Blog Zscaler
Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta
IscrivitiThe Newest Capabilities of Risk360: Powerful Risk Alerting and Asset-level Risk
Managing risk effectively is paramount for organizations, given rising scrutiny from executives and regulatory bodies, along with staying ahead of long-standing risks like internet-exposed vulnerabilities or vulnerable VPNs.
By now you may be familiar with Risk360, our powerful risk quantification and visualization framework for remediating cyber risk. As a reminder, Risk360 ingests data from external sources, as well as a company’s own Zscaler environment, to create a detailed view of enterprise cyber risk posture across all four stages of a cyberattack and leverages over 115 unique risk factors across the attack chain.
Since our product launch in June 2023, we have grown quickly; in December 2023, we had our “Risk360 2.0” release which included Monte Carlo financial simulations, AI-driven cybersecurity maturity assessments, and a lot more. A nice summary of these innovations is here. With our latest 3.0 release, we have introduced even more powerful capabilities including: a new alerting framework, an asset-based risk scoring module, new UEBA risk factors, enriched investigative workflows and Tenable integration.
The introduction of new alerting capabilities in Risk360 marks a significant advancement in how businesses can operationalize cybersecurity measures, enabling security teams to act swiftly and decisively to surges in risk.
Our new alerting engine allows for the creation of complex rules tailored to alerting on the specific cyber and financial risks an organization faces. One of the standout features is its flexibility in rule definition, based on different criteria, such as organizational risk scores or any specific risk factors like active infections. For instance, a rule can be set to trigger an alert if the overall risk score exceeds a certain threshold or if there is a significant percentage increase in a specific risk factor.
Security teams can set parameters that, when met, trigger notifications. These notifications can be received through various channels such as email and webhooks, ensuring that the relevant personnel are alerted immediately to potential risks. The notifications also include the cause of the trigger to ensure alerts are actionable.
Users can log into the system, navigate to the alerting section, and view ongoing alerts, alert history, and the specific rules they have set up. This visibility is crucial for maintaining an up-to-date understanding of the organization's security posture. They can even mute an ongoing alert if they need more time to respond to an alert.
Furthermore, Risk360 addresses the issue of false alarms, which can be a common nuisance in risk management systems. Users can specify the duration a condition must persist before an alert is triggered, thus avoiding unnecessary alerts caused by transient conditions. This feature ensures that the alerts generated are both relevant and actionable.
The new alerting capabilities of Risk360 are a game-changer in cybersecurity management. By providing tools to define complex, tailored alerting rules and integrating with real-time response systems, Risk360 helps organizations not only monitor but also proactively manage cyber risks.
The second key update is the introduction of a groundbreaking Asset-risk scoring module, that allows organizations to assess and manage cybersecurity risks from the ground up. This new feature focuses on evaluating risk at the level of individual assets, providing a granular and comprehensive view of potential risks.
The asset-risk scoring module is anchored by its dynamic 3D chart visualization. This draws immediate attention to risk score clusters, allowing security teams to quickly identify patterns and anomalies across the asset landscape. Such visual aids are instrumental in helping stakeholders understand the distribution and severity of risks at a glance.
The module assigns an individual risk score to each asset. Zscaler’s asset-level risk scoring model considers more than 65 indicators of risk that fall into three major categories:
- Pre-infection Behavior
- Post-infection Behavior
- Suspicious Behavior
The model also accounts for the fact that not all indicators are equal; each indicator variably contributes to the risk score based on the severity and frequency of the associated threat. By quantifying risk in this manner, organizations can prioritize their responses and allocate resources more effectively to the areas of greatest need.
The asset-risk scoring module also provides an exportable inventory of risky assets, each tagged with its specific risk score. This feature not only aids in tracking and documentation but also simplifies the process of reporting and compliance by making data readily available and easy to disseminate.
In our 3.0 release, we have also introduced four new UEBA risk factors. These four risk factors indicate:
- Organizational data is uploaded to a list of high-risk countries
- External users are granted collaboration privileges to the organization's code repository
- Previously private code repositories are made available to the public
- Bulk file delete operation on SaaS application-based document sharing and management systems
Additionally we have enriched Risk360 investigative workflows to help our customers more effectively mitigate risk by giving them the ability to:
- Drill down and see a list of application segments with open ports
- Drill down on top URL host not being SSL inspected
- Drill down on access policies without device posture profile
- More intuitive drill-downs for viewing exposed servers and known CVEs
Finally, Risk360 now integrates with Tenable, allowing organizations to pull risk signals from Tenable vulnerability management platform. Incorporating this additional data source enhances the ability of Risk360 to identify potential attack surface risks.
With these new updates, Risk360 will continue empowering organizations by giving them a comprehensive, data-driven approach to cybersecurity risk management. To learn more, register for our webinar discussing Zscaler Risk360 (and Business Insights) or request a demo from your Zscaler team.
Questo post è stato utile?
Ricevi gli ultimi aggiornamenti dal blog di Zscaler nella tua casella di posta
Inviando il modulo, si accetta la nostra Informativa sulla privacy.