Verizon has released a new technology built upon the collaboration of a number of its partners.
The company hopes to equip businesses and government organisations to make data-driven security decisions and focus their security spend where it will have the most impact thanks to its Verizon Risk Report (VRR).
The VRR combines Verizon's Data Breach Investigations Report (DBIR) series' extensive cybercriminal activity database, the company's professional service consultants' expertise and specialised data sources from technology providers including BitSight, Cylance, Recorded Future, and Tanium.
The end result is an automated security risk scoring framework that identifies current security gaps, weakness and associated risks on a daily basis – effectively making security decision making that much easier.
Verizon executive director of security services for global products and solutions Alex Schlager says security strategies have historically been focused on static defences but today's fast and ever-evolving security landscape demands them to be proactive and adaptable in order to be truly effective.
“Businesses can no longer wait for cyberthreats to occur, or rely on historical security strategies created to deal with yesterday's threat landscape," says Schlager.
“The VRR uses threat intelligence sourced daily from multiple data security sources, to allow customers to make data-driven security decisions based on today's threats, and adaptively, and efficiently, address gaps in their security posture. With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.
IDC program vice president Christina Richmond says in the past businesses have made security purchasing decisions based on previous expenditure or market trends, often resulting in budget being spent without direction and largely wasted.
“Senior executives still struggle to have complete visibility of their company's security position, and the current threat environment, in order to make truly effective security decisions,” says Richmond.
“The cybercrime threat today is very real, and organisations need to be able to adjust and prioritise spending on security solutions in a more dynamic and effective manner.The Verizon Risk Report enables businesses to obtain cyber threat intelligence, and transform how they use security services to more effectively mitigate against threats.
So how does it actually work? There are there service modules that integrate the specialised threat data sources via a consolidated customer security portal:
- Level 1 – the ‘outside-in view': This initial view uses BitSight's security rating service, combined with deep web and dark web information from Recorded Future, for external assessments. This data is enhanced and contextualised with insights from the Verizon Data Breach Investigation Report (DBIR).
- Level 2 – the ‘inside-out view': The external risk score obtained in level 1 can be enriched with an internal analysis of the business' in-house systems, using Cylance and Tanium software agents. These are deployed on critical customer endpoints to provide an external and internal risk profile. The threat intelligence provided at this level is specific to the customer's individual industry.
- Level 3 – the ‘culture and process view': Finally, information obtained by levels 1 and 2 can then be combined with qualitative assessments of an enterprise's security policies, processes and organizational behavior. This step concludes and completes the crucial 360-degree assessment of customer's cybersecurity posture.
Verizon then provides specific recommendations based on the outcome of the VRR's results.
The VRR service is currently in beta trials, but should soon be live and available around the world.