Release Notes - Nov 2022
  • 6 Minutes to read
  • PDF

Release Notes - Nov 2022

  • PDF

New Features and Enhancements   (SAFE Version 3.0.39) 

Release Date: 16th Nov 2022


1. Simplified Policy, CSP, and Compliance assessment


1.1. A whole new Policy Module

Today SAFE has approximately 42 cybersecurity policies accessed via more than 4200 controls, which makes the Policy and Compliance assessment a lengthy and hard-to-action process and disconnected from the actual risk posture.

To solve this problem, SAFE is bringing a whole new policy module in SAFE, which is short and yet more effective than the earlier one. The new policy module in SAFE has transitioned the 4200+ Compliance-Driven policy controls to 30+ Threat Driven controls.

Below are the highlights of the new policy module in SAFE:

  • The 30+ Threat Driven policy controls are based on MITRE ATT&CK Mitigation Controls and post-attack mitigations.
  • Each control has Tactics and Techniques mapped to them, which will also be visible on the SAFE UI to improve their risk visibility.
  • Users can assess the policy controls directly from the Policy page in SAFE.

Policy

Note
All the 30+ policy controls are now applicable to your organization. The option to select the applicable policies for the organization has been removed from Policy Management under Administration > Governance management.


1.2. Simplified Cyber Security Products module

Cyber Security Products (CSP) now has a simpler assessment module, which takes input about the implementation and coverage status of the implemented Cyber Security Products. There are now 40+ Cybersecurity Products available in SAFE.

Important
With this new approach to the CSP module, by default, the system treats the CSP implementation status as Failed, and it impacts the SAFE Score. It is strongly recommended to assess the newly added Cyber Security Products by enabling the implementation status toggle and assigning a coverage status in percentage for business-critical assets.

CSP(1)

If a CSP is not applicable, a user can mark the CSP as not applicable from the Administration > Governance Management > Cybersecurity Products Management section.

Manage CSP

Information
  • If a CSP is disabled from Administration, it will not contribute to the SAFE Score of the organization.
  • If a CSP’s Implementation Status is disabled on the CSP page, it treats the implementation status as Failed and impacts the SAFE Score.

1.3. Automated compliance controls

The Compliance Module in SAFE has now been revamped and now includes only automated controls via asset-level configuration assessment. Here are the highlights of the new compliance module:

SAFE provides automated visibility into the following 6 Global Compliances:

  • NIST CSF v1.1
  • NIST 800-53 r5
  • NIST SP 800-171 r2
  • PCI DSS v4
  • ISO 27002:2022
  • HIPAA

Compliance Controls

  • Users can select the applicable compliances to the organization from Compliance management under Administration > Governance management. No compliance is mandatory in SAFE, i.e., now users can mark ISO 27001:2013 and NIST SP 800-53 as Not applicable.

manage Compliance Controls

  • Compliance and Policy have now been decoupled in SAFE, i.e., marking compliance as Not Applicable does not remove the Policy control.

2. All new SAFE Hooks page


We have revamped the SAFE Hooks page to a whole new experience that provides an easy way to find and configure the automated signals in SAFE. This page contains various labels at the top, and clicking them filters the integration list and allows you to search and configure quickly.

SAFE Hooks

SAFE integrates with various tools and applications to collect the input signals that do not need any configuration via SAFE Hook pages. These integrations are either available via APIs or can be established by following simple steps in SAFE.

Some of these integrations are pre-configured in SAFE OOTB, and some may need manual configuration outside of SAFE UI.

Additionally, we added a link to integration guides at the top of the SAFE Hooks page.

3. New Integrations

3.1. Qualys SCA integration in SAFE

In addition to the SAFE integration with Qualys VMDR with SAFE to import the Vulnerability Assessment results, Now SAFE also integrates with Qualys Policy Compliance (PC)and Security Configuration Assessment (SCA) to fetch the configuration assessment results based on CIS benchmarks into SAFE.

You can configure Qualys SCA in SAFE via SAFE Hooks and SAFE REST APIs.

Qualys SCA

Note

Qualys SCA integration is currently independent of the Qualys VADR integration present in the product. The configuration assessment for the following asset types is supported for this integration:

  • Windows Server 2012 R2
  • Window Server 2016
  • Windows Server 2019
  • RHEL 7.x
  • RHEL 8.x

3.2. Simplified Salesforce integration

Currently, Salesforce assets can be onboarded to SAFE via the asset management page. To provide a better user experience and ease, we have simplified this integration by adding a Salesforce card under the SAFE Hooks. Now, SAFE Admins can go to the SAFE Hooks and configure Salesforce using the connector details.

3.3. Simplified Snowflake integration

Currently, Snowflake assets can be onboarded to SAFE via the asset management page. To provide a better user experience and ease, we have simplified this integration by adding a Snowflake card under the SAFE Hooks. Now, SAFE Admins can go to the SAFE Hooks and configure Snowflake using the connector details.

3.4. Enhanced integration with Tenable.io

We have enhanced the SAFE - Tenable.io integration. Now SAFE connects with Tenable.io via read-only APIs and allows users to discover and import assets and their respective vulnerability assessment results. Users can sync the assessment results of assets at a pre-configured time interval, as well as the on-demand pull of assessment results for assets.
Note: This improved version is being gradually rolled out starting this release.

Tenable(1)

4. Vulnerability Assessment for Cloud Assets


SAFE can now import the Vulnerability Assessment results from the cloud technology verticals, AWS, Azure, and GCP, and consider the VA signals to calculate the SAFE Score. You can perform the assessments by:

  • Uploading a VA report (via CSV) manually
  • Posting the assessment result using the assets’ assessment API

Additionally, depending on the asset matching criteria, you can fetch Vulnerability Assessment results from Qualys and Tenable into cloud assets. You can see these findings on the asset details page and the in the assets' PDF report.

5. Assessment of 12 new cloud Azure asset types


We have added the assessment support for the 12 new cloud Azure asset types in SAFE.

  • Azure - Automation Accounts Variables
  • Azure - Workflows
  • Azure - Kubernetes Connected Clusters
  • Azure - Stream Analytics Jobs
  • Azure - Batch Accounts
  • Azure - IoT Hubs
  • Azure - Search Services
  • Azure - Service Bus Namespaces
  • Azure - Service Fabric Clusters
  • Azure - Virtual Network Subnets
  • Azure - Virtual Machines Extensions
  • Azure - Virtual Machine Image Templates

For all the existing Azure asset types, controls have been synced with Azure Security Benchmark v3.

6. Enhancements in SAFE Scoring Model


Our scoring model has evolved to address the changing cybersecurity landscape. This upgrade will result in changes to your SAFE score:

  • Overall score - The overall SAFE Score of your organization will change due to adjustments in our model regarding geographic and company profile-based information. The overall score will also be adjusted due to the simplified Policy and CSP modules in SAFE.
  • Technology - The Technology SAFE score may slightly change due to the removal of CSP and Policy related controls. If you have Azure integration, you may see changes in this vertical due to the introduction of additional controls.
  • CSP and Policy -  SAFE Score will change significantly due to the simplified CSP and Policy modules and additional CSP products.
  • People - Some changes may be observed due to the recalibration of our scoring model around breach exposure/phishing.

Miscellaneous


  • We have added assessment support for Windows 11.
  • The Limited User role is being deprecated.
  • Policy and Cyber Security Products SAFE Score are removed as these are security signals which directly contribute to risk estimation per cyber risk scenario.
  • The maximum number of custom fields allowed in SAFE is 100 by default. Please get in touch with the SAFE support team in case you want to increase the limit.

Was this article helpful?