Release Notes - April 2025

Release Notes

Release v4.1.103

April 21, 2025

1. New Integrations - Rubrik and PAN Cortex XDR

  • Rubrik Enterprise Data Protection: It pulls in the backup configuration for each asset into SAFE, which helps with dynamically assessing data backup control.

  • PAN Cortex XDR: SAFE now pulls EDR findings from Cortex XDR, contributing to Likelihood calculations.
    103 Integrations.png

2. Smart Tiering of Third Parties

SAFE now allows you to define up to five custom tiers using business-specific criteria like revenue, industry, and geography. This enables precise vendor segmentation and risk-aligned assessments. You can configure tiers via Settings > Third-party.Smart Tiering.png

3. Risk Acceptance for Findings (Early Access)

Users can now mark specific findings as "Accepted" with a rationale to remove noise from findings that do not pose a security risk in their environment. This brings greater control, customizability, and auditability to risk scoring. mark as accepted.png

4. Threat Intel Updates

  1. 522 security incidents added in the library for third-party breach notifications

  2. 17 new CVEs are marked as Exploitable

  3. 122 new Threat Events added to the Threat Center.

5. Miscellaneous Enhancements

  • When a group or risk scenario is duplicated, the FAIR MAM loss drivers will be copied over with any overrides.

Release v4.1.102

April 7, 2025

1. Aggregate Control Maturity

SAFE now displays the Overall Control Maturity in percentage for Groups. This represents the overall control maturity of all the CAM controls for the particular group. ACM1.png

We have also added the Aggregate Control Maturity column to the Group List for better visibility.

ACM2.png

2. What If Analysis for VMC/DSC Controls

What If Analysis now supports Variance Management Controls (VMCs) and Decision Support Controls (DSCs), controls besides LEC controls enhancing CBA (Cost-Benefit Analysis) for investment decisions. Users can now run a What If analysis on these controls to see their final risk impact. If a linked LEC is simulated, VMC/DSCs are ignored; otherwise, their impact is considered. VMCs focus on control reliability, while DSCs enhance decision-making. Controls.png

3. Cyber Metric Dashboard

We are adding the Cyber Metrics Dashboard, an out-of-the-box dashboard that provides a centralized view of overall risk metrics, attack surface details, and findings. It aggregates key insights such as overall aggregated risk summary, asset distribution, and findings breakdown using enterprise group data.

Cyber Metric Dashbaord.png

4. Threat Intel Updates

  • 212 security incidents added in the library for third-party breach notifications

  • 37 new CVEs are marked as Exploitable

  • 161 new Threat Events added to the Threat Center.

5. Miscellaneous Enhancements

  • Manage Questionnaire Button: Users can now add questionnaires to a group directly from the Manage Questionnaire button under Groups. manage Questions.png

  • Restore  Loss Drivers values with the Remove Override button: We have added a one-click option to reset all loss drivers to their original value for a risk scenario, saving time, and simplifying scenario setup for customers. Remove Overrides 1.png

  • Group By in Questionnaire Findings: The Questionnaire Findings page now supports a Group By feature for better organization and analysis.

  • Clickable Mapped Findings in Conflict Resolution: The Mapped Findings column is now clickable, allowing users to view related findings easily.

  • Import Assessment: User can now selectively import specific controls maturity levels from another Group, instead of all the control at once, as available earlier.