Release Notes - 2024 September
  • 7 Minutes to read
  • PDF

Release Notes - 2024 September

  • PDF

Article summary

What’s New in Safe?


Release: v4.87
Release: v4.88


Release: v4.88


September 20, 2024
Total: 9 Updates


SAFE One

  1. Enhanced User Experience with new SAFE UI

  • SAFE's user interface has been updated with enhanced visuals for a more user-friendly experience. These improvements are available in both the dark and light themes, offering a refreshed and accessible look. Enjoy the new enhancements across both themes.

  • Related customer feedbacks addressed:

    • Resolved text display issues off-screen.

    • Enhanced asset filtering to allow multiple attributes.

    • Improved transparency regarding the impacts of user actions in the UI.

    • Included Group and Risk Scenario under MAM heading.

    • Addressed filter loss on drill down.

    • Improved the Finding view layout.

    • Enhanced FAIR-MAM explainability and input.

    • Introduced custom group tags.

  1. What-If Analysis for Findings at Aggregated Risk

  • You can now perform What-If analysis on Findings at both the Group and Risk Scenario (RS) levels for Aggregated Risk, similar to the What-If analysis performed at the control level, to gain a better understanding of potential impacts and outcomes.

    Key Features:

    • Simulate Scenarios: Select controls or findings at the RS level to see how changes affect the risk scenario.

    • Group-Level Analysis: Use the "Aggregated Risk" setting in the advanced settings tab to enable or disable group-level simulations allowing for broader or more focused analysis depending on the need..

    • Single View Simulation: Choose either Findings or Controls to perform simulations from one view at a time.

  • Related customer feedbacks addressed:

    • Introduced Internet Facing filter for Findings.

    • Streamlined "What If" analysis for Findings.

    • Introduced sorting by "Last Update" date for controls.

    • Added risk and likelihood indicators at the group level.

    • Fixed auto-generated risk scenario descriptions.

    • Added option to export Actionable Insights/Findings for a Risk Scenario (RS).

    • Added filters in control assessment summary graphs for easy access to unassessed items.

    • Launched What-if Analysis dashboard.

    • Made MITRE ATT&CK editable in scenarios.

  1. Peer Insights

  • Compare your organization's performance effortlessly with similar industry peers using Peer Insights now available in SAFE.


    Key Features:
    Industry-specific comparison, Comprehensive metrics analysis (risk levels, control effectiveness, and compliance rates), Dynamic data visualization, Customizable benchmarking options, Actionable insights and recommendations.

  1. Introducing new Widgets

  • Aggregated Risk Trend: View risk trends over various timeframes (1 day to 1 year) for different groups.

  • Finding Insights Widget: Easily access a summary of Findings with clickable cards directing to detailed filtered pages.

  • Risk Metrics: See min, max and most likely values of for Aggregate Loss Exposure (ALE) and Loss Magnitude.

  • Risk Comparison Within a Group: This widget lets you select a group and up to 6 risk scenarios. After setting it up, you can use a bar chart to compare the Likelihood, Loss Magnitude (LM), and Aggregate Loss Exposure (ALE) of these scenarios for the selected group.

  • Risk Comparison: This existing widget, previously only available on the Groups page, can now be added to your dashboard as a separate widget, providing more flexibility in how you view and manage risk comparisons.

  • Related customer feedbacks addressed:

    • Updated risk trend timeframe options.

    • Added trend graphs for dashboard

  1. SAFE Integrations

  • SAFE now integrates with Armis to get the vulnerabilities detected on the OT devices.

  1. Introducing new Questionnaires

  • Introducing new Questionnaires:

    • SIG Core 2024

    • Zurich Extensive 2024

    • Zurich Standard 2024

    • Zurich Lean 2024

    • Zurich Micro 2024

    • FAIR CAM Questionnaire

    • Generic Healthcare Application Risk Assessment

  • Related customer feedbacks addressed:

    • Enabled download of the Financial Impact Questionnaire (FIQ).

    • Added rationale or comment field in FIQ.

    • Enhanced error messaging in FIQ for clarity.

    • Enhanced FIQ with a rationale or comment field for better documentation.

  1. Control Management Enhancements

  1. Control Assessment Sources
    You can now check where your control ratings for Capability, Coverage, and Reliability come from—whether it's a specific Questionnaire, a manual update, or an automated process. You will be able to view the tags associated with these controls.

  2. The Cyber Insurance control has been removed, and Software Bill of Materials is now renamed to Software Composition Analysis for clarity.

  3. Related customer feedbacks addressed:

    • Updated rationale without changing maturity.  

    • Added risk and likelihood indicators at the group level.  

    • Improved UI Navigation for editing a group.

  1. Improved Threat Event Frequency (TEF) and Susceptibility (SUS) view in Risk Scenario

  • The TEF and SUS view is now simpler and clearer, with easy-to-understand labels and explanations, helping you grasp risk insights more effectively.

  • Related customer feedbacks addressed:

    • Added ability to hide TEF/Sus when working at LEF.

    • Allowed for direct modification of LEF.

    • Displays LEF on Risk Scenario list.

Miscellaneous

  1. Customer Enhancements

Release: v4.87


September 7th, 2024
Total: 13 Updates


SAFE One

  1. Introducing Known Hacks in Risk scenarios

  1. SAFE creates Known Hacks based on your environment's vulnerabilities, helping you stay ahead of potential threats. You can find these scenarios in the new Known Hacks tab within the Risk Scenario List. Each Known Hack gives you detailed info, like what it is and when it was first noticed.

  1. Support for Threat Actor based Risk Scenarios

  1. You can now identify risks to your organization from specific threat actors or groups. You can also compare your organization's security with active threat groups and get helpful tips on preventing these threats. You can find these threat actors in the new Threat Actor tab within the Risk Scenario List.
    You can find more information about each threat actor, like Geography, Industry, Attack Surface and when it was first noticed. You can view the list of all threat actors under Threat Center > Threat Actor.

  1. Duplicate Risk Scenarios across multiple Groups

  1. You can now easily duplicate Risk Scenarios (RS) across multiple groups. This allows you to apply the same settings to different groups without having to recreate them.

  1. Customizable Auto Deletion time period for Assets and Users

  1. SAFE now lets you set different auto-deletion times for various asset types. You can specify how long assets stay in the system based on the attack surface, like keeping cloud assets for just 2 days and people assets for 100 days. Customize these settings in the advanced section to manage your attack surface more effectively and keep your risk posture updated.

  1. New Widgets for Prioritizing Findings

  1. We've added a new interactive widgets for prioritizing Findings. You can choose between pie or bar charts and customize these at the Group, Risk Scenario, or Control level. The widgets cover key data points like Age of Findings, Exploitability, Finding Score, Source, Type, Failed Asset Count, and CAM Controls. This new widget helps you better visualize and prioritize your Findings.

  1. Updates on SAFE Integration

  1. All existing GCP SSC integration with SAFE has been updated to use Google's recommended new APIs.

  2. Tanium Integration now includes the ability to pull fully qualified domain names alongside tag imports.

  1. Ability to search and filter Questionnaires

  1. You can use filters to narrow down the questionnaires in the library. Additionally, the search feature lets you quickly find any specific questionnaire for easy navigation.

SAFE One - Third-Party Risk Management (TPRM)

  1. Automated Discovery and Management of Fourth Parties

  1. SAFE now inherently supports automated discovery of 50+ fourth parties for each third party. Additionally, you can also manually add and assess fourth parties connected to your third-party vendors. Just click Add Fourth Party, choose the organization, go to the Fourth Party tab, and link it. Then, click Evaluate Risk to manage the risks. It helps you see any security issues and automatically find SaaS vendors, making it easier to handle risk management with your subcontractors.

  1. Improved Evidence Section for Third-Party Management

  1. You can now upload and organize important documents related to third-party assessments and compliance in the Evidences tab. While uploading, tag documents to specific controls listed in the dropdown, and view them on the Controls Page. Admins and document owners can manage, download, and edit documents, while uploads support PDF, CSV, and image formats. You can also search and filter evidence by controls.

  1. Improved out-of-the-box Dashboard for Third-party with additional Widgets

  1. This new dashboard is specifically designed to provide a clear view of third-party risks with useful widgets and insights. You can find and add this dashboard from the Dashboard section of SAFE.

  1. Option to download Outside-in Report

  1. You can now easily export Outside-in Findings and Outside-in Risk reports for better collaboration and detailed analysis. To download a report, select any organization, go to the Outside-in tab, and choose the report from the dot menu.

  1. Introduced new Questionnaires for Third-party

  1. SIG Core 2022

  2. SIG Lite 2024

  3. Generic Third Party Risk Assessment: Any organization can use this Questionnaire for Third party risk assessment.

  1. Smart Risk Tiering and Risk Management Setting

  1. We've added a Third Party Settings page where you can customize smart tiering and set risk tolerance for your organization. Adjust tiers based on criteria like business resources (Network, Data, and others) and risk levels, and rename or modify them as needed.

  2. These settings are also shown in the filter columns:
    a. Inherent Risk: Shows how critical (Tier 1, Tier 2, or Tier 3) the third party is to the enterprise, based on the business resources involved with them.
    b. Residual Risk: Categorized by parameters of Likelihood or Loss Magnitude as defined in the Risk Threshold. If both Likelihood and Loss are above the threshold, the risk is High. If either is above the threshold, it’s Medium, and if both are below the threshold, it’s Low.


Was this article helpful?