SlideShare ist ein Scribd-Unternehmen logo

An Intro to Resolver's InfoSec Application (RiskVision)

Resolver Inc.
Resolver Inc.

In 2017, Resolver acquired RiskVision—a recognized leader in integrated risk management software for security operations. In this presentation you will learn how to prioritize efforts around risk mitigation and response to cyber threats. You’ll also learn where we’re heading on the product roadmap and how it will drive your IT efficiency even further and make it easier to share real-time information with your C-suite, board, and other stakeholders.

Software
1 von 30
Downloaden Sie, um offline zu lesen
An Intro to Resolver’s InfoSec Application (RiskVision)
Hello! I am Steve Finegan Product Manager at Resolver @Steve_Finegan steve.finegan@resolver.com Your Photo Here!
And, I am Kevin Barcellos Manager, Solution Engineering kevin.barcellos@resolver.com
RESOLVER APPLICATIONS
IT Integrated Risk Management Risk & Regulation Audit Improve Policy & Control Response Incident Report Investigate Analyze ImproveMonitor INTEGRATED RISK MANAGEMENT PLANNING PREPERATION RESPONSE RECOVERYEVENT RiskVision RiskVision RiskVision
INFOSEC APPLICATION
VISIBILITY INTO CRITICAL ASSETS Need to capture IT assets, including servers, applications, and data and set criticality. Key challenges include volume and velocity of data and orchestrating SME input. MULTI-GEOGRAPHICAL AND REGULATORY COMPLIANCE Different legal jurisdictions have different regulatory mandates they need to comply with, and even within a jurisdiction there are multiple applicable requirements. Also, new extensive regulations like GDPR are taking effect. NEED TO IMPROVE OPERATIONAL EFFICIENCIES As a result of increasing volume and velocity of data, security and compliance groups need to improve efficiency. Redesigning processes is a challenge when the team is at capacity dealing with current workload. Pains
ASSET IDENTIFICATION AND CLASSIFICATION AT SCALE Ability to import large volumes of assets from existing tools and to automatically send classification surveys to SMEs results in more risk- relevant data. COMPLIANCE BY GEOGRAPHY AND REGULATION Assignment of servers, applications, and data to organizational units for BU/geographic reporting. Ability to reuse control results for multiple regulations to streamline multi-regulatory compliance requirements. REALIZATION OF OPERATING EFFICIENCIES Efficiencies gained by automation and orchestration, combined with workflow process data, allows organizations to analyze and streamline processes. Gains
RISK AND COMPLIANCE PROFESSIONALS INFORMATION SECURITY PROFESSIONALS CORPORATE SECURITY PROFESSIONALS How RiskVision helps • Gain visibility to IT risk and compliance for important standards and regulations such as ISO, PCI, NIST, and HIPAA. • Orchestrate the remediation of findings and mitigations. • Track top risks. • Model information systems and components, together with data. • Provides visibility into most critical assets. • Ensure that mitigations affecting the most important information assets are prioritized accordingly. • Understand the importance of data stored within physical environments. • Measure the effects of physical controls on information security. • Track the remediation of physical controls issues.
Threat & Vulnerability Management IT Risk & Compliance Third Party Risk Management Primary Use Cases
Threat and Vulnerability Management
Vulnerability Management Challenges Over the past 10 years, only 12% of known vulnerabilities have been exploited12% 97,618vulnerabilities in the National Vulnerability Database (NVD) 38,953exploits in the Exploit Database >100 billionlines of code generated annually Hackers produce about 120 million variants of malware every year Through 2020, 99% of vulnerabilities exploited will be those known for at least one year Medium severity vulnerabilities are most often exploited in the wild The time it has taken from patch release to exploit in the wild has dropped from 45to 15 days in the last decade
Key Vulnerabilities to Prioritize Vulnerabilities Affecting Crown-Jewel Assets Vulnerabilities in your Environment Known Vulnerabilities Exploited Vulnerabilities
TVM Features Asset Classification Vulnerability Risk Scoring Remediation Ticket Orchestration Remediation Validation 1 6 7 Risk Score Aggregation & Prioritization 4 5 Data Collection 2 Data Correlation 3 Dashboards / Reporting 8
Vulnerability Risk Scoring IMPACT LIKELIHOOD Business Criticality Type of Data Scope Other Attack Vector Attack Complexity Privileges Required User Interaction Matching Exploit Age Network Location Other
Risk Score Aggregation E N T E R P R I S E BU 1 DBMS Server Server Server NVD CVE-2017-5632 APP APP PATCH V U L N RISK SCORE V U L N V U L N V U L N BU 2 BU 3 CVE-2017-5638 CVE-2017-4187 CVE-…. CVE-....
Compliance Management
Key Compliance Challenges • Volume of data o Assets o Controls • Complexity o Organization o Regulations • Minimize user resistance • Higher stakes • Need to do more with less or same resources
Compliance Manager Features Asset Classification Common Control Framework Compliance Measurement & Reporting Control Frameworks 1 3 6 7 Workflow Management 4 5 Control Target Profiles 2 Automated Questionnaire Creation 3
Scaling Assessments
Vendor Risk Management
Key Vendor Risk Management Challenges • Provide an accurate view of a vendor’s riskiness • Minimize administrative burden on vendors • Ensure vendors are following through on remediation actions • Enforce a consistent process for rating vendors • Allow process to be managed with a minimal number of resources
Onboarding, Due Diligence & Screening Vendor Risk Assessment Contract Onboarding Risk Oversight & Control Ongoing Monitoring 1 2 3 4 5 Renewal/ Termination Protocols 6 Vendor Risk Manager Features
Key Differentiators
INTEGRATION SCALABILITY AUTOMATION Key Differentiators
ROADMAP
RE-INTEGRATE RELEASE STREAMS Combine 8.5 and SOAR 2017.1 releases: Threat object, Threat/vulnerability correlation, Trending enhancements TVM SCALABILITY Archive vulnerability instances and tickets, TVM schema optimization, KRI enhancements, Tickets UI enhancements, Compliance dashboard THREAT MODELING/TVM Threat modeling, Connector scheduling enhancements, Patch object enhancements, Tickets UI enhancements, Reporting enhancements ARCHIVING ENHANCEMENTS Assessments, Evidence, Documents, Additional dashboards and reports AUTOMATION Tickets bulk operations, Vulnerabilities bulk operations, CPE search, Hybrid controls Q3 Q4 Q119 ROY19Q2 All information is confidential and subject to change. Roadmap
KEY USE CASES & DEMO
Thanks! Any questions? @Steve_Finegan steve.finegan@resolver.com

Empfohlen

Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
Resolver Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
Resolver Inc.
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business Continuity
Resolver Inc.
 
An Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationAn Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management Application
Resolver Inc.
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data Safe
Resolver Inc.
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance Application
Resolver Inc.
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 

Empfohlen

Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
Resolver Inc.
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk Assessment
Resolver Inc.
 
Taking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business ContinuityTaking a Data-Driven Approach to Business Continuity
Taking a Data-Driven Approach to Business Continuity
Resolver Inc.
 
An Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management ApplicationAn Intro to Resolver's Incident Management Application
An Intro to Resolver's Incident Management Application
Resolver Inc.
 
Keeping Your Data Clean
Keeping Your Data CleanKeeping Your Data Clean
Keeping Your Data Clean
Resolver Inc.
 
Information Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data SafeInformation Security Best Practices: Keeping Your Company's Data Safe
Information Security Best Practices: Keeping Your Company's Data Safe
Resolver Inc.
 
An Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance ApplicationAn Intro to Resolver's Compliance Application
An Intro to Resolver's Compliance Application
Resolver Inc.
 
Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security Why Corporate Security Professionals Should Care About Information Security
Why Corporate Security Professionals Should Care About Information Security
Resolver Inc.
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
Meg Vorland
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Resolver Inc.
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
Resolver Inc.
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
John D. Johnson
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk Application
Resolver Inc.
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
 
Crown jewels risk assessment - Cost-effective risk identification
Crown jewels risk assessment - Cost-effective risk identificationCrown jewels risk assessment - Cost-effective risk identification
Crown jewels risk assessment - Cost-effective risk identification
Priyanka Aash
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
Doug Copley
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
Priyanka Aash
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
Rahul Neel Mani
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown Jewels
Doug Landoll
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk management
Endeavor Management
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
Rabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
Priyanka Aash
 
Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12
Cytegic
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and Often
Priyanka Aash
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
JoAnna Cheshire
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
NetworkCollaborators
 

Weitere ähnliche Inhalte

Was ist angesagt?

Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
Ayham Kochaji
 

Was ist angesagt? (20)

Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Security Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk ManagementSecurity Trends: From "Silos" to Integrated Risk Management
Security Trends: From "Silos" to Integrated Risk Management
 
Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?Managing Enterprise Risk: Why U No Haz Metrics?
Managing Enterprise Risk: Why U No Haz Metrics?
 
An Intro to Resolver's Risk Application
An Intro to Resolver's Risk ApplicationAn Intro to Resolver's Risk Application
An Intro to Resolver's Risk Application
 
Integrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-EffectivenessIntegrating-Cyber-Security-for-Increased-Effectiveness
Integrating-Cyber-Security-for-Increased-Effectiveness
 
Crown jewels risk assessment - Cost-effective risk identification
Crown jewels risk assessment - Cost-effective risk identificationCrown jewels risk assessment - Cost-effective risk identification
Crown jewels risk assessment - Cost-effective risk identification
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Finding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown JewelsFinding and Protecting Your Organizations Crown Jewels
Finding and Protecting Your Organizations Crown Jewels
 
Integrated risk management
Integrated risk managementIntegrated risk management
Integrated risk management
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply ChainSFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
 
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk ResilienceHow to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
 
Cytegic presentation 02 12
Cytegic presentation 02 12Cytegic presentation 02 12
Cytegic presentation 02 12
 
Vendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and OftenVendor Security Practices: Turn the Rocks Over Early and Often
Vendor Security Practices: Turn the Rocks Over Early and Often
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 

Ähnlich wie An Intro to Resolver's InfoSec Application (RiskVision)

Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
OnRamp
 

Ähnlich wie An Intro to Resolver's InfoSec Application (RiskVision) (20)

Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist2017 K12 Educators Security Briefing - Matthew Rosenquist
2017 K12 Educators Security Briefing - Matthew Rosenquist
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Big Data Analytics Solutions
Big Data Analytics SolutionsBig Data Analytics Solutions
Big Data Analytics Solutions
 
2018 State of Cyber Resilience Report - Ireland
2018 State of Cyber Resilience Report - Ireland2018 State of Cyber Resilience Report - Ireland
2018 State of Cyber Resilience Report - Ireland
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report Highlights
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...2 factor authentication beyond password : enforce advanced security with au...
2 factor authentication beyond password : enforce advanced security with au...
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
Risk Product.pptx
Risk Product.pptxRisk Product.pptx
Risk Product.pptx
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
Cyber threat forecast 2018..
Cyber threat forecast 2018..Cyber threat forecast 2018..
Cyber threat forecast 2018..
 

Mehr von Resolver Inc.

How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security Investments
Resolver Inc.
 
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment TeamCreating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Resolver Inc.
 

Mehr von Resolver Inc. (20)

How to Prove the Value of Security Investments
How to Prove the Value of Security InvestmentsHow to Prove the Value of Security Investments
How to Prove the Value of Security Investments
 
ERM Benchmarking Survey Results
ERM Benchmarking Survey ResultsERM Benchmarking Survey Results
ERM Benchmarking Survey Results
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
Terrorism in a Corporate Setting
Terrorism in a Corporate SettingTerrorism in a Corporate Setting
Terrorism in a Corporate Setting
 
Reporting to the Board on Corporate Compliance
Reporting to the Board on Corporate ComplianceReporting to the Board on Corporate Compliance
Reporting to the Board on Corporate Compliance
 
Modelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver CoreModelling your Business Processes with Resolver Core
Modelling your Business Processes with Resolver Core
 
How Resolver Uses Resolver
How Resolver Uses ResolverHow Resolver Uses Resolver
How Resolver Uses Resolver
 
A Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management StrategyA Peek at adidas Group's Integrated Risk & Security Management Strategy
A Peek at adidas Group's Integrated Risk & Security Management Strategy
 
An Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience ApplicationAn Intro to Resolver's Resilience Application
An Intro to Resolver's Resilience Application
 
How to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business ResilienceHow to Achieve a Fully Integrated Approach to Business Resilience
How to Achieve a Fully Integrated Approach to Business Resilience
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
Leveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM ProgramLeveraging Change Leadership to Find Success in your IRM Program
Leveraging Change Leadership to Find Success in your IRM Program
 
Int:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will AndersonInt:rsect: CEO Address with Will Anderson
Int:rsect: CEO Address with Will Anderson
 
Risk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New RiskRisk Intelligence: Threats are the New Risk
Risk Intelligence: Threats are the New Risk
 
How to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with ExecutivesHow to Use Storytelling to Communicate with Executives
How to Use Storytelling to Communicate with Executives
 
Planning a move from Perspective to CORE
Planning a move from Perspective to COREPlanning a move from Perspective to CORE
Planning a move from Perspective to CORE
 
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment TeamCreating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
 
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & IrmaLessons Learned in the Aftermath of Hurricanes Harvey & Irma
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
 
Integrated Risk Management 101
Integrated Risk Management 101Integrated Risk Management 101
Integrated Risk Management 101
 
Integrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: BenchmarkingIntegrated Security & Risk Management: Benchmarking
Integrated Security & Risk Management: Benchmarking
 

Kürzlich hochgeladen

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Kürzlich hochgeladen (20)

How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
ManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide DeckManageIQ - Sprint 236 Review - Slide Deck
ManageIQ - Sprint 236 Review - Slide Deck
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 

An Intro to Resolver's InfoSec Application (RiskVision)

  • 1. An Intro to Resolver’s InfoSec Application (RiskVision)
  • 2.
  • 3. Hello! I am Steve Finegan Product Manager at Resolver @Steve_Finegan steve.finegan@resolver.com Your Photo Here!
  • 4. And, I am Kevin Barcellos Manager, Solution Engineering kevin.barcellos@resolver.com
  • 6. IT Integrated Risk Management Risk & Regulation Audit Improve Policy & Control Response Incident Report Investigate Analyze ImproveMonitor INTEGRATED RISK MANAGEMENT PLANNING PREPERATION RESPONSE RECOVERYEVENT RiskVision RiskVision RiskVision
  • 8. VISIBILITY INTO CRITICAL ASSETS Need to capture IT assets, including servers, applications, and data and set criticality. Key challenges include volume and velocity of data and orchestrating SME input. MULTI-GEOGRAPHICAL AND REGULATORY COMPLIANCE Different legal jurisdictions have different regulatory mandates they need to comply with, and even within a jurisdiction there are multiple applicable requirements. Also, new extensive regulations like GDPR are taking effect. NEED TO IMPROVE OPERATIONAL EFFICIENCIES As a result of increasing volume and velocity of data, security and compliance groups need to improve efficiency. Redesigning processes is a challenge when the team is at capacity dealing with current workload. Pains
  • 9. ASSET IDENTIFICATION AND CLASSIFICATION AT SCALE Ability to import large volumes of assets from existing tools and to automatically send classification surveys to SMEs results in more risk- relevant data. COMPLIANCE BY GEOGRAPHY AND REGULATION Assignment of servers, applications, and data to organizational units for BU/geographic reporting. Ability to reuse control results for multiple regulations to streamline multi-regulatory compliance requirements. REALIZATION OF OPERATING EFFICIENCIES Efficiencies gained by automation and orchestration, combined with workflow process data, allows organizations to analyze and streamline processes. Gains
  • 10. RISK AND COMPLIANCE PROFESSIONALS INFORMATION SECURITY PROFESSIONALS CORPORATE SECURITY PROFESSIONALS How RiskVision helps • Gain visibility to IT risk and compliance for important standards and regulations such as ISO, PCI, NIST, and HIPAA. • Orchestrate the remediation of findings and mitigations. • Track top risks. • Model information systems and components, together with data. • Provides visibility into most critical assets. • Ensure that mitigations affecting the most important information assets are prioritized accordingly. • Understand the importance of data stored within physical environments. • Measure the effects of physical controls on information security. • Track the remediation of physical controls issues.
  • 11. Threat & Vulnerability Management IT Risk & Compliance Third Party Risk Management Primary Use Cases
  • 13. Vulnerability Management Challenges Over the past 10 years, only 12% of known vulnerabilities have been exploited12% 97,618vulnerabilities in the National Vulnerability Database (NVD) 38,953exploits in the Exploit Database >100 billionlines of code generated annually Hackers produce about 120 million variants of malware every year Through 2020, 99% of vulnerabilities exploited will be those known for at least one year Medium severity vulnerabilities are most often exploited in the wild The time it has taken from patch release to exploit in the wild has dropped from 45to 15 days in the last decade
  • 14. Key Vulnerabilities to Prioritize Vulnerabilities Affecting Crown-Jewel Assets Vulnerabilities in your Environment Known Vulnerabilities Exploited Vulnerabilities
  • 15. TVM Features Asset Classification Vulnerability Risk Scoring Remediation Ticket Orchestration Remediation Validation 1 6 7 Risk Score Aggregation & Prioritization 4 5 Data Collection 2 Data Correlation 3 Dashboards / Reporting 8
  • 16. Vulnerability Risk Scoring IMPACT LIKELIHOOD Business Criticality Type of Data Scope Other Attack Vector Attack Complexity Privileges Required User Interaction Matching Exploit Age Network Location Other
  • 17. Risk Score Aggregation E N T E R P R I S E BU 1 DBMS Server Server Server NVD CVE-2017-5632 APP APP PATCH V U L N RISK SCORE V U L N V U L N V U L N BU 2 BU 3 CVE-2017-5638 CVE-2017-4187 CVE-…. CVE-....
  • 19. Key Compliance Challenges • Volume of data o Assets o Controls • Complexity o Organization o Regulations • Minimize user resistance • Higher stakes • Need to do more with less or same resources
  • 20. Compliance Manager Features Asset Classification Common Control Framework Compliance Measurement & Reporting Control Frameworks 1 3 6 7 Workflow Management 4 5 Control Target Profiles 2 Automated Questionnaire Creation 3
  • 23. Key Vendor Risk Management Challenges • Provide an accurate view of a vendor’s riskiness • Minimize administrative burden on vendors • Ensure vendors are following through on remediation actions • Enforce a consistent process for rating vendors • Allow process to be managed with a minimal number of resources
  • 24. Onboarding, Due Diligence & Screening Vendor Risk Assessment Contract Onboarding Risk Oversight & Control Ongoing Monitoring 1 2 3 4 5 Renewal/ Termination Protocols 6 Vendor Risk Manager Features
  • 28. RE-INTEGRATE RELEASE STREAMS Combine 8.5 and SOAR 2017.1 releases: Threat object, Threat/vulnerability correlation, Trending enhancements TVM SCALABILITY Archive vulnerability instances and tickets, TVM schema optimization, KRI enhancements, Tickets UI enhancements, Compliance dashboard THREAT MODELING/TVM Threat modeling, Connector scheduling enhancements, Patch object enhancements, Tickets UI enhancements, Reporting enhancements ARCHIVING ENHANCEMENTS Assessments, Evidence, Documents, Additional dashboards and reports AUTOMATION Tickets bulk operations, Vulnerabilities bulk operations, CPE search, Hybrid controls Q3 Q4 Q119 ROY19Q2 All information is confidential and subject to change. Roadmap
  • 29. KEY USE CASES & DEMO