Prism’s Latest Update Improves Asset Prioritization, Adds New Integrations and the Ability to ‘Recast’ Risk Ratings

Prism 2.6 Blog Header

Today marks the release of Prism Platform (version 2.6), one of our most feature-packed updates yet, including Global Search, Remediator Dashboard, Asset Grouping, Single Sign On (SSO), and more.

Global Search

Global Search makes it fast for users to locate specific issues within their estate.

The new functionality enables users to search for Projects, Phases, Scans, Assets, Issues, and Questionnaires from one search bar, as well as by an issue’s unique number.

Global Search will be especially powerful in instances where teams need to quickly evaluate the potential impact of a new critical vulnerability, and is yet another way Prism accelerates remediation.

Remediator Dashboard

Prism’s new Remediator Dashboard completely transforms remediation tracking by making the process dynamic, insightful, and continuous.

Users are served key insights into their remediation activity, which are automatically generated by the dashboard.

At a glance, users can see summaries of their team’s progress for given periods of time, ranging from the past 7 days to 12 months, making it effortless to continuously track remediation.

The following metrics can be tracked:

  • Open Issues: How many open issues are detected and found
  • Closed Exploitable Issues: How many exploitable issues have been closed
  • Remediated Issues: How many issues have been remediated
  • Dynamically Remediated: How many issues have been closed on a user’s behalf by Prism’s Dynamic Remediation
  • Accept Risk: How many issues have been set to ‘accepted risk’
  • False Positives: How many issues have been marked as ‘false positive’
  • Issue Comments: How many comments have been made in the system
  • Closed Vulnerability Age: How old were the issues that have been remediated
  • Closed Jira Issues: How many issues have been closed via Jira
  • Closed ServiceNow Issues: How many issues have been closed via ServiceNow
  • Personnel Performance: Displays the productivity of teams and individuals

Asset Grouping

Prism’s new Asset Grouping feature gives teams more control of how they divide up and report on their estates within the platform.

Users can select any number of assets to create new groups.

Once a group is created, users can define how assets should be assigned to it, such as by hostname or IP address.

Based on these settings, Prism automatically sorts assets when new results are imported into the platform. Each group can carry its own settings, giving users greater flexibility of how their inventories are organized.

Prism generates useful insights about asset groups, including whether a group is compliant with SLAs and what the overall severity score is.

Single Sign On

Prism now integrates with single sign-on solutions Okta and Azure AD to make access management seamless.

Once the integration is set up, teams can make changes to their users’ settings, such as granting or revoking access to Prism, within their own infrastructures.

The platform will then reflect those changes without requiring a user to update any settings within the platform itself.
By enabling teams to manage their users centrally, Prism integrates with an organization’s pre-existing processes and makes it easy to ensure the platform is secured at all times.

Below is a summary of all the additional new features included in version 2.6.

Application Features Operational Features
Auto Import support for Rapid 7 Nexpose/InsightVM - Prism now supports auto API and Auto Importing features for InsightVM and Nexpose. Users can now add their Rapid 7 details via the connected accounts section and setup auto imports via ‘project’ settings. Additional Warnings on Closed Phases - An additional warning is shown when trying to import external files in a closed phase.
Scan Comparison - Vulnerability Scanning projects now have the ability to compare two scan results side by side to assist with analysis and issue status comparisons. Red Team Service Type - Red Team is now officially supported within Prism as its own service type.
Auditor View - Users can now be assigned as an auditor. Auditors can only view the dashboard and basic information on vulnerabilities within a client’s tenant. Original Rating on Manual Issues - For manually created issues, ‘risk rating’ and ‘original risk rating’ are kept the same while in their draft state.
Request a Retest - Users can now request a retest from their testing company directly within a phase in Prism for penetration tests. Once requested, an email will be sent to the Project Lead assigned to the project from the testing provider, ready for them to follow up with the client to perform the retest.
Dashboard Activity Graph - The query has been updated to include the number of issues remediated within a given month, rather than displaying a cumulative number.
Jira Custom Fields - Jira integration has been improved so users can edit additional Jira fields before exporting them to the Jira platform.
Service Now Additional Information - Technical details and affected hosts are now included in Service Now exports.
Compliance View Available Within Tenant Overview - Tenant overview now has the option to view compliance data for their company, if user has the correct permissions.
Team Compliance Leaderboard - As well as individual users, teams are now included within the Compliance Dashboard Leaderboards.
Parent Child Issue Linking - For projects created by users, ‘parent child linking’ will now be created when issues are brought into Prism from ‘draft’ status. ‘Parent child’ support has also been added for Outpost 24 issues.
Active Exploits included within Assets Section - Active exploits are now displayed and filterable within the assets section.
CVEs included on exported spreadsheets - Within exported spreadsheets, issue CVEs have now been included.

Prism’s Product Manager, Jon Bellard, will be giving a tour of Prism (version 2.6), at 15:00 (BST) on Thursday, 20th October. Click here to sign up to the webinar or to receive the recording post-event.



source https://www.rootshellsecurity.net/prisms-latest-update-improves-asset-prioritization-adds-new-integrations-and-the-ability-to-recast-risk-ratings/

Comments