Version 8.16.00 Release Notes

Summary: High-level overview of changes/updates included in RiskSense Version 8.16.00, released on April 3, 2020.

The RiskSense platform Version 8.16.00 update includes the following features and enhancements:

• Navigation Menu Changes

• Integrations

  • Aqua Integration

  • Black Duck Integration

  • Edgescan Integration

• Dashboards and Reporting

  • Executive Dashboard Update

  • Prioritization Dashboard Update

  • Application Security Dashboard Update

  • Executive Vulnerability Report Update

• RiskSense Security Rating Service (SRS)

• Miscellaneous Changes

  • Hosts Page: Additional Filters and Columns

  • Patches Page: New Filters and Sorting Options

  • CVE-Based Vulnerability and Threat Information for Application Findings

  • Application Findings Detail Additions

  • Vulnerability Risk Rating (VRR)

  • End-of-Life Widgets

  • Qualys Scanner Output Formatting

  • Generic Upload JSON Format Configuration Options

  • Fixed Issues

Navigation Menu Changes

The navigation bar has been reorganized to make it easier to navigate the RiskSense platform. Immediately to the right of the RiskSense logo is a new Home button. By default, this navigates to the Executive Dashboard but can be configured to any homepage by using the User Settings page.

The Dashboards section contains all the RiskSense-provided System Dashboards and your customized User Dashboards. Reports and Reporting Templates found a new home under this section, as well. The Network and Application sections contain the same familiar pages to navigate to your Hosts, Applications, respective findings pages, and Patches. New to the navigation menu is the Automation section, where you will find your customized Playbooks for automatic actions on the platform, as well as Integrations, where connectors and manual uploads can be managed.

The right-hand navigation menu has also been simplified. The Settings cog now houses all Configuration pages (Groups, Networks, Tags, Users, Assessments, and Scanners), System views (including Jobs, Downloads, and Uploads), and Support links to Report a Bug or view Release Notes. Clicking the new circle icon with your initials allows you to modify your User Settings or Logout of the platform. For organizations with multiple business units, clicking your Client Name in the top right wallows you to change clients via the Multi-Client Dashboard. In addition, the Jobs, Upload, and Download icons dynamically appear with an icon badge as activity occurs.

Integrations

Aqua Integration

RiskSense now supports connector integration with Aqua Security’s platform for container image scanning. Data about container images and the vulnerabilities they are affected by can now be retrieved from Aqua and ingested into the RiskSense platform, where it will be shown in the Application and Application Findings list views.

In addition, as part of the Aqua integration, CVE and threat data, which is commonly associated with the container image findings reported by Aqua, are now viewable and filterable in the Application and Application Findings list views. Further, new filter fields have been added to allow users to filter on the fields unique to container images and container image vulnerabilities.

For more information about RiskSense's new integration with Aqua Security, see the Aqua Security Connector Guide.

Black Duck Integration

RiskSense now supports connector integration with the Black Duck platform for open-source projects. Data about open-source projects and the vulnerabilities they are affected by can now be retrieved from Black Duck and ingested into the RiskSense platform, where it will be shown in the Application and Application Findings list views.

For more information about RiskSense's new integration with Black Duck, see the Black Duck Connector Guide.

Edgescan Integration

RiskSense now supports connector integration with the Edgescan platform for full-stack vulnerability management. Data about both Applications and Hosts and the vulnerabilities they are affected by can now be retrieved from Edgescan and ingested into the RiskSense platform, where it will be shown both in the Application/Host and Application Findings/Host Findings list views, respectively.

For more information about RiskSense’s new integration with Edgescan, see the Edgescan Connector Guide.

Dashboards and Reporting

RiskSense changed the style of the Executive and Prioritization dashboards to match the style of the Ransomware and Application Security dashboards. As part of this update, RiskSense has also added two new widgets to the original Prioritization dashboard and two new widgets to the Application Security dashboard.

Executive Dashboard Update

The Executive Dashboard provides an overview of your organization’s risk posture, displaying metrics on hosts, host findings, and threats.

As part of the update, RiskSense has changed how the RiskSense Security Score (RS³) Timeline operates. If your RS³ score has been recalculated in the last 30 days, the widget initially displays data for that time frame. Use the date picker to change the visible date range. The widget also assists with analyzing changes in the factors contributing to RS³. It shows the differences between the start and end dates that you select.

For a high-level overview of the updated Executive Dashboard, see Executive Dashboard: Overview.

Prioritization Dashboard Update

The Prioritization Dashboard assists users with prioritizing remediation efforts and allows users to track remediation efforts over time. This release also includes two new additions to the dashboard:

• Host Findings Over Time, which shows the open Critical, High, Medium, Low, and Info host findings present on your network over days, weeks, or months.

• Recent Host Findings by Status, which shows the open Critical, High, Medium, Low, or Info findings distributed by age or the closed Critical, High, Medium, Low, and Info findings distributed by time since resolution.

For a high-level overview of the Prioritization Dashboard, see Prioritization Dashboard: Overview.

Application Security Dashboard Update

The Application Security Dashboard provides an overview of your application attack surface and summarizes remediation efforts. RiskSense has added two new widgets to the dashboard:

• Application Findings Discovered vs. Resolved, which shows the findings discovered or resolved per day, week, month, or quarter.

• CWE Top 25 Most Dangerous Software Errors, which shows the number of open application findings, applications, and locations mapped to each of the 2019 CWE Top 25.

With this release, RiskSense has also modified two widgets on the dashboard. The Top 10 Vulnerable Applications widget now appears as a table rather than a bar chart. Users can also see the number of open Container findings in the Application Findings by Type widget.

For a high-level overview of the Application Security Dashboard, see Application Security Dashboard: Overview.

Executive Vulnerability Report Update

The Executive Vulnerability Report now more closely reflects the platform. All open finding distributions by Severity show Critical, High, Medium, Low, and Info vulnerabilities. Users will see some changes to the text, figures, and tables.

For each application featured in the “Web Application Vulnerabilities” section of the report, the “OWASP Top 10 Security Risks Mapped to Common Software Weaknesses” table shows updated mappings between the 2017 OWASP Top 10 Security Risks (OWASP Top 10) and CWEs, including the 2019 CWE Top 25 Most Dangerous Software Errors (CWE Top 25). The appendix highlights the mappings between the 2017 OWASP Top 10 and the 2019 CWE Top 25.

RiskSense Security Rating Service (SRS)

RiskSense is introducing RiskSense Security Rating Service (SRS) as a subscription-based service that scans for an organizational Internet footprint to provide organizations with complete visibility of their external-facing assets and help them understand their external attack surface, exposure, risk profile, and security posture.

Based on an organization’s one or more second-level domains, RiskSense performs  a comprehensive reconnaissance to discover the digital footprint of an organization visible to everyone and gathers observable data for six security categories that cover a range of security risks - Network Security, Application Security, DNS, Email, Patch Cadence, and Reputation.

Miscellaneous Changes

Hosts Page: Additional Filters and Columns

On the Hosts page, four new threat-related columns have been added to help you identify key risks among your assets:

• Open CVE Count: The number of CVEs among all open findings on the host.

• Open Threat Count: The total number of threats across all CVEs associated with open findings on the host.

• Open Ransomware Count: The total number of ransomware instances among all open findings on the host.

• Open RCE/PE Count: The total number of Remote Code Execution or Privilege Escalation-type threats among open findings on the host.

New Host filters have also been introduced:

• VRR - Open Findings

• VRR - Open with Threat

• VRR - Open with RCE/PE

• VRR - Open with Trending Vulnerabilities

Patches Page: New Filters and Sorting Options

Trending Vulnerability has been added as a new filter on the Patches page. Additionally, trending vulnerability information has been added to the Patch Details pane.

CVE-Based Vulnerability and Threat Information for Application Findings

With the introduction of Black Duck and Aqua Security API connectors, the platform’s Application view is now able to show vulnerability data for Open Source Software (OSS) sometimes also referred to as Software Composition Analysis (SCA) and containers after from DAST and SAST findings. The majority of OSS and container vulnerabilities are CVE based. The application findings detailed view has been enhanced to include CVE data in the Vulnerability section when available, and the Threats section includes the corresponding threats associated with the CVEs when applicable.

Application Finding Detail Additions

In the Application Findings Detail Pane, there is a new section called Asset Information, which contains all fields that are relevant to the application, like the Asset Information section on the Host Findings page. This includes the Application Name, Application Address, Location, Network Name, Network Type, and Workflow Attachments.

In addition, we are transitioning the term URL to Location.  This transition is first seen on the column titles, filters, and detail pane fields on the Application Findings page.  In the next release, URL will be transitioned to Location on all places in the platform.

Vulnerability Risk Rating (VRR)

RiskSense is beginning to transition usage of the term “Risk” and its variations (e.g., Risk Rating) to a single consistent nomenclature of Vulnerability Risk Rating (VRR). Note that functionality is unchanged; this is an update to the labels used in the UI only. With this release, you’ll notice the names of the Risk Rating filters in the Host page have been updated to include the VRR term. Future releases will continue to unify all instances of the term “Risk” to this new “VRR” label.

End-of-Life Widgets

Widgets in the older style will remain in the widget gallery for this release. Users will have the opportunity to update or recreate any custom dashboards that contain any end-of-life (EOL) widgets.

Every widget marked for EOL will have a “!“ icon in the lower right corner. Users can find them in the widget gallery by filtering by the “Planned EOL” category or by searching for them by name. Users can no longer find EOL widgets by filtering the widget list by any other category.

Qualys Scanner Output Formatting

The Qualys scanner output has significantly improved. HTML tags, entities, and fully-formatted pages, which are frequently part of Qualys scanner output, will now be interpreted and converted as appropriate.

Generic Upload JSON Format Configuration Options

The Generic Upload JSON format has been changed to the following logic. If the job config property isAssetOnly is set to true, then the file will be considered asset updates only (finding updates will be ignored) and no findings would be closed due to this upload. If the job config property isAssetOnly is set to false, then the file is considered a vulnerability scan and all findings will be processed due to this upload including participation in URbA.

Fixed Issues

• Saved filters may be deleted from the Host page on all supported browsers.

• Resolved a potential issue in displaying Accepted Risk RS³ value on the Executive Dashboard.

• Attachments to finding workflows display a more detailed error message when unsupported file types are attached.

• Fixed an issue where some findings were not properly being closed during URbA for hosts/applications that were recently merged.

To help transition to our new features and schedule training, please contact your Customer Success account manager directly or send a message to [email protected].