Release Notes - Mar 2023

New Features and Enhancements   (SAFE Version 3.0.48) 

Release Date:  March 2023

1.  Integration with Tanium

SAFE now seamlessly integrates with Tanium, a top-tier endpoint security management platform, to get the assets and their security misconfigurations into SAFE.  

SAFE administrators can configure this integration using the Tanium card available on the SAFE Hooks page.

Refer to the Tanium Integration Guide.

2.  Enhancements to Qualys SCA Integration

Qualys CA integration has been improved to include more asset types and better asset matching capabilities that automatically add assets to default groups based on the Operating System (OS) information from Qualys. The list of supported asset types is as follows:

1. RHEL 7.x
2. RHEL 8.X
3. CentOS 7.x
4. CentOS 8.x
5. Ubuntu 22.x
6. Ubuntu 20.x
7. Suse Linux 12.x
8. Suse Linux 15.x
9. Windows 8.1
10. Windows 10
11. Windows 11
12. Windows Server 2012 R2
13. Windows Server 2016
14. Windows Server 2019
15. Windows Server 2022

Refer to Qualys SCA Integration Guide.

3.  Enhancements to Qualys VMDR Integration

Qualys VMDR integration has been improved with better asset matching capability that enables SAFE to automatically add assets that are discovered through Qualys VMDR to their corresponding default group based on their Operating System, streamlining the asset management process for users.

4.  New Risk Scenarios based on Threat Groups

We have added 5 Risk scenarios based on the Threat Groups in SAFE. Risk scenarios based on the Threat Groups involve identifying potential risks that a specific threat group may pose to an organization’s assets or infrastructure. This includes analyzing the group’s past behavior, tactics, techniques, procedures (TTPs), and other characteristics to determine an attack’s potential breach likelihood. By understanding the unique risk posed by a particular threat group, an organization can better prioritize and allocate their security resources to defend against potential targeted attacks.

5. Industry selection made easy in SAFE 

 We have made changes to the industry selection process in SAFE to improve clarity and remove any confusion. Custom industry support has been removed, and we have updated our industry drop-down to include all possible options based on the North American Industry Classification System (NAICS).

To assist you in selecting the appropriate industry for your organization, we recommend referring to the industry description sheet available here.

If you are still unable to find the appropriate industry for your organization, you may select "Other" from the industry drop-down. However, please note that you will not be able to provide a custom name for the industry. We hope that these changes will make the industry selection process more straightforward and efficient for all users.

6. Enhancement in SAFE Scoring 

We have made some adjustments and refinements to the SAFE Scoring model. As a result, you may notice changes in your organization's SAFE Scores and Breach Likelihood with this release. Here are the key points to be aware of:

• Based on current cyber risk trends and threat landscape, we have recalibrated the weights of techniques and prior probability in the model.
• The Third-party or Outside-in SAFE Score is now calculated using MITRE ATT&CK.
• We now support version 12 of the MITRE ATT&CK matrix. 
• SAFE now maps over 140K vulnerabilities to MITRE ATT&CK, due to which SAFE scores will now account for those vulnerabilities.
• We have added coverage controls for Cyber Security Products that can affect the SAFE Scoring.
• To improve breach likelihood accuracy, only assessed signals will contribute to risk reduction. Not assessed signals will only be considered for confidence estimation.
• KnowBe4, Breach Exposure, and Proofpoint insights severity have been recalibrated.

7. Deprecation Notice

The assetId and assetTypeId filters for the GET /controls API have been deprecated and are no longer supported.