Release Notes- 2024 November

• SAFE now features a Threat Actor Risks tab in the Risk Scenario list, enabling you to monitor specific threat actors. By default, monitoring is turned off, so you can choose to subscribe as needed. Just use the option on each Threat Actor card to start or stop monitoring. When you subscribe, out-of-the-box risk scenarios for those threat actors will be automatically generated.

• You can now archive all system-generated risks easily using the archive option, which will be displayed in the Archived Risks tab. For custom risks, simply use the delete option in the manage menu to remove them as needed.

• SAFE now integrates with GitHub Advanced Security, allowing users to import source code repositories as assets and access SAST, SCA, and secrets scanning findings. This helps you manage vulnerabilities in source code tied to applications modeled as groups for risk scenarios in SAFE.

• SAFE now provides a summary of integration insights directly on the integration page. You can see the number of integrations configured, findings and assets imported, and the distribution of finding types, like vulnerabilities and misconfigurations.

• You can now add columns for Likelihood, Loss Magnitude, and Annualized Loss (ALE) right in the Group List. This lets you sort the groups how you want, making it easier to see and manage your group risks and take action when needed.

• Related Customer Feedbacks Resolved:

  • You can now create smart groups based on user in the Attack Surface. This allows you to effectively model user risk using smart groups, enhancing your ability to manage security.

    

• 286 Findings have been mapped to CAM controls for better reliability maturity.

• 55 new CVEs marked as exploitable to enhance Finding prioritization.

• Updated MITRE Techniques mapping for specific Threat Actors based on latest threat events.

• Improved Web Application Firewall (WAF) capability description to include its audit/block mode state.

• Introducing the ServiceNow connector for SAFE TPRM! Seamlessly sync third-party data and risk details for streamlined risk management.
  Key Features:

  • Automatic Onboarding: Effortlessly bring new third parties from ServiceNow TPRM into SAFE.

  • Metadata Sync: Keep important metadata like industry and revenue updated between both platforms.

  • Risk Data Export: Send SAFE's risk assessment details, such as event likelihood and loss magnitude, back to ServiceNow.

  • Custom Field Mapping: Set up custom mappings in SAFE for your specific needs.

  • Secure API Credentials: Safely enter and store your SAFE API credentials within ServiceNow.

  • Full Company Sync: Sync all companies from ServiceNow to SAFE.

  • Scheduled Syncs: Set up automatic syncs for accurate data management.

  • Access Sync Logs: View logs to check the status of your syncs.

This feature enhances your ability to manage risks and ensures your data remains consistent across platform.

• SAFE now integrates with Rapid7 InsightVM Cloud, enabling the generation of signals and insights based on vulnerability assessment (VA) findings. This integration enhances your ability to analyze and manage security risks from both cloud and on-premise setups.