Release Notes - July 2023

New Features and Enhancements   (SAFE Version 3.2.56) 

Release Date:  12th July 2023

 1. Simplified users management via Azure AD User Provisioning

This release brings the integration of SAFE with Azure AD user provisioning to streamline user management under the People, ensuring up-to-date user information within SAFE.

The key highlights of this integration include the following:

• Seamless User Sync (Add/Remove User): With Azure AD User Provisioning, syncing users between SAFE and Azure AD becomes effortless. As individuals join or leave the organization, their user information is automatically updated in SAFE, eliminating manual data entry and reducing administrative overhead.
• Attribute Synchronization:  Keep user attributes such as Department, Location, Designation, Email, and custom-created tags consistent and synchronized across SAFE and Azure AD. This ensures accurate user information throughout your organization's systems.
• ConfigurationMadeEasy: Configuring Azure AD User Provisioning is a breeze. Simply navigate to the SAFE Hooks page, generate a secret token on the configuration page, and utilize this token to set up Azure AD User Provisioning in the Azure portal.

Refer to the Azure AD User Provisioning integration guide for more details.

2. Two New Dashlets on Dashboard - Technology Distribution and User Distribution

Technology Distribution

We have added a new Technology Distribution dashboard on the SAFE main dashboard and technology page. This dashlet displays the common attack surface groups on the X-axis and the number of attack surfaces on the Y-axis.

User Distribution

Also, we have added the user distribution dashlet on the People page. This dashlet displays the departments on the X-axis and the number of users falling in each department on the Y-axis.

3. Enhancement in SAFE Scoring

We have made a few changes in the SAFE Scoring, and you may observe minor changes in your organization's SAFE Scores and Breach Likelihood. 

Here are the key highlights:

• We have recently implemented a MITRE ATT&CK-driven methodology to update the scoring for Outside-in and Third-party assessments. As part of this update, we have also adjusted the severity of outside-in controls based on the latest risk trends. Consequently, there will be changes to the Outside-in SAFE score and Third-party score. However, we anticipate that these changes will not significantly impact the overall SAFE score.
• Enhancements in technique mapping:
  • Stay ahead with our improved CVE Mapping Methodology, now including NVD CVEs, until June 16, 2023.
  • Comprehensive Cyber Security Products (CSPs) technique mappings, accounting for secondary impacts mitigated by CSPs.