Release Notes - 2025 January

Outside-In card has been added under Integration that can now be configured. Having this Integration adds flexibility to enable or disable Outside-In assessment for Enterprise groups.

Outside-in assessment details have been added as a new tab under Enterprise Group.

SAFE now supports CAIQ v4.0.3 for the Third Party module.

This feature is available as Early Access to select customers. SAFE now enables customers to define the Attack Surface Types for Smart and Static Groups, facilitating better risk assessments by manual selection of additional attack surface categories.

We've made the onboarding process for third-party organizations faster and easier. Now you can quickly search for any organization and populate important details like industry and revenue right away.

We're excited to introduce a new feature that allows you to set default questionnaires for third-party organizations. This enhancement lets you:

• Custom Selection: Choose specific questionnaires that third-party organizations should fill out, reducing the clutter of irrelevant options.

Third-Party now supports Multiple Countries of Service Delivery.

This Release we have added below threat Intel

• 148 new Threat Events were added to the Threat Center between Jan 8th to Jan 21st.

• 19 new CVEs are now marked as exploitable.

• 86 new security incidents have been added to SAFE for Breach Notification.

• 97 new findings from sources like Wiz, GCP Security Command Center and other integrations have been mapped to CAM controls.

• MITRE ATT&CK framework updated to v16.1 in SAFE.  

The “Highest and lowest Maturity Control” widget has been added to effectively use Dashboard for reporting.

1. Finding Score’s new layout for ease of readability

   We have redesigned Finding Score’s layout to enhance readability.

   

2. Assessment Review optional for Questionnaires

   SAFE provides administrators the ability to disable the manual review step for questionnaire assessments. When this feature is enabled, the review process is skipped, and control assessments from questionnaires proceed directly, streamlining the overall workflow.

   

3. Increase upload limit of Questionnaire

   Questionnaire upload size has been increased to 50 MB.

We’ve made key updates to our dashboard and templates to improve your experience:

• Consistent Naming and Tags: All widgets now have a uniform naming system and proper tags for better organization.

• Updated Dashboards: Key dashboards like the CISO Dashboard, CFO Dashboard, Top Risks Dashboard, and Board Report Dashboard have been refreshed with the latest widgets.

• Improved Visuals: We've made the "See What Changed" feature look better by using a tree diagram. Now, you can easily compare past and current information to see changes at a glance.

• Additional Details: You can click to explore all sections for deeper insights.

• SAFE Tanium integration has been improved to pull in vulnerability data for endpoints directly from the Comply module. This enhancement helps you easily access and manage vulnerability information, improving your security monitoring and response efforts.

• The SOC2 reports can now better handle both custom and standard control IDs. This means more CAM controls related to SOC2 reports will be evaluated, giving you a clearer picture of your assessments.

• We have extended the existing functionality that allows you to turn off Dynamic Threat Event Frequency updates for your risk scenarios. You can now also manage these updates for Initial Attack Method (IAM)-None and IAM-Any scenarios in addition to other risk scenarios. This enhancement makes it easier to tailor your TEF settings according to your specific risk management needs.

• 106 new Threat Events were added to the Threat Center between Dec 25th to Jan 7th.

• 27 new CVEs are now marked as exploitable.

• 657 new security incidents have been added to SAFE for Breach Notification.

• 79 new findings from sources like Wiz, Prisma Cloud, Microsoft Defender for Cloud and Qualys Policy Compliance have been mapped to CAM controls.

• 13 new Threat Actors are added to the Threat Center, bringing the total to 120.

We're dedicated to enhancing your experience, and we've made some important updates based on your feedbacks:

1. Control Mapping Review Setting

   We have introduced a new setting to allow your users to skip the CAM control mapping review steps when answering a questionnaire.

   

2. Country of Service Delivery

   You can now select multiple countries when specifying the country of service delivery.

   

3. Enhancement of “Top Controls” Widget for Groups

   The “Top Controls” widget has been improved to provide better information for groups.

   

4. Residual Risk for Risk Scenarios

   We’ve added a feature to show residual risk for Risk Scenario based on the configured risk threshold of the group.