Risk assessment framework enables better security decisions based on unparalleled cyber-threat data
LONDON, U.K. / NEW YORK – Businesses and government organizations can now make data-driven security decisions, and focus their security spend where it will have most impact, thanks to unmatched cyber-threat information delivered by a new security assessment framework – the Verizon Risk Report (VRR).
The Verizon Risk Report combines Verizon’s Data Breach Investigations Report (DBIR) series’ extensive cybercriminal activity database, the company’s Professional Service consultants’ expertise and specialized data sources from technology providers including Bitsight, Cylance, Recorded Future and Tanium to create an automated, comprehensive security risk scoring framework that identifies current security gaps, weaknesses and associated risks on a daily basis.
“Security strategies have historically been focused on static defenses,” said Alex Schlager, executive director, security services, for global products and solutions at Verizon, “but in today’s fast-evolving security landscape, to be truly effective they need to be dynamic, proactive and adaptable. Businesses can no longer wait for cyber-threats to occur, or rely on historical security strategies created to deal with yesterday’s threat landscape. The Verizon Risk Report uses threat intelligence sourced daily from multiple data security sources, to allow customers to make data-driven security decisions based on today’s threats, and adaptively, and efficiently, address gaps in their security posture. With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.”
Traditionally, businesses have made security purchasing decisions based on previous expenditure or previous market trends, resulting in budget being spent without direction and often wasted. Christina Richmond, program vice president from IDC says: “Senior executives still struggle to have complete visibility of their company’s security position, and the current threat environment, in order to make truly effective security decisions. The cybercrime threat today is very real, and organizations need to be able to adjust and prioritize spending on security solutions in a more dynamic and effective manner. The Verizon Risk Report enables businesses to obtain cyber threat intelligence, and transform how they use security services to more effectively mitigate against threats.”
How it works
The Verizon Risk Report enables enterprises to quantify their current exposure to cyber related risks, and obtain an understanding of the probability of a potential future breach. In addition, it provides a quantitative and qualitative assessment of preventative measures, all underpinned by a framework for sustainable and measurable improvements.
Customers benefit from three service modules that integrate the specialized threat data sources via a consolidated customer security portal:
- Level 1 – the ‘outside-in view’: This initial view uses Bitsight’s security rating service, combined with deep web and dark web information from Recorded Future, for external assessments. This data is enhanced and contextualized with insights from the Verizon Data Breach Investigation Report (DBIR).
- Level 2 – the ‘inside-out view’: The external risk score obtained in level 1 can be enriched with an internal analysis of the business’ in-house systems, using Cylance and Tanium software agents. These are deployed on critical customer endpoints to provide an external and internal risk profile. The threat intelligence provided at this level is specific to the customer’s individual industry.
- Level 3 – the ‘culture and process view’: Finally, information obtained by levels 1 and 2 can then be combined with qualitative assessments of an enterprise’s security policies, processes and organizational behavior. This step concludes and completes the crucial 360 degree assessment of customer’s cybersecurity posture.
In all cases, Verizon provides specific recommendations based on the risk report’s results to help businesses to proactively address vulnerabilities, prepare for potential threats, and improve their risk management position.
“Bitsight pioneered the Security Ratings market in 2011 to help companies gain more control of their cyber risk. Today with over 1,000 customers and the largest ecosystem of users and information, we clearly understand the benefit of giving companies more visibility into their security posture,” stated Dave Fachetti, senior vice president of strategic partnerships from Bitsight. “The Verizon Risk Report closely aligns with our vision to help companies not only understand their risk, but prioritize and allocate resources to minimize risk and maximize security spend. Our role as an objective Security Ratings organization supports Verizon’s strategy to create a risk posture by integrating a comprehensive internal view with an independent, industry-standard external view of an organization’s cyber risk. Needless to say, we are thrilled to be a part of Verizon’s unique offering and the impact it will have in helping companies make informed, data-driven security decisions.”
The Verizon Risk Report is currently in customer beta trials and will be available around the world in Spring, 2018.
Verizon will be showcasing the Verizon Risk Report and other intelligent security solutions at RSA 2018 in San Francisco. From more information please come and visit us there - Moscone North Hall booth #4121.
About Verizon Communications, Inc.
Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York City, generated $126 billion in 2017 revenues. The company operates America’s most reliable wireless network and the nation’s premier all-fiber network, and delivers integrated solutions to businesses worldwide. Its Oath subsidiary reaches about one billion people around the world with a dynamic house of media and technology brands.
Founded in 2011, Bitsight transforms how organizations manage information security risk. The Bitsight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Organizations worldwide, including seven of the top 10 cyber insurers, 20% of Fortune 500 companies, and 3 of the top 5 investment banks use Bitsight’s proven Security Ratings technology on a daily basis to make integral risk and business decisions. With over 1,000 customers and the largest ecosystem of users and information, Bitsight is the most widely used Security Ratings Service. For more information, please visit www.bitsight.com, read our blog or follow @Bitsight on Twitter.
VERIZON'S ONLINE MEDIA CENTER: News releases, stories, media contacts and other resources are available at www.verizon.com/about/news/. News releases are also available through an RSS feed. To subscribe, visit www.verizon.com/about/rss-feeds/.