SlideShare a Scribd company logo
An Intro to Resolver’s InfoSec
Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
Hello!
I am Steve Finegan
Product Manager at Resolver
@Steve_Finegan
steve.finegan@resolver.com
Your
Photo
Here!
And,
I am Kevin Barcellos
Manager, Solution Engineering
kevin.barcellos@resolver.com
RESOLVER APPLICATIONS
IT Integrated Risk Management
Risk
&
Regulation
Audit Improve
Policy
&
Control
Response
Incident
Report
Investigate Analyze ImproveMonitor
INTEGRATED RISK MANAGEMENT
PLANNING PREPERATION RESPONSE RECOVERYEVENT
RiskVision RiskVision RiskVision
INFOSEC APPLICATION
VISIBILITY INTO CRITICAL
ASSETS
Need to capture IT assets,
including servers,
applications, and data and
set criticality. Key
challenges include volume
and velocity of data and
orchestrating SME input.
MULTI-GEOGRAPHICAL AND
REGULATORY COMPLIANCE
Different legal jurisdictions
have different regulatory
mandates they need to
comply with, and even
within a jurisdiction there
are multiple applicable
requirements. Also, new
extensive regulations like
GDPR are taking effect.
NEED TO IMPROVE
OPERATIONAL EFFICIENCIES
As a result of increasing
volume and velocity of
data, security and
compliance groups need to
improve efficiency.
Redesigning processes is a
challenge when the team is
at capacity dealing with
current workload.
Pains
ASSET IDENTIFICATION AND
CLASSIFICATION AT SCALE
Ability to import large
volumes of assets from
existing tools and to
automatically send
classification surveys to
SMEs results in more risk-
relevant data.
COMPLIANCE BY GEOGRAPHY
AND REGULATION
Assignment of servers,
applications, and data to
organizational units for
BU/geographic reporting.
Ability to reuse control
results for multiple
regulations to streamline
multi-regulatory compliance
requirements.
REALIZATION OF OPERATING
EFFICIENCIES
Efficiencies gained by
automation and
orchestration, combined
with workflow process
data, allows organizations
to analyze and streamline
processes.
Gains
RISK AND COMPLIANCE
PROFESSIONALS
INFORMATION SECURITY
PROFESSIONALS
CORPORATE SECURITY
PROFESSIONALS
How RiskVision helps
• Gain visibility to IT risk and
compliance for important standards
and regulations such as ISO, PCI,
NIST, and HIPAA.
• Orchestrate the remediation of
findings and mitigations.
• Track top risks.
• Model information systems and
components, together with data.
• Provides visibility into most critical
assets.
• Ensure that mitigations affecting the
most important information assets are
prioritized accordingly.
• Understand the importance of data
stored within physical
environments.
• Measure the effects of physical
controls on information security.
• Track the remediation of physical
controls issues.
Threat &
Vulnerability
Management
IT Risk &
Compliance
Third Party Risk
Management
Primary Use Cases
Threat and Vulnerability Management
Vulnerability Management Challenges
Over the past 10 years, only 12% of known vulnerabilities have been exploited12%
97,618vulnerabilities in the National Vulnerability Database (NVD)
38,953exploits
in the Exploit
Database
>100 billionlines of code generated annually
Hackers produce about
120 million variants of
malware every year
Through 2020,
99%
of vulnerabilities
exploited will be
those known for at
least one year
Medium severity
vulnerabilities are most
often exploited in the wild
The time it has taken
from patch release to
exploit in the wild
has dropped from
45to 15
days in the last
decade
Key
Vulnerabilities
to Prioritize
Vulnerabilities
Affecting Crown-Jewel
Assets
Vulnerabilities
in your
Environment
Known Vulnerabilities
Exploited
Vulnerabilities
TVM Features
Asset
Classification
Vulnerability
Risk
Scoring
Remediation
Ticket
Orchestration
Remediation
Validation
1 6 7
Risk Score
Aggregation &
Prioritization
4 5
Data
Collection
2
Data
Correlation
3
Dashboards
/ Reporting
8
Vulnerability Risk Scoring
IMPACT LIKELIHOOD
Business
Criticality
Type of Data
Scope
Other
Attack Vector
Attack
Complexity
Privileges
Required
User Interaction
Matching Exploit
Age
Network
Location
Other
Risk Score Aggregation
E N T E R P R I S E
BU 1
DBMS
Server
Server
Server
NVD
CVE-2017-5632
APP
APP
PATCH
V U L N
RISK SCORE V U L N
V U L N
V U L N
BU 2 BU 3
CVE-2017-5638
CVE-2017-4187
CVE-….
CVE-....
Compliance Management
Key Compliance Challenges
• Volume of data
o Assets
o Controls
• Complexity
o Organization
o Regulations
• Minimize user resistance
• Higher stakes
• Need to do more with less or same resources
Compliance Manager Features
Asset
Classification
Common
Control
Framework
Compliance
Measurement
& Reporting
Control
Frameworks
1
3
6 7
Workflow
Management
4 5
Control
Target
Profiles
2
Automated
Questionnaire
Creation
3
Scaling Assessments
Vendor Risk Management
Key Vendor Risk Management Challenges
• Provide an accurate view of a vendor’s riskiness
• Minimize administrative burden on vendors
• Ensure vendors are following through on remediation actions
• Enforce a consistent process for rating vendors
• Allow process to be managed with a minimal number of resources
Onboarding,
Due
Diligence &
Screening
Vendor Risk
Assessment
Contract
Onboarding
Risk
Oversight &
Control
Ongoing
Monitoring
1 2 3 4 5
Renewal/
Termination
Protocols
6
Vendor Risk Manager Features
Key Differentiators
INTEGRATION SCALABILITY AUTOMATION
Key Differentiators
ROADMAP
RE-INTEGRATE
RELEASE STREAMS
Combine 8.5 and
SOAR 2017.1
releases: Threat
object,
Threat/vulnerability
correlation, Trending
enhancements
TVM SCALABILITY
Archive vulnerability
instances and
tickets, TVM schema
optimization, KRI
enhancements,
Tickets UI
enhancements,
Compliance
dashboard
THREAT
MODELING/TVM
Threat modeling,
Connector scheduling
enhancements, Patch
object enhancements,
Tickets UI
enhancements,
Reporting enhancements
ARCHIVING
ENHANCEMENTS
Assessments,
Evidence,
Documents,
Additional
dashboards and
reports
AUTOMATION
Tickets bulk
operations,
Vulnerabilities bulk
operations, CPE
search, Hybrid
controls
Q3 Q4 Q119 ROY19Q2
All information is confidential and subject to change.
Roadmap
KEY USE CASES & DEMO
Thanks!
Any questions?
@Steve_Finegan
steve.finegan@resolver.com

More Related Content

PDF
Scammed: Defend Against Social Engineering
PDF
Data Driven Risk Assessment
PDF
Taking a Data-Driven Approach to Business Continuity
PDF
An Intro to Resolver's Incident Management Application
PDF
Keeping Your Data Clean
PDF
Information Security Best Practices: Keeping Your Company's Data Safe
PDF
An Intro to Resolver's Compliance Application
PDF
Why Corporate Security Professionals Should Care About Information Security
Scammed: Defend Against Social Engineering
Data Driven Risk Assessment
Taking a Data-Driven Approach to Business Continuity
An Intro to Resolver's Incident Management Application
Keeping Your Data Clean
Information Security Best Practices: Keeping Your Company's Data Safe
An Intro to Resolver's Compliance Application
Why Corporate Security Professionals Should Care About Information Security

What's hot (20)

PDF
Bay Dynamics
PDF
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
PDF
The Measure of Success: Security Metrics to Tell Your Story
PDF
Security Trends: From "Silos" to Integrated Risk Management
PPTX
Managing Enterprise Risk: Why U No Haz Metrics?
PDF
An Intro to Resolver's Risk Application
PDF
Integrating-Cyber-Security-for-Increased-Effectiveness
PDF
Crown jewels risk assessment - Cost-effective risk identification
PDF
Security Program Guidance and Establishing a Culture of Security
PDF
Integrating Cybersecurity into Supply Chain Risk Management
PPTX
Cyber Security in the Digital Age: A Survey and its Analysis
PPTX
Finding and Protecting Your Organizations Crown Jewels
PDF
Integrated risk management
PPTX
Risk Management Methodology - Copy
PDF
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
PDF
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
PPTX
Cytegic presentation 02 12
PDF
Vendor Security Practices: Turn the Rocks Over Early and Often
PPTX
CRI Cyber Board Briefing
PDF
Risk Assessments
Bay Dynamics
Why Your Organization Should Leverage Data Science for Risk Intelligence and ...
The Measure of Success: Security Metrics to Tell Your Story
Security Trends: From "Silos" to Integrated Risk Management
Managing Enterprise Risk: Why U No Haz Metrics?
An Intro to Resolver's Risk Application
Integrating-Cyber-Security-for-Increased-Effectiveness
Crown jewels risk assessment - Cost-effective risk identification
Security Program Guidance and Establishing a Culture of Security
Integrating Cybersecurity into Supply Chain Risk Management
Cyber Security in the Digital Age: A Survey and its Analysis
Finding and Protecting Your Organizations Crown Jewels
Integrated risk management
Risk Management Methodology - Copy
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience
Cytegic presentation 02 12
Vendor Security Practices: Turn the Rocks Over Early and Often
CRI Cyber Board Briefing
Risk Assessments
Ad

Similar to An Intro to Resolver's InfoSec Application (RiskVision) (20)

PPTX
Best Practices and ROI for Risk-based Vulnerability Management
PPTX
Risk View - InfoSec intro
PPTX
Risk View Info Sec Intro 3.4.10
PPTX
Управление рисками: как перестать верить в иллюзии
PDF
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
PPT
Vuln.ppt
PPT
Vuln_Man_91003.ppt
PDF
Risk & Compliance Outlook 2011
PPTX
Ivanti Threat Thursday for January 23
PPT
Anton Chuvakin on Threat and Vulnerability Intelligence
PPTX
Vulnerability_Management.pptx
PDF
Fix What Matters
PPTX
Vulnerability Management: What You Need to Know to Prioritize Risk
PPTX
Identifying Your Agency's Vulnerabilities
PPTX
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
PDF
Cyber Security Vendor Risk Management /Supply Chain Risk Management
PDF
Neupart webinar 1: Four shortcuts to better risk assessments
PDF
Webinar–5 ways to risk rank your vulnerabilities
PDF
Outpost24 webinar - risk based vulnerability management - what's in a risk score
PPT
Best Practices and ROI for Risk-based Vulnerability Management
Risk View - InfoSec intro
Risk View Info Sec Intro 3.4.10
Управление рисками: как перестать верить в иллюзии
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Vuln.ppt
Vuln_Man_91003.ppt
Risk & Compliance Outlook 2011
Ivanti Threat Thursday for January 23
Anton Chuvakin on Threat and Vulnerability Intelligence
Vulnerability_Management.pptx
Fix What Matters
Vulnerability Management: What You Need to Know to Prioritize Risk
Identifying Your Agency's Vulnerabilities
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Neupart webinar 1: Four shortcuts to better risk assessments
Webinar–5 ways to risk rank your vulnerabilities
Outpost24 webinar - risk based vulnerability management - what's in a risk score
Ad

More from Resolver Inc. (20)

PDF
How to Prove the Value of Security Investments
PDF
ERM Benchmarking Survey Results
PDF
Terrorism in a Corporate Setting
PDF
Reporting to the Board on Corporate Compliance
PDF
Modelling your Business Processes with Resolver Core
PDF
How Resolver Uses Resolver
PDF
A Peek at adidas Group's Integrated Risk & Security Management Strategy
PDF
An Intro to Resolver's Resilience Application
PDF
How to Achieve a Fully Integrated Approach to Business Resilience
PDF
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
PDF
Leveraging Change Leadership to Find Success in your IRM Program
PDF
Int:rsect: CEO Address with Will Anderson
PDF
Risk Intelligence: Threats are the New Risk
PDF
How to Use Storytelling to Communicate with Executives
PDF
Planning a move from Perspective to CORE
PDF
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
PDF
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
PDF
Integrated Risk Management 101
PDF
Integrated Security & Risk Management: Benchmarking
PDF
Planning a move from GRC Cloud to CORE
How to Prove the Value of Security Investments
ERM Benchmarking Survey Results
Terrorism in a Corporate Setting
Reporting to the Board on Corporate Compliance
Modelling your Business Processes with Resolver Core
How Resolver Uses Resolver
A Peek at adidas Group's Integrated Risk & Security Management Strategy
An Intro to Resolver's Resilience Application
How to Achieve a Fully Integrated Approach to Business Resilience
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Leveraging Change Leadership to Find Success in your IRM Program
Int:rsect: CEO Address with Will Anderson
Risk Intelligence: Threats are the New Risk
How to Use Storytelling to Communicate with Executives
Planning a move from Perspective to CORE
Creating an Enterprise-Wide Workplace Violence & Threat Assessment Team
Lessons Learned in the Aftermath of Hurricanes Harvey & Irma
Integrated Risk Management 101
Integrated Security & Risk Management: Benchmarking
Planning a move from GRC Cloud to CORE

Recently uploaded (20)

PDF
How to Choose the Right IT Partner for Your Business in Malaysia
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
PDF
Digital Strategies for Manufacturing Companies
PDF
System and Network Administraation Chapter 3
PPTX
L1 - Introduction to python Backend.pptx
PPTX
Online Work Permit System for Fast Permit Processing
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
PPTX
Odoo POS Development Services by CandidRoot Solutions
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
PPTX
Operating system designcfffgfgggggggvggggggggg
PPTX
CHAPTER 2 - PM Management and IT Context
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
PDF
Nekopoi APK 2025 free lastest update
PDF
AI in Product Development-omnex systems
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
PDF
Odoo Companies in India – Driving Business Transformation.pdf
PPTX
ISO 45001 Occupational Health and Safety Management System
How to Choose the Right IT Partner for Your Business in Malaysia
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Digital Strategies for Manufacturing Companies
System and Network Administraation Chapter 3
L1 - Introduction to python Backend.pptx
Online Work Permit System for Fast Permit Processing
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
Odoo POS Development Services by CandidRoot Solutions
Upgrade and Innovation Strategies for SAP ERP Customers
Operating system designcfffgfgggggggvggggggggg
CHAPTER 2 - PM Management and IT Context
How to Migrate SBCGlobal Email to Yahoo Easily
Which alternative to Crystal Reports is best for small or large businesses.pdf
Nekopoi APK 2025 free lastest update
AI in Product Development-omnex systems
VVF-Customer-Presentation2025-Ver1.9.pptx
Odoo Companies in India – Driving Business Transformation.pdf
ISO 45001 Occupational Health and Safety Management System

An Intro to Resolver's InfoSec Application (RiskVision)

  • 1. An Intro to Resolver’s InfoSec Application (RiskVision)
  • 3. Hello! I am Steve Finegan Product Manager at Resolver @Steve_Finegan steve.finegan@resolver.com Your Photo Here!
  • 4. And, I am Kevin Barcellos Manager, Solution Engineering kevin.barcellos@resolver.com
  • 6. IT Integrated Risk Management Risk & Regulation Audit Improve Policy & Control Response Incident Report Investigate Analyze ImproveMonitor INTEGRATED RISK MANAGEMENT PLANNING PREPERATION RESPONSE RECOVERYEVENT RiskVision RiskVision RiskVision
  • 8. VISIBILITY INTO CRITICAL ASSETS Need to capture IT assets, including servers, applications, and data and set criticality. Key challenges include volume and velocity of data and orchestrating SME input. MULTI-GEOGRAPHICAL AND REGULATORY COMPLIANCE Different legal jurisdictions have different regulatory mandates they need to comply with, and even within a jurisdiction there are multiple applicable requirements. Also, new extensive regulations like GDPR are taking effect. NEED TO IMPROVE OPERATIONAL EFFICIENCIES As a result of increasing volume and velocity of data, security and compliance groups need to improve efficiency. Redesigning processes is a challenge when the team is at capacity dealing with current workload. Pains
  • 9. ASSET IDENTIFICATION AND CLASSIFICATION AT SCALE Ability to import large volumes of assets from existing tools and to automatically send classification surveys to SMEs results in more risk- relevant data. COMPLIANCE BY GEOGRAPHY AND REGULATION Assignment of servers, applications, and data to organizational units for BU/geographic reporting. Ability to reuse control results for multiple regulations to streamline multi-regulatory compliance requirements. REALIZATION OF OPERATING EFFICIENCIES Efficiencies gained by automation and orchestration, combined with workflow process data, allows organizations to analyze and streamline processes. Gains
  • 10. RISK AND COMPLIANCE PROFESSIONALS INFORMATION SECURITY PROFESSIONALS CORPORATE SECURITY PROFESSIONALS How RiskVision helps • Gain visibility to IT risk and compliance for important standards and regulations such as ISO, PCI, NIST, and HIPAA. • Orchestrate the remediation of findings and mitigations. • Track top risks. • Model information systems and components, together with data. • Provides visibility into most critical assets. • Ensure that mitigations affecting the most important information assets are prioritized accordingly. • Understand the importance of data stored within physical environments. • Measure the effects of physical controls on information security. • Track the remediation of physical controls issues.
  • 11. Threat & Vulnerability Management IT Risk & Compliance Third Party Risk Management Primary Use Cases
  • 13. Vulnerability Management Challenges Over the past 10 years, only 12% of known vulnerabilities have been exploited12% 97,618vulnerabilities in the National Vulnerability Database (NVD) 38,953exploits in the Exploit Database >100 billionlines of code generated annually Hackers produce about 120 million variants of malware every year Through 2020, 99% of vulnerabilities exploited will be those known for at least one year Medium severity vulnerabilities are most often exploited in the wild The time it has taken from patch release to exploit in the wild has dropped from 45to 15 days in the last decade
  • 14. Key Vulnerabilities to Prioritize Vulnerabilities Affecting Crown-Jewel Assets Vulnerabilities in your Environment Known Vulnerabilities Exploited Vulnerabilities
  • 15. TVM Features Asset Classification Vulnerability Risk Scoring Remediation Ticket Orchestration Remediation Validation 1 6 7 Risk Score Aggregation & Prioritization 4 5 Data Collection 2 Data Correlation 3 Dashboards / Reporting 8
  • 16. Vulnerability Risk Scoring IMPACT LIKELIHOOD Business Criticality Type of Data Scope Other Attack Vector Attack Complexity Privileges Required User Interaction Matching Exploit Age Network Location Other
  • 17. Risk Score Aggregation E N T E R P R I S E BU 1 DBMS Server Server Server NVD CVE-2017-5632 APP APP PATCH V U L N RISK SCORE V U L N V U L N V U L N BU 2 BU 3 CVE-2017-5638 CVE-2017-4187 CVE-…. CVE-....
  • 19. Key Compliance Challenges • Volume of data o Assets o Controls • Complexity o Organization o Regulations • Minimize user resistance • Higher stakes • Need to do more with less or same resources
  • 20. Compliance Manager Features Asset Classification Common Control Framework Compliance Measurement & Reporting Control Frameworks 1 3 6 7 Workflow Management 4 5 Control Target Profiles 2 Automated Questionnaire Creation 3
  • 23. Key Vendor Risk Management Challenges • Provide an accurate view of a vendor’s riskiness • Minimize administrative burden on vendors • Ensure vendors are following through on remediation actions • Enforce a consistent process for rating vendors • Allow process to be managed with a minimal number of resources
  • 24. Onboarding, Due Diligence & Screening Vendor Risk Assessment Contract Onboarding Risk Oversight & Control Ongoing Monitoring 1 2 3 4 5 Renewal/ Termination Protocols 6 Vendor Risk Manager Features
  • 28. RE-INTEGRATE RELEASE STREAMS Combine 8.5 and SOAR 2017.1 releases: Threat object, Threat/vulnerability correlation, Trending enhancements TVM SCALABILITY Archive vulnerability instances and tickets, TVM schema optimization, KRI enhancements, Tickets UI enhancements, Compliance dashboard THREAT MODELING/TVM Threat modeling, Connector scheduling enhancements, Patch object enhancements, Tickets UI enhancements, Reporting enhancements ARCHIVING ENHANCEMENTS Assessments, Evidence, Documents, Additional dashboards and reports AUTOMATION Tickets bulk operations, Vulnerabilities bulk operations, CPE search, Hybrid controls Q3 Q4 Q119 ROY19Q2 All information is confidential and subject to change. Roadmap
  • 29. KEY USE CASES & DEMO