In 2017, Resolver acquired RiskVision—a recognized leader in integrated risk management software for security operations. In this presentation you will learn how to prioritize efforts around risk mitigation and response to cyber threats. You’ll also learn where we’re heading on the product roadmap and how it will drive your IT efficiency even further and make it easier to share real-time information with your C-suite, board, and other stakeholders.
8. VISIBILITY INTO CRITICAL
ASSETS
Need to capture IT assets,
including servers,
applications, and data and
set criticality. Key
challenges include volume
and velocity of data and
orchestrating SME input.
MULTI-GEOGRAPHICAL AND
REGULATORY COMPLIANCE
Different legal jurisdictions
have different regulatory
mandates they need to
comply with, and even
within a jurisdiction there
are multiple applicable
requirements. Also, new
extensive regulations like
GDPR are taking effect.
NEED TO IMPROVE
OPERATIONAL EFFICIENCIES
As a result of increasing
volume and velocity of
data, security and
compliance groups need to
improve efficiency.
Redesigning processes is a
challenge when the team is
at capacity dealing with
current workload.
Pains
9. ASSET IDENTIFICATION AND
CLASSIFICATION AT SCALE
Ability to import large
volumes of assets from
existing tools and to
automatically send
classification surveys to
SMEs results in more risk-
relevant data.
COMPLIANCE BY GEOGRAPHY
AND REGULATION
Assignment of servers,
applications, and data to
organizational units for
BU/geographic reporting.
Ability to reuse control
results for multiple
regulations to streamline
multi-regulatory compliance
requirements.
REALIZATION OF OPERATING
EFFICIENCIES
Efficiencies gained by
automation and
orchestration, combined
with workflow process
data, allows organizations
to analyze and streamline
processes.
Gains
10. RISK AND COMPLIANCE
PROFESSIONALS
INFORMATION SECURITY
PROFESSIONALS
CORPORATE SECURITY
PROFESSIONALS
How RiskVision helps
• Gain visibility to IT risk and
compliance for important standards
and regulations such as ISO, PCI,
NIST, and HIPAA.
• Orchestrate the remediation of
findings and mitigations.
• Track top risks.
• Model information systems and
components, together with data.
• Provides visibility into most critical
assets.
• Ensure that mitigations affecting the
most important information assets are
prioritized accordingly.
• Understand the importance of data
stored within physical
environments.
• Measure the effects of physical
controls on information security.
• Track the remediation of physical
controls issues.
13. Vulnerability Management Challenges
Over the past 10 years, only 12% of known vulnerabilities have been exploited12%
97,618vulnerabilities in the National Vulnerability Database (NVD)
38,953exploits
in the Exploit
Database
>100 billionlines of code generated annually
Hackers produce about
120 million variants of
malware every year
Through 2020,
99%
of vulnerabilities
exploited will be
those known for at
least one year
Medium severity
vulnerabilities are most
often exploited in the wild
The time it has taken
from patch release to
exploit in the wild
has dropped from
45to 15
days in the last
decade
16. Vulnerability Risk Scoring
IMPACT LIKELIHOOD
Business
Criticality
Type of Data
Scope
Other
Attack Vector
Attack
Complexity
Privileges
Required
User Interaction
Matching Exploit
Age
Network
Location
Other
17. Risk Score Aggregation
E N T E R P R I S E
BU 1
DBMS
Server
Server
Server
NVD
CVE-2017-5632
APP
APP
PATCH
V U L N
RISK SCORE V U L N
V U L N
V U L N
BU 2 BU 3
CVE-2017-5638
CVE-2017-4187
CVE-….
CVE-....
19. Key Compliance Challenges
• Volume of data
o Assets
o Controls
• Complexity
o Organization
o Regulations
• Minimize user resistance
• Higher stakes
• Need to do more with less or same resources
23. Key Vendor Risk Management Challenges
• Provide an accurate view of a vendor’s riskiness
• Minimize administrative burden on vendors
• Ensure vendors are following through on remediation actions
• Enforce a consistent process for rating vendors
• Allow process to be managed with a minimal number of resources