What’s New in RiskVision v9.0

RiskVision 9.0 introduces multiple new features and improvements that are described below. These enhancements are grouped as follows:

• Integration with SOAR 2017.1 release stream

• Entity Grid enhancements

• Security Enhancements

• Other Improvements

Integration with SOAR 2017.1 Release Stream

The SOAR 2017.1 release stream delivered many key enhancements. These enhancements have been merged into the 9.0 release. The most significant features are covered below.

Threat Object and UI Enhancements

Threat intelligence is essential to know which vulnerabilities are being actively exploited, to gain context for responding to incidents, and for creating a plan to mitigate the threats an organization is facing. The 9.0 release introduces a threat object to allow organizations to systematically incorporate threat intelligence into their operations.

To facilitate the incorporation of threat intelligence into a company’s operations, the RiskVision data model now includes many-to-many data associations of threats with other objects, such as assets, vulnerabilities, incidents, and tickets. This is important because it allows organizations to better measure risk and assign and track mitigations.

The RiskVision 9.0 release provides both high-level and detailed views of threat intelligence. At the highest level, there are new grids that provide multiple ways to view threat intelligence data, such as My Threats, Recent Threats, All Threats, Threat Intelligence, Malware, and Threat Actors. These grids can be further filtered, sorted, and searched, enabling users to quickly identify the threat intelligence data that is most relevant to them.

Threat detail panes present various information about each threat, including a link to the full threat report in the threat intelligence feed, a description, owner, severity level, likelihood, risk level, and a threat intelligence report synopsis. These detail panes also show the vulnerabilities, incidents, and tickets that are associated with a given threat.

Threat Intelligence Data Feed Integrations

For this release, RiskVision 9.0 is providing integration with the CrowdStrike Falcon Intelligence and FireEye iSight threat intelligence feeds. For CrowdStrike, RiskVision is importing threat actors, periodic reports, tipper reports, alerts, and IOCs. For FireEye, RiskVision is importing threats, malware, and vulnerability advisories.

Correlation of Threats with Vulnerabilities

To help users prioritize both threats and vulnerabilities, when a threat intelligence source links a threat or an IOC with one or more CVEs, RiskVision will automatically correlate the threat and associated vulnerabilities. RiskVision will also correlate the threat to any assets that have a vulnerability that a threat is linked to, thereby providing a view of which threats have the potential to affect your most critical assets.

Attribution of Threats to Incidents

Organizations are constantly being attacked, and inevitably some of these attacks will be successful. To limit the harm and minimize the time to respond to events that have a high probability of being an incident, RiskVision SOAR allows for threats to be attributed to incidents. When you know a threat is attributed to an incident, you can increase the incident severity, which can result in RiskVision assigning a rapid response process to the incident.

Threat-related Vulnerability Risk Scoring Enhancements

Organizations have many more vulnerabilities than they can remediate within a timely basis. Assigning a risk score provides visibility to which vulnerabilities are the riskiest, and therefore should be addressed first. Effective with this release, RiskVision’s vulnerability risk score now includes a Threat Factor. The Threat Factor increases the risk of vulnerability by a predefined multiplier if there is a threat that is targeting vulnerability. Combined with the existing Asset Criticality Factor, Exploit Factor, and other existing variables, the vulnerability risk score will help organizations better understand the relative risk of a vulnerability being exploited and prioritize remediation decisions accordingly.

Threat Mitigation Tracking

Given that a threat is a person or thing that is intending to cause harm to an organization, it is important to be able to mitigate threats, and to track these mitigation efforts. To facilitate this, RiskVision now allows organizations to create tickets against threats. These tickets will be associated with a predefined workflow based on workflow settings and ticket attribute values. This allows for different mitigation processes to be automatically instituted for different threat types, such as threat actor and malware, which will increase response effectiveness.

Metrics Generator Enhancements

The only way organizations can know if they are getting better at protecting against cyber security risk is to focus on measuring and improving important metrics. The Metrics Generator feature enhancements done for this release enable organizations to define virtually any measurement they want to track, and measure its performance over time. These metrics can be generated on a daily, weekly, or monthly basis. Examples of metrics that can be tracked include average number of vulnerabilities per computer per business unit, ticket mean time to resolution by workflow stage, and average compliance score by BU. Combined with RiskVision’s robust business intelligence engine, organizations can generate both high-level and detailed reports to provide the required level of visibility to end users so that metrics can be effectively tracked and improved.

Improved Affected Assets Page

The Affected Assets page automatically groups assets that have a vulnerability by similar characteristics of the related assets, such as by OS title/vendor/version with asset criticality and owner. This grouping is intended to allow you to create a single ticket for each asset group, instead of one for each vulnerability instance, which could result in hundreds, thousands, or tens of thousands of tickets.

The new page uses a job that runs periodically to update this page for every vulnerability. Having this data already calculated when a user opens the page results in an instantaneous loading of the page, even when there are many thousands of instances of a vulnerability.

Entities Grid Enhancements

RiskVision 9.0 provides several enhancements to the Entity Grid. These enhancements include those listed in the below sections. 

IP Addresses Column

The Entities Grid now provides an option to display a new column for IP address. This will make it much easier for organizations that use IP address as a primary system identifier to work with their IT assets. Like other columns, the IP Address column can be sorted in ascending or descending order. Also, when the IP Address column is showing, the Entities Grid still supports bulk edit, searching, and filtering operations.

New Dynamic Group for Assets with IP Addresses

The Entities Grid now contains a new Dynamic Group that shows all entities that have an IP address. This new Dynamic Group aggregates all entities of type Computer, Network Device, and Mobile Phone in a single view.

Ability to Search for Multiple IP Addresses in a Single Search

Effective with this release you can now search for multiple IP addresses within a single search by using comma-separated IP addresses. This will enable you to more rapidly search for entities that have specific IP addresses.

Security Enhancements

Due to the sensitive data that you store in RiskVision, security is a top priority to Resolver. RiskVision 9.0 contains several important security enhancements.

Server-Specific Master Encryption Key

Effective with this release, every RiskVision installation will have a master encryption key. This provides an added layer of security, but does require special precautions that are mentioned in the RiskVision Installation and Configuration Guide under the “Configuring a Unique Encryption Key” topic.

Upgraded Third Party Components and Libraries

Many of the third-party components and libraries used in RiskVision have been upgraded in 9.0 to take advantage of vulnerability fixes in these components and libraries.

Pen Test and Vulnerability Scan Fixes

Resolver and its customers have performed vulnerability scans and pen tests of the RiskVision platform. Findings of Medium or higher were fixed in this 9.0 release and are listed in the Fixed Issues section of this release notes document.

Improvements

Fixed Issues

Known Issues

Related Documentation

Please refer to the following end-user documents for additional information:

•RiskVision Installation and Configuration Guide

• RiskVision Upgrade Guide

• RiskVision Administrator’s Guide

• RiskVision Application User’s Guides:

• RiskVision Compliance Manager User’s Guide

• RiskVision Enterprise Risk Manager User’s Guide

• RiskVision Incident Manager User’s Guide

• RiskVision Policy Manager User’s Guide

• RiskVision Threat and Vulnerability Manager User’s Guide

• RiskVision Vendor Risk Manager User’s Guide

• RiskVision Analytics Guide

These and other helpful information can be found in the Resolver Customer Support Portal. Here you can:

• Search the RiskVision Knowledgebase for answers to your questions

• Gain access to RiskVision technical documentation, how-to videos, and best practices guides

• Review your case history

• Submit new questions, problems, or issues

Minimum Hardware Requirements

The following hardware requirements represent the minimum system requirements to install Resolver RiskVision software. The recommended requirements will vary according to each customer’s use cases and will be provided by your solution architect.

UPS is recommended for power management. 

Supported Versions

This release supports the following versions of third-party software:

Notices and Intellectual Property Information

Notice

The materials contained in this publication are owned or provided by Resolver Inc. and are the property of Resolver or its licensors, and are protected by copyright, trademark, and other intellectual property laws. No trademark or copyright notice in this publication may be removed or altered in any way.

Copyright

Copyright ©2018 Resolver Inc. All rights reserved. All materials contained in this publication are protected by Canadian, the United States, and international copyright laws and no part of this publication may be reproduced, modified, displayed, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written consent of Resolver, 111 Peter Street, Suite 804, Toronto, Ontario M5V 2H1, Canada or, in the case of materials in this publication owned by third parties, without such third party’s consent. Notwithstanding the foregoing, to the extent any material in this publication is reproduced or modified in any way (including derivative works and transformative works), by you or on your behalf, then such reproduced or modified materials shall be automatically assigned to without any further act and you agree on behalf of yourself and your successors, assigns, heirs, beneficiaries, and executors, to promptly do all things and sign all documents to confirm the transfer of such reproduced or modified materials to Resolver.

Trademarks

Protect What Matters, RiskVision and/or other products or marks referenced herein are either registered trademarks or trademarks of Resolver Inc. in Canada, the United States and/or other countries. The names of actual companies, trademarks, trade names, service marks, images and/or products mentioned herein may be the trademarks of their respective owners. Any rights not expressly granted herein are reserved.

Changes

Companies, names, and data used in the examples herein are fictitious unless otherwise noted. Although every precaution has been taken in the preparation of this document, Resolver Inc. assumes no responsibility for errors or omissions. Neither is any liability assumed for damages resulting from the use of the information contained herein. Permission to modify and distribute this document strictly for the purpose of internal user training is hereby granted, provided that it is made evident the document has been modified, and that all copies contain all proprietary notices set forth in or on the original version. Resolver Inc. assumes no responsibility for errors or omissions resulting from the modification of this document. Resolver Inc. expressly waives all liability assumed for damages resulting from the modification of the information contained herein. Notwithstanding the permission granted herein, no part of this document may otherwise be reproduced, transmitted, disseminated or distributed, in any form or by any means, electronic or mechanical, for any other purpose, without the express written permission of Resolver Inc.