Posted
With the release of ThreatConnect RQ 7.9, organizations have access to new, powerful tools designed to improve cyber risk management. This release focuses on addressing common challenges in risk communication, enhancing technical risk analysis, and providing an improved user experience across RQ.
The Challenge of Qualitative Risk Measures
One longstanding challenge is effectively communicating qualitative risk to stakeholders. Traditional heat maps, while useful, rely on subjective inputs that lack quantitative data. This can lead to misunderstandings and under- or over-valuation of potential risks.
Introducing the Data-Driven Heat Map
To overcome this challenge, RQ 7.9 introduces a data-driven heat map that brings rigor to a qualitative risk communication tool. This feature allows users to visualize scenarios calculated by RQ in well-known and used matrix heat maps, providing a more accurate representation of cyber risks.
Key Features of the Data-Driven Heat Map
- Scalable: The heat map can display financial scales or qualitative scales, offering flexibility in how risks are presented.
- Customizable: You can choose to show annualized loss expectancy (ALE) or single loss expectancy (SLE) and probability of attacker success (P(s)) or loss event frequency (LEF). The qualitative scale for loss magnitude can also be customized.
- Enhanced Clarity: By incorporating data-driven insights, the heat map offers a clearer and more objective view of risk scenarios, making it easier to communicate with stakeholders.
Advancing Technical Analyses
Building on the foundation laid in previous RQ versions, RQ 7.9 adds new options to the Technical Analysis options – Technical Assets and Technical Risks. These enhancements provide deeper insights into your enterprise’s technical risk landscape.
Exploring Technical Assets
In RQ, a Technical Asset is defined as any piece of software or hardware that an attacker could exploit, such as workstations, servers, databases, containers, and network devices. Each technical asset receives a risk score ranging from 0 to 1000, with lower scores indicating higher security.
- Detailed Endpoint Information: Provides a summary of each endpoint’s information, technical risk score assessment, and Common Vulnerabilities and Exposures (CVEs) findings.
- Four Analysis Factors: Endpoint risk scores are calculated based on vulnerability data, application security data, subnet analysis, and partner scoring.
- Practical Applications: These risk scores are invaluable when evaluating CVEs on RQ’s Short-Term Recommendations screen, providing actionable insights for mitigating technical risks.
Assessing Technical Risks
The Technical Risks screen lists all potential CVEs within your enterprise environment, offering crucial details for each CVE:
- EPSS Score and Ranking: Evaluate each CVE’s exploitability with the Exploit Prediction Scoring System (EPSS), which predicts the likelihood of exploitation.
- CVSS Score and Timeline: Access the CVSS score, publication date, and last asset date as provided by NIST’s National Vulnerability Database (NVD).
- Comprehensive Risk Evaluation: These metrics collectively contribute to the technical risk score for a legal entity’s assets, offering a holistic view of an organization’s vulnerabilities.
A New Integration with Microsoft Defender for Endpoint
With the integration of Microsoft Defender, RQ 7.9 enhances its capabilities in analyzing technical risks to endpoints. This integration offers several benefits:
- Automated Risk Assessment: Automatically evaluate technical risks for endpoints protected by Microsoft Defender, ensuring continuous monitoring and timely responses to emerging threats.
- Unified Security Posture: By combining RQ’s advanced risk quantification with Microsoft Defender’s endpoint protection, organizations can achieve a more cohesive and robust security strategy.
Streamlined Navigation and Improved User Experience
In RQ 7.9, the Output Analysis option on the side navigation bar has been replaced with three new options to facilitate quicker access to essential information.
- Financial Analysis Enhancements: The Financial Analysis screen now includes Lower Bound and Upper Bound columns in the RQ-ALE section of the Loss Breakdown by Type and Application table.
- Model Risk to Business Assets: A new Total row in the Financial Analysis table provides a comprehensive view of potential financial impacts.
- FAIR Scenario ‘What If’ Analysis Enhancements: The loss table’s characteristics now include rows for 10%, 25%, 50%, 75%, 90%, and 95%, offering a more granular analysis of risk scenarios.
Want to learn more?
If you’re interested in learning more about these great new features in RQ 7.9, reach out to one of our cyber risk experts at threatconnect.com/request-a-demo or experience them for yourself with our interactive demo.