sb-eu logo
Story image

Verizon unveils new tech to transform security decision making

28 Mar 2018

Verizon has released a new technology built upon the collaboration of a number of its partners.

The company hopes to equip businesses and government organisations to make data-driven security decisions and focus their security spend where it will have the most impact thanks to its Verizon Risk Report (VRR).

The VRR combines Verizon’s Data Breach Investigations Report (DBIR) series’ extensive cybercriminal activity database, the company’s professional service consultants’ expertise and specialised data sources from technology providers including BitSight, Cylance, Recorded Future, and Tanium.

The end result is an automated security risk scoring framework that identifies current security gaps, weakness and associated risks on a daily basis – effectively making security decision making that much easier.

Verizon executive director of security services for global products and solutions Alex Schlager says security strategies have historically been focused on static defences but today’s fast and ever-evolving security landscape demands them to be proactive and adaptable in order to be truly effective.

“Businesses can no longer wait for cyberthreats to occur, or rely on historical security strategies created to deal with yesterday’s threat landscape," says Schlager.

“The VRR uses threat intelligence sourced daily from multiple data security sources, to allow customers to make data-driven security decisions based on today’s threats, and adaptively, and efficiently, address gaps in their security posture. With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.”

IDC program vice president Christina Richmond says in the past businesses have made security purchasing decisions based on previous expenditure or market trends, often resulting in budget being spent without direction and largely wasted.

“Senior executives still struggle to have complete visibility of their company’s security position, and the current threat environment, in order to make truly effective security decisions,” says Richmond.

“The cybercrime threat today is very real, and organisations need to be able to adjust and prioritise spending on security solutions in a more dynamic and effective manner.The Verizon Risk Report enables businesses to obtain cyber threat intelligence, and transform how they use security services to more effectively mitigate against threats.”

So how does it actually work? There are there service modules that integrate the specialised threat data sources via a consolidated customer security portal:

  • Level 1 – the ‘outside-in view’: This initial view uses BitSight’s security rating service, combined with deep web and dark web information from Recorded Future, for external assessments. This data is enhanced and contextualised with insights from the Verizon Data Breach Investigation Report (DBIR).  
  • Level 2 – the ‘inside-out view’: The external risk score obtained in level 1 can be enriched with an internal analysis of the business’ in-house systems, using Cylance and Tanium software agents. These are deployed on critical customer endpoints to provide an external and internal risk profile. The threat intelligence provided at this level is specific to the customer’s individual industry.
  • Level 3 – the ‘culture and process view’: Finally, information obtained by levels 1 and 2 can then be combined with qualitative assessments of an enterprise’s security policies, processes and organizational behavior. This step concludes and completes the crucial 360-degree assessment of customer’s cybersecurity posture.  

Verizon then provides specific recommendations based on the outcome of the VRR’s results.

The VRR service is currently in beta trials, but should soon be live and available around the world.

Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More