Release Notes- 2024 November

• SAFE now includes a new widget that aggregates your riskiest groups across your organisation based on likelihood and loss magnitude and displays the Top Risky Groups in a Scatter Plot. This new widget helps you quickly identify and visualize the groups that pose the highest risks, enhancing your ability to focus on critical areas and improve your risk management strategy.

• SAFE introduces a new quick filter for the Risk Scenario list, allowing you to easily group and sort scenarios according to your preferences. This makes it simpler to find and focus on what's important to your security management.

• We're excited to announce that you can now ask SAFE to add a questionnaire to your instance. SAFE will handle the control mapping to FAIR CAM for these questionnaires, integrating them seamlessly into your platform. If you have any requests, please reach out to our customer support team today!

• SAFE's Threat Centre is now updated with security breach incidents from the last two years, helping you identify potential risks for all onboarded third-party organizations through Recent and Historical Breach Incident alerts.

• New Findings Mapped: 98 previously unmapped findings have now been linked to FAIR CAM Controls for improved breach likelihood calculations.

• Exploitable CVEs: 42 new CVEs are marked as exploitable, enhancing the findings prioritization framework.

• Fresh Threat Events: 186 new threat events were released between 30th Oct and 12th which impacts the benchmark Threat Event Frequency values for related Initial Attack Method, Threat Actor, Industry and Geography combination.

• SAFE now features an AI Agent that makes adding third parties quick and easy! The AI Agent helps you enter important details, automatically triggers necessary assessments, and provides support for any questions you might have. This streamlined process ensures that onboarding is efficient and hassle-free. Available for all customers on our Enterprise and Enterprise+ plans. To enable this feature in your environment, please reach out to our customer support team.

• SAFE now integrates with PingOne, allowing you to include application access control findings for application related risk posture. This integration enables you to onboard SAML applications as assets in SAFE and gathers security misconfigurations including SSO and MFA settings. This integration is currently available for select customers only. To enable this integration in your environment, please reach out to our customer support team.

We’re committed to improving your experience with SAFE, and we’re excited to share that several customer feedback items have been addressed in this release. Here’s a summary of the fixes and enhancements:

1. Groups Management

• Group Context in Fair MAM page: You can now easily see which group or risk scenario your FAIR MAM results relate to.

2. UI Improvements

• Export Applicable Controls: You can now export the list of applicable controls for individual scenarios, complete with their maturity and functions.
  

3. Third-Party Management Enhancements

• Third Party Findings Count: The findings count for third parties is now sorted on findings score and only displays positive and negative findings.

• Improved Third Party Asset List: The IP address column in the Third Party Assets page has been enhanced to reflect the IP address of infrastructure assets.

• Third Party Findings Default View: The default view of the Third-Party Findings page has been enhanced to display open asset observations.

  That's all for now! We value your feedback, as it helps us enhance the product continuously. If you have any additional suggestions or questions, feel free to reach out!

• SAFE now features a Threat Actor Risks tab in the Risk Scenario list, enabling you to monitor specific threat actors. By default, monitoring is turned off, so you can choose to subscribe as needed. Just use the option on each Threat Actor card to start or stop monitoring. When you subscribe, out-of-the-box risk scenarios for those threat actors will be automatically generated.

• You can now archive all system-generated risks easily using the archive option, which will be displayed in the Archived Risks tab. For custom risks, simply use the delete option in the manage menu to remove them as needed.

• SAFE now integrates with GitHub Advanced Security, allowing users to import source code repositories as assets and access SAST, SCA, and secrets scanning findings. This helps you manage vulnerabilities in source code tied to applications modeled as groups for risk scenarios in SAFE.

• SAFE now provides a summary of integration insights directly on the integration page. You can see the number of integrations configured, findings and assets imported, and the distribution of finding types, like vulnerabilities and misconfigurations.

• You can now add columns for Likelihood, Loss Magnitude, and Annualized Loss (ALE) right in the Group List. This lets you sort the groups how you want, making it easier to see and manage your group risks and take action when needed.

• Related Customer Feedbacks Resolved:

  • You can now create smart groups based on user in the Attack Surface. This allows you to effectively model user risk using smart groups, enhancing your ability to manage security.

    

• 286 Findings have been mapped to CAM controls for better reliability maturity.

• 55 new CVEs marked as exploitable to enhance Finding prioritization.

• Updated MITRE Techniques mapping for specific Threat Actors based on latest threat events.

• Improved Web Application Firewall (WAF) capability description to include its audit/block mode state.

• Introducing the ServiceNow connector for SAFE TPRM! Seamlessly sync third-party data and risk details for streamlined risk management.
  Key Features:

  • Automatic Onboarding: Effortlessly bring new third parties from ServiceNow TPRM into SAFE.

  • Metadata Sync: Keep important metadata like industry and revenue updated between both platforms.

  • Risk Data Export: Send SAFE's risk assessment details, such as event likelihood and loss magnitude, back to ServiceNow.

  • Custom Field Mapping: Set up custom mappings in SAFE for your specific needs.

  • Secure API Credentials: Safely enter and store your SAFE API credentials within ServiceNow.

  • Full Company Sync: Sync all companies from ServiceNow to SAFE.

  • Scheduled Syncs: Set up automatic syncs for accurate data management.

  • Access Sync Logs: View logs to check the status of your syncs.

This feature enhances your ability to manage risks and ensures your data remains consistent across platform.

• SAFE now integrates with Rapid7 InsightVM Cloud, enabling the generation of signals and insights based on vulnerability assessment (VA) findings. This integration enhances your ability to analyze and manage security risks from both cloud and on-premise setups. This integration is currently available for select customers. To enable this integration in your environment, please reach out to our customer support team.