Story image

Verizon unveils new tech to transform security decision making

28 Mar 2018

Verizon has released a new technology built upon the collaboration of a number of its partners.

The company hopes to equip businesses and government organisations to make data-driven security decisions and focus their security spend where it will have the most impact thanks to its Verizon Risk Report (VRR).

The VRR combines Verizon’s Data Breach Investigations Report (DBIR) series’ extensive cybercriminal activity database, the company’s professional service consultants’ expertise and specialised data sources from technology providers including BitSight, Cylance, Recorded Future, and Tanium.

The end result is an automated security risk scoring framework that identifies current security gaps, weakness and associated risks on a daily basis – effectively making security decision making that much easier.

Verizon executive director of security services for global products and solutions Alex Schlager says security strategies have historically been focused on static defences but today’s fast and ever-evolving security landscape demands them to be proactive and adaptable in order to be truly effective.

“Businesses can no longer wait for cyberthreats to occur, or rely on historical security strategies created to deal with yesterday’s threat landscape," says Schlager.

“The VRR uses threat intelligence sourced daily from multiple data security sources, to allow customers to make data-driven security decisions based on today’s threats, and adaptively, and efficiently, address gaps in their security posture. With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.”

IDC program vice president Christina Richmond says in the past businesses have made security purchasing decisions based on previous expenditure or market trends, often resulting in budget being spent without direction and largely wasted.

“Senior executives still struggle to have complete visibility of their company’s security position, and the current threat environment, in order to make truly effective security decisions,” says Richmond.

“The cybercrime threat today is very real, and organisations need to be able to adjust and prioritise spending on security solutions in a more dynamic and effective manner.The Verizon Risk Report enables businesses to obtain cyber threat intelligence, and transform how they use security services to more effectively mitigate against threats.”

So how does it actually work? There are there service modules that integrate the specialised threat data sources via a consolidated customer security portal:

  • Level 1 – the ‘outside-in view’: This initial view uses BitSight’s security rating service, combined with deep web and dark web information from Recorded Future, for external assessments. This data is enhanced and contextualised with insights from the Verizon Data Breach Investigation Report (DBIR).  
  • Level 2 – the ‘inside-out view’: The external risk score obtained in level 1 can be enriched with an internal analysis of the business’ in-house systems, using Cylance and Tanium software agents. These are deployed on critical customer endpoints to provide an external and internal risk profile. The threat intelligence provided at this level is specific to the customer’s individual industry.
  • Level 3 – the ‘culture and process view’: Finally, information obtained by levels 1 and 2 can then be combined with qualitative assessments of an enterprise’s security policies, processes and organizational behavior. This step concludes and completes the crucial 360-degree assessment of customer’s cybersecurity posture.  

Verizon then provides specific recommendations based on the outcome of the VRR’s results.

The VRR service is currently in beta trials, but should soon be live and available around the world.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.