays the Top Risky Groups in a Scatter Plot. This new widget helps you quickly identify and visualize the groups that pose the highest risks, enhancing your ability to focus on critical areas and improve your risk management strategy.
Risk Scenario List (Group-by Capabilities)
Risk Scenario List (Group-by Capabilities)
SAFE introduces a new quick filter for the Risk Scenario list, allowing you to easily group and sort scenarios according to your preferences. This makes it simpler to find and focus on what's important to your security management.
Custom Security Questionnaires
Custom Security Questionnaires
We're excited to announce that you can now ask SAFE to add a questionnaire to your instance. SAFE will handle the control mapping to FAIR CAM for these questionnaires, integrating them seamlessly into your platform. If you have any requests, please reach out to our customer support team today!
Threat Centre Update
Threat Centre Update
SAFE's Threat Centre is now updated with security breach incidents from the last two years, helping you identify potential risks for all onboarded third-party organizations through Recent and Historical Breach Incident alerts.
New Findings Mapped: 98 previously unmapped findings have now been linked to FAIR CAM Controls for improved breach likelihood calculations.
Exploitable CVEs: 42 new CVEs are marked as exploitable, enhancing the findings prioritization framework.
Fresh Threat Events: 186 new threat events were released between 30th Oct and 12th which impacts the benchmark Threat Event Frequency values for related Initial Attack Method, Threat Actor, Industry and Geography combination.
SAFE Third-Party Risk Management (TPRM)
AI Agent for Adding Third Parties
AI Agent for Adding Third Parties
SAFE now features an AI Agent that makes adding third parties quick and easy! The AI Agent helps you enter important details, automatically triggers necessary assessments, and provides support for any questions you might have. This streamlined process ensures that onboarding is efficient and hassle-free. Available for all customers on our Enterprise and Enterprise+ plans. To enable this feature in your environment, please reach out to our customer support team.
Early Access Features for Select Customers
New Integration - PingOne
New Integration - PingOne
SAFE now integrates with PingOne, allowing you to include application access control findings for application related risk posture. This integration enables you to onboard SAML applications as assets in SAFE and gathers security misconfigurations including SSO and MFA settings. This integration is currently available for select customers only. To enable this integration in your environment, please reach out to our customer support team.
Customer feedbacks Resolved
Exciting Enhancements for You!
Exciting Enhancements for You!
We’re committed to improving your experience with SAFE, and we’re excited to share that several customer feedback items have been addressed in this release. Here’s a summary of the fixes and enhancements:
Groups Management
Group Context in Fair MAM page: You can now easily see which group or risk scenario your FAIR MAM results relate to.
UI Improvements
Export Applicable Controls: You can now export the list of applicable controls for individual scenarios, complete with their maturity and functions.
Third-Party Management Enhancements
Third Party Findings Count: The findings count for third parties is now sorted on findings score and only displays positive and negative findings.
Improved Third Party Asset List: The IP address column in the Third Party Assets page has been enhanced to reflect the IP address of infrastructure assets.
Third Party Findings Default View: The default view of the Third-Party Findings page has been enhanced to display open asset observations.
That's all for now! We value your feedback, as it helps us enhance the product continuously. If you have any additional suggestions or questions, feel free to reach out!
Release v4.91
November 5, 2024
Total: 8 Updates
SAFE One
Threat Actor Monitoring
Threat Actor Monitoring
SAFE now features a Threat Actor Risks tab in the Risk Scenario list, enabling you to monitor specific threat actors. By default, monitoring is turned off, so you can choose to subscribe as needed. Just use the option on each Threat Actor card to start or stop monitoring. When you subscribe, out-of-the-box risk scenarios for those threat actors will be automatically generated.
Archive Risk Scenario
Archive Risk Scenario
You can now archive all system-generated risks easily using the archive option, which will be displayed in the Archived Risks tab. For custom risks, simply use the delete option in the manage menu to remove them as needed.
New Integration - GitHub Advanced Security
New Integration - GitHub Advanced Security
SAFE now integrates with GitHub Advanced Security, allowing users to import source code repositories as assets and access SAST, SCA, and secrets scanning findings. This helps you manage vulnerabilities in source code tied to applications modeled as groups for risk scenarios in SAFE.
Integration Insights
Integration Insights
SAFE now provides a summary of integration insights directly on the integration page. You can see the number of integrations configured, findings and assets imported, and the distribution of finding types, like vulnerabilities and misconfigurations.
Risk Metrics in Group List
Risk Metrics in Group List
You can now add columns for Likelihood, Loss Magnitude, and Annualized Loss (ALE) right in the Group List. This lets you sort the groups how you want, making it easier to see and manage your group risks and take action when needed.
Related Customer Feedbacks Resolved:
You can now create smart groups based on user in the Attack Surface. This allows you to effectively model user risk using smart groups, enhancing your ability to manage security.
Threat Center Updates
Threat Center Updates
286 Findings have been mapped to CAM controls for better reliability maturity.
55 new CVEs marked as exploitable to enhance Finding prioritization.
Updated MITRE Techniques mapping for specific Threat Actors based on latest threat events.
Improved Web Application Firewall (WAF) capability description to include its audit/block mode state.
SAFE Third-Party Risk Management (TPRM)
ServiceNow Connector for SAFE TPRM
ServiceNow Connector for SAFE TPRM
Introducing the ServiceNow connector for SAFE TPRM! Seamlessly sync third-party data and risk details for streamlined risk management.
Key Features:Automatic Onboarding: Effortlessly bring new third parties from ServiceNow TPRM into SAFE.
Metadata Sync: Keep important metadata like industry and revenue updated between both platforms.
Risk Data Export: Send SAFE's risk assessment details, such as event likelihood and loss magnitude, back to ServiceNow.
Custom Field Mapping: Set up custom mappings in SAFE for your specific needs.
Secure API Credentials: Safely enter and store your SAFE API credentials within ServiceNow.
Full Company Sync: Sync all companies from ServiceNow to SAFE.
Scheduled Syncs: Set up automatic syncs for accurate data management.
Access Sync Logs: View logs to check the status of your syncs.
This feature enhances your ability to manage risks and ensures your data remains consistent across platform.
Early Access Features for Select Customers
New Integration - Rapid7 InsightVM Cloud
New Integration - Rapid7 InsightVM Cloud
SAFE now integrates with Rapid7 InsightVM Cloud, enabling the generation of signals and insights based on vulnerability assessment (VA) findings. This integration enhances your ability to analyze and manage security risks from both cloud and on-premise setups. This integration is currently available for select customers. To enable this integration in your environment, please reach out to our customer support team.