Risk report designed to transform security decisions

The Verizon Risk Report combines Verizon’s Data Breach Investigations Report (DBIR) series’ extensive cybercriminal activity database, the company’s Professional Service consultants’ expertise and specialized data sources from technology providers including  BitSight, Cylance, Recorded Future and Tanium to create an automated, comprehensive security risk scoring framework that identifies current security gaps, weaknesses and associated risks on a daily basis.

“Security strategies have historically been focused on static defenses,” said Alex Schlager, executive director, security services, for global products and solutions at Verizon, “but in today’s fast-evolving security landscape, to be truly effective they need to be dynamic, proactive and adaptable. Businesses can no longer wait for cyber-threats to occur, or rely on historical security strategies created to deal with yesterday’s threat landscape. The Verizon Risk Report uses threat intelligence sourced daily from multiple data security sources, to allow customers to make data-driven security decisions based on today’s threats, and adaptively, and efficiently, address gaps in their security posture. With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.”

Traditionally, businesses have made security purchasing decisions based on previous expenditure or previous market trends, resulting in budget being spent without direction and often wasted. Christina Richmond, program vice president from IDC, says: “Senior executives still struggle to have complete visibility of their company’s security position, and the current threat environment, in order to make truly effective security decisions. The cybercrime threat today is very real, and organizations need to be able to adjust and prioritize spending on security solutions in a more dynamic and effective manner. The Verizon Risk Report enables businesses to obtain cyber threat intelligence, and transform how they use security services to more effectively mitigate against threats.”

How it works

The Verizon Risk Report enables enterprises to quantify their current exposure to cyber-related risks, and obtain an understanding of the probability of a potential future breach. In addition, it provides a quantitative and qualitative assessment of preventative measures, all underpinned by a framework for sustainable and measurable improvements.

Customers benefit from three service modules that integrate the specialized threat data sources via a consolidated customer security portal:

• Level 1 – the ‘outside-in view’: This initial view uses BitSight’s security rating service, combined with deep web and dark web information from Recorded Future, for external assessments. This data is enhanced and contextualized with insights from the Verizon Data Breach Investigation Report (DBIR).  
• Level 2 – the ‘inside-out view’: The external risk score obtained in level 1 can be enriched with an internal analysis of the business’ in-house systems, using Cylance and Tanium software agents. These are deployed on critical customer endpoints to provide an external and internal risk profile. The threat intelligence provided at this level is specific to the customer’s individual industry.
• Level 3 – the ‘culture and process view’: Finally, information obtained by levels 1 and 2 can then be combined with qualitative assessments of an enterprise’s security policies, processes and organizational behavior. This step concludes and completes the crucial 360-degree assessment of customer’s cybersecurity posture.  

In all cases, Verizon provides specific recommendations based on the risk report’s results to help businesses to proactively address vulnerabilities, prepare for potential threats, and improve their risk management position.

The Verizon Risk Report is currently in customer beta trials and will be available around the world in Spring, 2018.