More Related Content

Slideshows for you(20)

Similar to An Intro to Resolver's InfoSec Application (RiskVision)(20)


More from Resolver Inc.(20)

Recently uploaded(20)


An Intro to Resolver's InfoSec Application (RiskVision)

  1. An Intro to Resolver’s InfoSec Application (RiskVision)
  2. Hello! I am Steve Finegan Product Manager at Resolver @Steve_Finegan Your Photo Here!
  3. And, I am Kevin Barcellos Manager, Solution Engineering
  5. IT Integrated Risk Management Risk & Regulation Audit Improve Policy & Control Response Incident Report Investigate Analyze ImproveMonitor INTEGRATED RISK MANAGEMENT PLANNING PREPERATION RESPONSE RECOVERYEVENT RiskVision RiskVision RiskVision
  7. VISIBILITY INTO CRITICAL ASSETS Need to capture IT assets, including servers, applications, and data and set criticality. Key challenges include volume and velocity of data and orchestrating SME input. MULTI-GEOGRAPHICAL AND REGULATORY COMPLIANCE Different legal jurisdictions have different regulatory mandates they need to comply with, and even within a jurisdiction there are multiple applicable requirements. Also, new extensive regulations like GDPR are taking effect. NEED TO IMPROVE OPERATIONAL EFFICIENCIES As a result of increasing volume and velocity of data, security and compliance groups need to improve efficiency. Redesigning processes is a challenge when the team is at capacity dealing with current workload. Pains
  8. ASSET IDENTIFICATION AND CLASSIFICATION AT SCALE Ability to import large volumes of assets from existing tools and to automatically send classification surveys to SMEs results in more risk- relevant data. COMPLIANCE BY GEOGRAPHY AND REGULATION Assignment of servers, applications, and data to organizational units for BU/geographic reporting. Ability to reuse control results for multiple regulations to streamline multi-regulatory compliance requirements. REALIZATION OF OPERATING EFFICIENCIES Efficiencies gained by automation and orchestration, combined with workflow process data, allows organizations to analyze and streamline processes. Gains
  9. RISK AND COMPLIANCE PROFESSIONALS INFORMATION SECURITY PROFESSIONALS CORPORATE SECURITY PROFESSIONALS How RiskVision helps • Gain visibility to IT risk and compliance for important standards and regulations such as ISO, PCI, NIST, and HIPAA. • Orchestrate the remediation of findings and mitigations. • Track top risks. • Model information systems and components, together with data. • Provides visibility into most critical assets. • Ensure that mitigations affecting the most important information assets are prioritized accordingly. • Understand the importance of data stored within physical environments. • Measure the effects of physical controls on information security. • Track the remediation of physical controls issues.
  10. Threat & Vulnerability Management IT Risk & Compliance Third Party Risk Management Primary Use Cases
  11. Threat and Vulnerability Management
  12. Vulnerability Management Challenges Over the past 10 years, only 12% of known vulnerabilities have been exploited12% 97,618vulnerabilities in the National Vulnerability Database (NVD) 38,953exploits in the Exploit Database >100 billionlines of code generated annually Hackers produce about 120 million variants of malware every year Through 2020, 99% of vulnerabilities exploited will be those known for at least one year Medium severity vulnerabilities are most often exploited in the wild The time it has taken from patch release to exploit in the wild has dropped from 45to 15 days in the last decade
  13. Key Vulnerabilities to Prioritize Vulnerabilities Affecting Crown-Jewel Assets Vulnerabilities in your Environment Known Vulnerabilities Exploited Vulnerabilities
  14. TVM Features Asset Classification Vulnerability Risk Scoring Remediation Ticket Orchestration Remediation Validation 1 6 7 Risk Score Aggregation & Prioritization 4 5 Data Collection 2 Data Correlation 3 Dashboards / Reporting 8
  15. Vulnerability Risk Scoring IMPACT LIKELIHOOD Business Criticality Type of Data Scope Other Attack Vector Attack Complexity Privileges Required User Interaction Matching Exploit Age Network Location Other
  16. Risk Score Aggregation E N T E R P R I S E BU 1 DBMS Server Server Server NVD CVE-2017-5632 APP APP PATCH V U L N RISK SCORE V U L N V U L N V U L N BU 2 BU 3 CVE-2017-5638 CVE-2017-4187 CVE-…. CVE-....
  17. Compliance Management
  18. Key Compliance Challenges • Volume of data o Assets o Controls • Complexity o Organization o Regulations • Minimize user resistance • Higher stakes • Need to do more with less or same resources
  19. Compliance Manager Features Asset Classification Common Control Framework Compliance Measurement & Reporting Control Frameworks 1 3 6 7 Workflow Management 4 5 Control Target Profiles 2 Automated Questionnaire Creation 3
  20. Scaling Assessments
  21. Vendor Risk Management
  22. Key Vendor Risk Management Challenges • Provide an accurate view of a vendor’s riskiness • Minimize administrative burden on vendors • Ensure vendors are following through on remediation actions • Enforce a consistent process for rating vendors • Allow process to be managed with a minimal number of resources
  23. Onboarding, Due Diligence & Screening Vendor Risk Assessment Contract Onboarding Risk Oversight & Control Ongoing Monitoring 1 2 3 4 5 Renewal/ Termination Protocols 6 Vendor Risk Manager Features
  24. Key Differentiators
  27. RE-INTEGRATE RELEASE STREAMS Combine 8.5 and SOAR 2017.1 releases: Threat object, Threat/vulnerability correlation, Trending enhancements TVM SCALABILITY Archive vulnerability instances and tickets, TVM schema optimization, KRI enhancements, Tickets UI enhancements, Compliance dashboard THREAT MODELING/TVM Threat modeling, Connector scheduling enhancements, Patch object enhancements, Tickets UI enhancements, Reporting enhancements ARCHIVING ENHANCEMENTS Assessments, Evidence, Documents, Additional dashboards and reports AUTOMATION Tickets bulk operations, Vulnerabilities bulk operations, CPE search, Hybrid controls Q3 Q4 Q119 ROY19Q2 All information is confidential and subject to change. Roadmap
  29. Thanks! Any questions? @Steve_Finegan