- 7 Minutes to read
- Print
- PDF
Release Notes - 2024 October
- 7 Minutes to read
- Print
- PDF
What’s New in Safe?
Release: v4.90
Release: v4.89
Release: v4.88
Release: v4.90
October 21, 2024
Total: 11 Updates
SAFE One
Risk Treatment Plan
Risk Treatment Plan
SAFE’s new Risk Treatment module enables you to create actionable risk treatment plans at the Group level. With this intuitive workflow, you can assess risks, perform what-if analysis, and develop proactive strategies for mitigation. Easily manage plans with summaries for risk acceptance, mitigation, and control improvement to keep your organization ahead of potential threats.
Related Customer Enhancement Requests Resolved
You can now save each scenario's "What-If" analysis as a treatment plan.
The display has been expanded beyond five scenarios to ease risk reduction comparison.
You have the option to clear or reset risk treatment choices to start fresh.
AI-Powered Explainability for Dashboard Widgets
AI-Powered Explainability for Dashboard Widgets
SAFE introduces AI-driven explanations for dashboard widgets including a Scatter Plot and FAIR Tree for all customers on our Enterprise and Enterprise+ plans. With this feature, hovering over widgets will give you the option to "ask" for more information, allowing for clearer understanding and seamless interaction. This enhancement simplifies tasks like integration and assessment by using AI to make the product more intuitive and user-friendly.
To enable this feature in your environment, please reach out to our customer support team.
Automated Risk Scenario Suggestions
Automated Risk Scenario Suggestions
SAFE introduces automated risk scenario suggestions to make it easier for you to create risk scenarios based on your group's firmographics and external threat intelligence. This AI-assisted feature recommends scenarios, highlighting recent and industry-relevant risks, and allows easy selection from applicable combinations. Tailored for beginners, it simplifies monitoring without needing deep expertise.
Automated Group Creation
Automated Group Creation
SAFE now recommends Out-of-the-Box (OOTB) groups based on your assets' attack surfaces when integrations are configured. Easily create groups like cloud assets, SaaS applications, users, OT devices, and IoT devices directly from the Integration page. This automation streamlines risk management by automatically setting up default risk scenarios and copying relevant details from the Enterprise Group.
SAFE Integration - Qualys
SAFE Integration - Qualys
SAFE now supports tag import for Qualys VA, making it easier to organize and manage your Qualys vulnerability data within SAFE.
Threat Center Updates
Threat Center Updates
We've added 358 new findings that are now mapped to CAM controls, enhancing your security oversight.
Threat Actor content has been enhanced with new MITRE Techniques mapping and updated recent activity dates, based on the latest two weeks of threat feed analysis.
Added 163 new threat events to the Threat Center for the period between October 2nd and 15th.
There are 28 new CVEs marked as Exploitable CVEs.
Risk Recommendation Content v1.0.0
We're excited to announce the first version of Risk Recommendation Content. This release includes 10 tailored risk recommendations for each industry classification to enhance your risk scenario creation process.
Related Customer Enhancement Requests Resolved
The MDM control is now correctly linked and visible under the 'Linked Controls' section for HAOS, showing its impact on Initial Attack Methods and Attack Outcomes.
SAFE One - Third-Party Risk Management (TPRM)
Cyber Risk Singularity
Cyber Risk Singularity
SAFE now includes third-party risks in the Cyber Risk Singularity view, enabling you to manage all attack surfaces, including third parties, from one place. Third-party risk scenarios are tagged as "Third-party" and displayed in the Top Risks Scatter Plot and risk scenario list for better visibility and management.
Early Access Features for Select Customers
Cyber Periodic Table View
Cyber Periodic Table View
SAFE now offers a Cyber Periodic Table View for FAIR CAM, providing a visual representation of cybersecurity controls. This new feature links related controls to show their combined effectiveness. You can filter by "Assessed" status, maturity, and automation, and easily switch views between different groups. Hovering over controls reveals full details and connections, enhancing your understanding of risk management.
Related Customer Enhancement Requests Resolved
A filter for Reliability Assessment has been added in the Control Center.
You can now filter by Control Maturity Parameters—capability, coverage, and reliability—by maturity level in the Control Center.
SAFE Integration - Axonius
SAFE Integration - Axonius
SAFE now integrates with Axonius, allowing you to import asset metadata, including tags and custom fields.
Notifications and Alerts in SAFE
Notifications and Alerts in SAFE
SAFE introduces a notification system to keep you updated on important changes, like risk scenarios, threats, and report availability. The notification bell icon located at the top allows you to see all notifications in one place, with options to sort by unread, mark as read, and clear notifications. Notifications are delivered through in-app alerts, push notifications for mobile, and email updates, ensuring you receive them in a way that suits you best. With encrypted, quick delivery and the capacity to handle high volumes, this system is both secure and efficient.
FAIR MAM Loss Drivers at Group Level
FAIR MAM Loss Drivers at Group Level
You can now manage loss drivers at the Group level instead of individually at each risk scenario, simplifying this process. Key features include default and customizable values, user-friendly views with over 200 cost drivers, specific filters for threat intent and outcomes, automatic updates from Group to Risk Scenario levels.
Related Customer Enhancement Requests Resolved
You can now update Loss drivers at the group level instead of for each Risk Scenario.
Release: v4.89
October 7, 2024
Total: 12 Updates
SAFE One
SafeX Now Available on iOS!
SafeX Now Available on iOS!
We’re excited to announce that SafeX is now available on iOS for all customers on our Enterprise and Enterprise+ plans. With SafeX, you can:
Stay Informed: Get instant access to real-time risk insights and cybersecurity updates on-the-go.
AI Assistance: Use our AI for precise risk analysis and actionable advice, directly from your iPhone.
Effortless Navigation: Easily explore dashboards and reports with a mobile-friendly interface.
Your Security, Your Way: Handle urgent security tasks or explore features at your convenience with SafeX.
SafeX transforms how you manage cybersecurity by putting control in the palm of your hand. Experience it by downloading SafeX from the App Store today and take control anytime, anywhere!
To enable SafeX for your environment, upgrade to our Enterprise or Enterprise+ plan today. For more information, or to resolve any issues with SafeX, please reach out to SAFE through our Service Desk for assistance.
SAFE Integration
SAFE Integration
Enhanced Microsoft Defender for Endpoint Integration
SAFE has improved the Microsoft Defender for Endpoint integration by adding support for asset tagging to facilitate smart group creation, and enabling parallel processing to speed up sync times.
VA Report Upload
The VA Report Upload document has been updated to include a new column, entity.internetFacing
, and the deprecation of the entity.accessibility
field.
Threat Center Updates
Threat Center Updates
288 new Findings are now mapped to FAIR CAM Controls:
Wiz Controls (202)
Microsoft Defender for Cloud Controls (4)
Tanium Comply Controls (19)
Prisma Cloud Controls (40)
Qualys Policy Compliance Controls (6)
Twingate SaaS Controls (2)
M365 Defender SaaS Controls (11)
Harness SaaS Controls (3)
Zendesk SaaSControl (1)
67 new CVEs were added in the "is Exploitable" database.
Daily TEF values were updated based on the Threat Events during the period 18th Sept to 1st Oct.
Customer Enhancements
Expanded Finding Insights Widget
Expanded Finding Insights Widget
SAFE's Finding Insights widget now allows you to sort and view insights for the entire group in one list, rather than being limited to a single scenario. This update helps you easily access and manage top findings across your organization.
Risk-Based Widget Selection
Risk-Based Widget Selection
SAFE now offers a widget that lets you view and manage risks across multiple groups rather than focusing solely on individual groups. This allows you to track and assess common risk scenarios, like data exfiltration, across your organization more efficiently.
Rationale Editing
Rationale Editing
You can now update the rationale for your assessments without altering the maturity level, providing more flexibility and clarity.
API Access to Scenario Data
API Access to Scenario Data
The
GET /api/v3/risk-scenarios/{riskScenarioId}
API now once again provides access to detailed scenario information, including the 10th and 90th percentile ALE results, ensuring comprehensive data availability for your reports.
Updated Capability Maturity Descriptions
Updated Capability Maturity Descriptions
SAFE has refined the capability maturity descriptions of the Penetration Testing (PT) control to better align with penetration testing requirements than focusing on the vulnerabilities resulting from the pentest activities.
Updated FAIR CAM Questionnaire
Updated FAIR CAM Questionnaire
SAFE now includes onscreen descriptions specific for each question in the FAIR CAM Questionnaire giving details about M0-M3 maturity levels of that question for easy reference.
Bulk Editing for Organization's Risk Assessment
Bulk Editing for Organization's Risk Assessment
SAFE now allows you to bulk edit Risk Assessment values across multiple organizations, making it faster and easier to update assessments.
Early Access Features
AI-Powered Explainability for Dashboard Widgets
AI-Powered Explainability for Dashboard Widgets
SAFE introduces AI-driven explanations for dashboard widgets including a Scatter Plot and FAIR Tree for all customers on our Enterprise and Enterprise+ plans. With this feature, hovering over widgets will give you the option to "ask" for more information, allowing for clearer understanding and seamless interaction. This enhancement simplifies tasks like integration and assessment by using AI to make the product more intuitive and user-friendly.
To enable this feature in your environment, please reach out to our customer support team.
Control Insights Widget
Control Insights Widget
SAFE introduces the Control Insights Widget, providing a summary of control assessments, including the number assessed, automation status, and maturity distribution. Easily filter controls by maturity levels—M1, M2, and more. Clickable and customizable, this widget gives you a clear view of your control landscape.
To enable this feature in your environment, please reach out to our customer support team.