ThreatConnect RQ 6.3 - Making FAIR Even Easier

ThreatConnect 6.3 Dashboard Image

We’re excited to announce the release of ThreatConnect Risk Quantifier (RQ) version 6.3! This update is now available and provides a number of enhancements that make cyber risk quantification (CRQ) even easier to implement and use, particularly focusing on making the FAIR analysis faster, with less effort.

Pre-populated FAIR Loss Magnitude 

RQ 6.3 now includes auto-population of 4 of the 6 FAIR loss types – Productivity, Response, Replacement, and Fines and Judgment. RQ also now identifies subtypes for FAIR loss data where possible too (e.g., HIPAA and PCI fines, ransomware/extortion costs, and credit monitoring)

ThreatConnect RQ 6.3 - Making FAIR Even Easier

 

Updated Semi-Automated FAIR Scenarios

To make FAIR even easier, enhancements to semi-automated FAIR scenarios were made. For example, vulnerability calculations (in FAIR) can now be calculated using your control profiles and Threat Event Frequency (TEF) can be pre-populated from a new, pre-defined list in the console.

ThreatConnect RQ 6.3 - Making FAIR Even Easier

Enhanced Integrations Between RQ and SecurityScorecard

In RQ 6.3, we’ve made more enhancements to our integration with SecurityScorecard. Now all RQ users can ingest L1 data from SecurityScorecard and display it within RQ. A customer with their own SecurityScorecard key can use it in RQ to see L2 data about companies they enter. Under the Third Party menu, users will now have 2 dropdown menu options – Dashboard and Security Scorecard

ThreatConnect RQ 6.3 - Making FAIR Even Easier

ThreatConnect RQ 6.3 - Making FAIR Even Easier

 

There are numerous other enhancements included with RQ 6.3 to make doing cyber risk quantification even easier! For example: 

  • Tuning Losses at the Application Level – Users can now tune loss data at the application level. As seen in the screenshot below, granular loss data per application can be performed.

  • Exploitable CVE Data Accessible via the User Interface – The Short Term Recommendations page now identifies whether or not a CVE is exploitable based on the data already stored in RQ. Exploitability data is also available within RQ’s settings and there is a list of all exploitable CVE’s available and their status (exploitable or not).  
  • Support for Single Sign-On – SSO support for Azure, Okta and Ping is now available.

 

Interested in ThreatConnect RQ and cyber risk quantification? Click here to learn more about ThreatConnect’s industry-leading CRQ solution that automates away the complexity of performing financial cyber risk quantification.

Toby Bussa
About the Author
Toby Bussa

Toby Bussa is VP of Product Marketing at ThreatConnect. He has over 20 years of experience in cybersecurity as a practitioner and leader. He recently was a VP Analyst at Gartner where he covered security operations topics, including SIEM, SOAR, MDR, DFIR and SOCs. He previously led IT security operations, data protection, security architecture and engineering, and 3rd party risk management for a FTSE100 enterprise, and the EMEA SOC threat detection team for a global MSSP.