According to a recent McKinsey survey, 70% of CISOs expect their budget will shrink in 2021. For security teams, managing risk with a remote workforce, increased cyberattacks, and shrinking budgets means you’ll need to find a more efficient way to identify risks and keep costs down. In this blog, we’ll take a closer look at our recent release for Snow Risk Monitor – a product that helps security teams and Software Asset Managers work together to minimize software vulnerabilities and compliance risks.
Introducing Snow Risk Monitor 2.0
In the first half of 2020, our team was focused on improving functionality and visibility within the Risk Monitor platform with updates such as:
- Delivering insights into open source applications
- Expanding the visibility of software versions
- Simplifying the dashboards by combining views for personally identifiable information and vulnerabilities.
- Introducing a filter to prevent sharing personally identifiable information into the platform
- Adding the ability for users to create customized views through bookmarking filters
- Creating capabilities around intended application access and unauthorized usage
As highlighted in our recent product release, we’re excited to share that ‘Proactive Alerting’ and ‘Vulnerability Lookup’ are now available using Snow Risk Monitor. Both of these landmark capabilities can help you assess the risks associated with an application version before deploying it.
Connecting SAM and IT security
Proactive alerting gives you the ability to define risk criteria and automatically receive reports from Risk Monitor. When the conditions are met, you’ll be alerted with an email containing a secured password protected Excel spreadsheet with the details of the triggered event.
You can set these reports to send to specific individuals within your organization or distribution lists, with all the data protected by an internal system password that must be entered by the recipient or receiving system. With unique insight into the technology ecosystem, Software Asset Managers (SAM) can play a critical role in mitigating the risk of data breaches and data privacy non-compliance. Automatic daily reports make it easier to share relevant information outside of the platform to keep Software Asset Managers informed and ready to help.
But one of the biggest benefits of this enhancement is that you have a mechanism for feeding risk data back to IT Service Management (ITSM) platforms. With this functionality, you can better align with ITSM best practices or security frameworks to reduce risk.
Spot vulnerabilities in advance
A key principle of risk management is to avoid the introduction of unnecessary risk into your environment. Knowing the vulnerabilities of applications before you deploy them is a critical step in creating a software catalogue.
Traditionally, the approach for delivering applications is to make sure you have a license and the user has a valid business reason for requesting that application. The application is then deployed, and your security team is left to resolve any flaws found within the delivered code and fix the newly introduced risk.
Using Risk Monitor’s Vulnerability Lookup, you can quickly search for known vulnerabilities within any software title or version. Then, your security team can work proactively to tag and create workarounds or fixes to ensure the application is deployed securely. Ultimately, this can help you maintain good cyber hygiene and reduce risk within your organization.
Using Snow’s industry-leading software recognition catalogue, Vulnerability Lookup cross-references this information with application vulnerability information from the National Vulnerability Database, maintained by the National Institute of Standards and Technology (an agency of the United States Department of Commerce). If you’re looking to create or manage a standardized software catalogue, this capability can be incredibly powerful for finding risks before they are introduced into your environment.
Learn more about how Snow Risk Monitor can help you strengthen your company’s risk management strategy and turn your security team into an unstoppable defensive force.