The key to effective exposure management is knowing which security gaps you should fix first, a job that just got easier with new capabilities announced today in Risk360 and Unified Vulnerability Management (UVM). Many Zscaler customers have yet to be introduced to either of these powerful exposure management solutions – these highlights will give you a snapshot:
Unified Vulnerability Management (UVM) is a new solution that came into the portfolio with the Avalor acquisition last March – key capabilities include contextualized risk prioritization, automated workflows for remediation, and dynamic reports and dashboards
Risk360 provides risk quantification, risk scoring by attack stages, and mitigation suggestions for improving security settings of your Zscaler systems
Both solutions now run on the data fabric for security, also part of the Avalor acquisition, which enables richer, more accurate posture insights
New innovations in the data fabric for security are making it faster and easier for our customers to assess risk in their environments.
How the Data Fabric Drives Zscaler AdvantagesThe data fabric for security ingests, correlates, and enriches Zscaler and third-party data sources to inform exposure assessment. The data fabric and the AI/ML technologies it feeds provide security insights harnessed from 500 billion daily transactions on the Zscaler Zero Trust ExchangeTM platform and from more than 150 third-party security and business applications.
Risk360 debuted a bit more than a year ago, providing insights into misconfigurations and other security gaps in the Zscaler zero trust platform and delivering cyber risk quantification (CRQ). The platform leverages cyber insurance data to accurately reflect risk in financial terms, and the platform captures high-level risk scoring, executive reporting, and compliance mapping.
Now Risk360 has been rebuilt to run on the data fabric for security – a mere eight months after the Avalor acquisition. The most immediate advantage is that Risk360 now incorporates third-party data into its risk posture findings, giving customers a more holistic and therefore more accurate assessment of risk in their environments. (Read on to see additional new capabilities now available in Risk360.)
Today’s news also highlights innovations in the data fabric that unlock new capabilities in UVM:
Visual Explorer – this visual representation of the data fabric’s security knowledge graph displays entity relationships, enabling customers to see the impact of connected findings, such as all the assets impacted by a given CVE, accelerating risk insights.
Risk Mass Score – this new calculation makes clear the relative impact of focusing on one fix vs. another, by providing the accumulated weight of a given vulnerability based on aspects such as the number of assets that have that vulnerability, the business criticality of those assets, and other factors that constitute overall impact.
Customizable Remediation Details – this enhancement lets customers directly define the information that UVM sends in the remediation tickets it generates into ITSM systems such as Jira and ServiceNow to, for example, share comments, add attachments, or include descriptions, using different templates for different remediation teams.
These new capabilities enhance the three core advantages of UVM: contextualized and customizable risk scoring, automated workflows for remediation with two-way ticketing reconciliation, and dynamic reports and dashboards that draw on always up-to-date data on exposures and mitigating controls.
Additional New Capabilities in Risk360Support for third-party data sources marks a significant leap forward in risk assessment in Risk360. Leveraging the data fabric for security unlocks several other important capabilities in this risk assessment platform, including:
Customized risk factors – the flexible data model at the heart of the data fabric for security makes it easy to add risk factors from any number of data sources, enabling customers to capture their organization’s specific risk metrics in Risk360.
Support for NIST Cybersecurity Framework (CSF) 2.0 – This built-in report streamlines the process for customers to reflect how their security posture aligns with this critical industry compliance framework.
New data sources and controls – these additional sources enhance the accuracy of the risk assessment in Risk360, including multi-domain scanning in External Attack Surface Management, vulnerabilities in identity stores and exposed credentials, exclusion of perimeter honeypots, and exclusion of designated servers or CVEs to avoid skewing risk calculations.
How You can Benefit from these Risk Assessment CapabilitiesThe capabilities detailed here are available now in both Risk360 and Unified Vulnerability Management, and customers can immediately use them to accelerate risk reduction. Zscaler customers who are not yet taking advantage of these exposure assessment solutions can work with their Zscaler Account or Customer Support contacts to get connected with Risk360 and UVM product experts. You can also watch lightboard overviews of the Risk360 and Unified Vulnerability Management solutions to get a sense of the overall functionality of each platform, and you can also request a custom demo.
↧