Verizon Risk Report

Measure security ROI through actionable data

  • Communicate effectively on security and risk
  • Identify gaps in solutions and programs
  • Determine where and how to apply resources for improvement
Future availability of Level 3 is scheduled for November 2018.

Secure Endpoint Visible Wireless Networks

Culture and process risk vector

Slow patching cadence

Culture and process risk vector

Close Unused Ports

Culture and process risk vector

Level three: 360° visibility

Culture & process view

True visibility comes when external and internal risk evaluations are combined with an in-depth review of the security culture and processes within an organization. The culture and process security posture deploys automated tools coupled with human intelligence for a comprehensive assessment.

Example security posture score: 485

Level one, two, and three combined score

  • Score range: 0-1000
  • Data sources: BitSight, Verizon DBIR, Tanium, Cylance, Recorded Future, automated tools, human intelligence
  • Built on a composite of 83 external and internal threat vector assessments

Example culture & process threat vector assessments (Grading range: A‑F)

D
External Vulnerability Assessment
B
Phishing Assessment
A
IP Reputational Assessment
Example threat level rating:

3.0

Building on data from levels one and two, level three data further informs the score to deliver a comprehensive assessment.

  • Rating range: 1.0-5.0
  • Data source: BitSight, Recorded Future, Verizon DBIR, Tanium, Cylance, automated tools and human intelligence

Based on the evaluation of external and internal risk vectors and discoveries from the deep and dark web.

Shine a light in the dark:

Recorded Future dark web report


Powered by Recorded Future, the dark web report highlights potential threats that could harm your organization and provides insights into unwanted attention that could expose your organization to cyber security attacks.

  • Brand attention and mentions
  • Exposed credentials
  • Emerging vulnerabilities
Unmatched insight into cybersecurity threats:

Verizon’s Data Breach Investigations Report


The Data Breach Investigations Report examines the biggest threats organizations face and the steps they can take to mitigate the risks.

Collected incidents that make up this report continue to fall into nine basic classification patterns. These DBIR attack vectors are ranked differently and according to threat patterns for each industry.

Risk vectors are re-prioritized using this data for a more robust and industry-focused customized assessment.

See more

Discover what behavior drives risk


Verizon’s cyber risk program culture and process assessment dives deep into an organization to discover what weaknesses lurk in the way employees interact with technology and safeguard the enterprise.

Culture and process risk assessments:

  • External vulnerability assessment
  • IP reputational assessment
  • NetFlow assessment
  • Web application assessment
  • Internal vulnerability assessment
  • Email filter check
  • Firewall system assessment
  • Endpoint system assessment
  • Phishing assessment
  • Wireless assessment
  • Physical inspection
  • Policy, process, and procedure assessment

Uncommon port
usage detected

Infrastructure and assets

Level two: an MRI for your enterprise

Inside-out view

Level two of the Verizon Risk Report further refines your security posture score through an internal evaluation that automatically searches for malware, unwanted programs and dual usage tools within your endpoints and infrastructure. This level also creates an asset-focused viewpoint that provides further insights into data captured in level one.

Example security posture score: 650

Level one & two combined score

  • Score range: 0-1000
  • Data sources: BitSight, Recorded Future, Verizon DBIR, Tanium, Cylance
  • Built on a composite of 71 external and internal threat vector assessments

Example internal threat vector assessments (Grading range: A‑F)

A
Endpoints with Viruses
D
Endpoints with Malware
B
Uncommon Port Usage
Example threat level score:

3.0

Building on data from the level one analysis, level two data further informs and refines the score.

  • Score range: 1.0-5.0
  • Data source: BitSight, Recorded Future, Verizon DBIR, Tanium, Cylance

Based on the evaluation of external and internal risk vectors and discoveries from the deep and dark web.

Shine a light in the dark:

Recorded Future dark web report


Powered by Recorded Future, the dark web report highlights potential threats that could harm your organization and provides insights into unwanted attention that could expose your organization to cyber security attacks.

  • Brand attention and mentions
  • Exposed credentials
  • Emerging vulnerabilities
Unmatched insight into cybersecurity threats:

Verizon’s Data Breach Investigations Report


The Data Breach Investigations Report examines the biggest threats organizations face and the steps they can take to mitigate the risks.

Most incidents that made up this report fell into nine basic classification patterns. These DBIR attack vectors are ranked differently and according to threat patterns for each industry.

Risk vectors are re-prioritized using this data for a robust and industry-focused customized assessment.

Internal risk groups

  • Endpoints with malware, potentially unwanted programs, and dual usage tools
  • Infrastructure and assets

Botnet infection detected

Compromised systems

Public disclosed breach

Data breaches

Open port detected

Diligence issues

Spam propagation in progress

Compromised systems

Disclosed credentials found

User behavior

Level one: see the forest for the trees

Outside-in view

The outside-in view evaluates your organization from an external viewpoint. Using data gathered from public sources on the internet, external risk vectors are identified and evaluated to provide a security posture score. A fully automated daily report is available through Verizon’s Unified Security Portal.

Example security posture score: 702
  • Score range: 1-1000
  • Data sources: BitSight, Recorded Future, Verizon DBIR
  • Composite of 21 external threat vector assessments

Example external threat vector assessments (Grading range: A‑F)

D
Botnet infections
A
Spam propagation
B
Malware servers
Example threat level score:

3.0

  • Score range: 1.0-5.0
  • Data source: BitSight, Recorded Future, Verizon DBIR

Based on the evaluation of external risk vectors and discoveries from the deep and dark web.

Shine a light in the dark:

The dark web report highlights potential threats that could harm your organization and provides insights into unwanted attention that could expose your organization to cyber security attacks.

  • Brand attention and mentions
  • Exposed credentials
  • Emerging vulnerabilities
Unmatched insight into cybersecurity threats:

Verizon’s Data Breach Investigations Report


The Data Breach Investigations Report examines the biggest threats organizations face and the steps they can take to mitigate the risks.

Most incidents that made up this Report fell into nine basic classification patterns. These DBIR attack vectors are ranked differently and according to threat patterns for each industry.

Risk vectors are re-prioritized using this data for a robust and industry-focused customized assessment to provide full industry context.

External risk groups:

  • Compromised systems
  • User behavior
  • Publicly reported data breaches
  • Powered by BitSight data

One report, three perspectives:

Level one:

Outside-in view

  • Based on 200+ public data sources on the internet
  • Automated daily report
  • Data sources include BitSight, Recorded Future, and Verizon Data Breach Investigations Report (DBIR)
Level two:

Inside-out view

  • Builds on level one and includes data collected from inside the organization
  • Evaluates endpoints and infrastructure to assess security posture and uncover risks
  • Data sources include Tanium, Cylance on top of all level one sources
Level three:

Culture & process

  • Adds the capstone to level one and level two data by taking behavior, culture, process and policy into consideration
  • Includes 100 hours of Verizon professional services to help implement posture improvement
  • Enables a 360 degree assessment of security posture

Introducing Verizon Risk Report

The comprehensive security risk posture assessment that delivers:
  • Visibility of cyber-related risks
  • Measurement of your security ROI
  • Daily risk updates
  • Customized views and data for your organization
  • Transparency and benchmarking of security maturity
Leverage three views that build on each other to provide insights and end to end visibility in evaluating security maturity and identifying gaps using a proprietary risk score.

What’s working?

What do you need to improve?

If you cannot measure it, you cannot improve it.

—William Thomson
Fullscreen


Scroll