Verizon Risk Report Welcome Kit

  • What is the Verizon Risk Report?

  • Verizon Risk Report changes the way we talk about security. It allows you to understand your organization’s security posture and threat environment. By integrating multiple security data sources, the report provides you with a 360-degree view of your company’s security posture (when all three levels are purchased),with actionable data that allows you to focus on a clear action plan, which will deliver a quantifiable return on your security investments. This report is designed for consumption from the board level to the security operating manager level. In addition, the report benchmarks your company against its industry and allows for the monitoring of suppliers’ and/or partners’ Outside-In security posture by leveraging a third-party scoring method that is becoming a risk requirement in some industries, and a best practice in other industries.

    Verizon Risk Report provides a rating of your organization's Outside-In, Inside-Out, and Comprehensive Security postures based on an assessment of your internal, external, company culture and policy risk vectors, combined with Verizon's proprietary insights from the Data Breach Investigation Report (DBIR).

  • Your Verizon Risk Report Team

  • Your Verizon Risk Report team will help guide you through the contract signature process to the eventual provisioning of your Verizon Risk Report service

    Account Executive (AE)

    The AE is responsible for the sale of Verizon Risk Report to you. They are also your initial POC for any questions regarding the purchase and implementation of the Verizon Risk Report.

    Project Manager (PM)

    The PM assists with user account provisioning and sends the Welcome Letter.

    Executive Consultant (EC)

    An EC will be assigned to help you navigate through your Verizon Risk Report scores, discuss strengths and weaknesses driving the score, and to answer any questions you may have. The EC will be assigned to you for as long as you remain a Verizon Risk Report customer, with the goal of helping you gauge and address your cyber risk.

  • Steps for a Successful Delivery

  • Steps for a Successful Delivery of your Verizon Risk Report

    To successfully deliver your Verizon Risk Report, there are some activities that must be completed by both Verizon and you. Our goal is to keep you informed and aware of all the steps.

    Verizon Steps

    Verizon will take the following actions to provide a smooth implementation of your Verizon Risk Report:

    • Your PM will provide you with their contact details, and other information associated with your Verizon Risk Report order.
    • Note You will also receive the full contact details for your AE, PM, and any other relevant Verizon contacts.
    • For Service Level 1, you will receive an email requesting the names and emails of all users who will need Verizon Risk Report access and then you will also receive a Welcome Letter (via email) from your PM that will describe how to access your Verizon Risk Report.
    • For Levels 2 & 3, you will first receive an email requesting the name(s) and email address(es) of all users who will need Verizon Risk Report access. After your access is completed, your PM will schedule a Customer Kickoff Call/Order Verification Call with you and other Verizon team members. 
    • Upon successful submission of your Verizon Risk Report order, your Verizon PM will be your lead contact for the engagement.  If you are subscribing to Level 2 and/or Level 3 Service, your PM will provide implementation status updates to you during weekly calls and communications on an as-needed basis.
    • Your user account will be completed within the Verizon Risk Report portal.
    • You will receive verification via email that your portal was properly created and set up.
    • PM will coordinate all project components from start to finish as part of the service.

    For Level 1 customers, the implementation will be handled via the PM and the automated email instructions.

    • PM engages the MSS Provisioning team to configure your account(s).
    • PM sends you a Welcome Letter.
    • An automated email for your self-registration is sent.

    Note You will receive back-level services with your service level. For example, if you subscribe to Level 2, you will also receive Level 1 service.

    Level 2 – You will deploy the provided agents on your end node(s). The Install Team verifies date of delivery and pushes information into production.

    Level 3 – Security Analyst will contact you to begin scheduling the assessments. The Analyst will work through each of the assessments, which are performed quarterly for the term of the contract.

    For Level 2 customers, the PM will request licenses for both Cylance and Tanium products. 

    • PM will schedule a kickoff call with you and the install team. During the call, the install team will recommend how to distribute Cylance/Tanium software within your network and will provide you with a customer packet (installation instructions, FAQ, destination IP addresses, etc.). You will be provided with the contact details for the person you should notify when you have completed the provisioning steps.
    • At this point, you will be provided with Cylance and Tanium Deployment Guides and install instructions (via the VRR customer packet) to assist you in the agent endpoint installation.  (You may also find this information on the Endpoint Download page in the VRR portal.)  This documentation also provides device deployment recommendations, as it is critical to choose a set of endpoints that represents the whole of the environment so a more realistic risk assessment can be obtained by VRR:
      • Choose network elements with operating systems that are connected to the internet, such as laptops, file servers, print servers, etc.
    • Testing
      • Verizon will test Data Collection from Tanium and Cylance
      • Verizon will evaluate possible connectivity issues on the endpoints, working in conjunction with the customer’s technical team, to determine the root cause of the connectivity issue.
    • Collect Data
      • After a predetermined amount of time, Verizon will collect data from Tanium and Cylance using the established VRR process/tools.
    • Process and Validate Reporting via the Portal
      • Verizon will validate that data is populating correctly within the Portal
      • Error Checking
    • PS Delivery team will engage you to schedule a one-hour acclimation meeting. and communicate standard deliverables:
      • Brand new L2 customers are provided a one-hour long acclimation meeting. 
        • Note: This does not apply to customers upgrading to L2 or L3 from a lower-level service, as they received an acclimation meeting with their initial purchase.
        • Note: Any additional consulting constitutes a paid Professional Service engagement.
      • Level 3 customers are provided 100 hours of Professional Services support.

    Customer Steps

    The following steps on your part will also lead to a successful and timely delivery of your Verizon Risk Report:

    Level 1

    Customers receive the Welcome Letter detailing the self-registration process for the Verizon Risk Report portal.

    • Please proceed through the self-registration process to gain access to the Verizon Risk Report portal.

    LEVEL 1 CUSTOMER ACTION:

    • You will respond to the initial email request for user account information including names and email addresses.
    • You will be sent a Welcome Letter (via email) that will contain instructions for accessing the Verizon Risk Report portal, which is where you will login to access your Verizon Risk Report.
    • Within the USP (once you login, you will be in the USP) there will be extensive tool tips and user guides available to assist you in accessing and managing your Verizon Risk Report.

    Note  If you experience issues with onboarding, you will contact mss-csd@intl.verizon.com.  You may also contact the Security Sales Representative during business hours to answer any questions.

    Levels 2 and 3

    The Customer Kickoff Call/Order Verification Call is the first gathering set up by your PM after your Verizon Risk Report contract has been signed. The call consists of:

    • Verizon Risk Report team introductions, roles, and responsibilities
    • Expectations of Verizon and your organization
    • Validate the project scope and services
    • Discuss timelines and deliverables
    • Next steps
    • Note The Customer Kickoff Call/Order Verification Call is for the complete Verizon Risk Report order and not for each individual location covered under the order. Your Verizon Risk Report order is not able to move forward without your attendance on this call.
    • Level 2 Customers engage in a kickoff call with their Verizon PM and Install Team.
      • Verizon provides a customer packet via email prior to the kickoff meeting that includes a deployment guide, user guide, customer checklist, destination IP address, and contact information for your PM and SE.
      • Your Install Team provides instructions on the deployment of the agents, and also shares recommendations for the distribution of the agents within your network.
      • After verifying that your endpoints are communicating properly with the Tanium and Cylance servers, you are sent a Welcome email that contains instructions for accessing the Verizon Risk Report portal, which is where you login to access your Verizon Risk Report.

    LEVEL 2 CUSTOMER ACTION:

    • Please ensure a local contact is present on the due dates provided to avoid re-scheduling and potential service downtime.
    • Please complete the customer checklist (from the customer packet) and return it to your Vz PM prior to installing the Tanium and Cylance agents.
    • Please use the deployment guide (again, from the customer packet) to install the Tanium and Cylance agents on your endpoints.
    • Please contact the Install Team to alert them that the software has been loaded on all the endpoints so they can verify that the endpoints are reporting back to the servers.
    • Note: You will be sent a Welcome Letter (via email) that will contain instructions for creating and accessing the Verizon Risk Report portal, which is where you will login to access your Verizon Risk Report.
    • Note: Within the Portal are extensive tooltips and user guides available to assist you in accessing and managing your Verizon Risk Report. 
  • Verizon Risk Report Service Level Options

  • Verizon Risk Report service level offerings include Level 1, Level 2 and Level 3, depending on your organization’s needs. 

    Level 1

    The Verizon Risk Report base service (Level 1 – Outside-In View) starts with an external security risk assessment that combines a risk rating from BitSight; Deep Web, Dark Web and private forum insights from a Recorded Future; and the Verizon DBIR threat patterns, which are customized using the BitSight external risk vectors in a prioritized manner based on DBIR insights for your organization’s industry and size.

    Level 2

    The next level report (Level 2 - Inside-Out View) combines the Level 1 external assessment and risk rating with internal metrics captured from your endpoint devices.  These metrics are gathered using Tanium and Cylance software agents which identify vulnerabilities and determine an overall customer security posture based on daily, monthly, and/or weekly monitoring.

    Level 3

    The highest level report (Level 3 - Culture and Process View) combines the Level 1 external view and Level 2 internal view with culture and process assessments (based on Verizon’s Cyber Risk Program). This comprehensive risk assessment is provided based on daily, monthly, and quarterly assessments.   In a future release, customers electing the comprehensive Level 3 Verizon Risk Report assessment will be able to obtain the Verizon ANSI-accredited Enterprise Security Certified certificate for display and input into regulatory and industry (i.e. AICPA) reviews.

    In addition, as a Verizon Risk Report customer, you may procure BitSight vendor monitoring reports (at the applicable rates) on your suppliers/vendors, portfolio companies, and/or target acquisitions.

     

    Service Level Delivery Data Sources
    Level 1 – Outside-In View Fully automated, daily report via Unified Security Portal (USP) with specific prioritized recommendations BitSight, Verizon DBIR, Recorded Future
    Level 2 – Inside-Out View Initial deployment of endpoint agents followed by fully automated data extraction and integration of results into base service report that can provide daily reporting via USP with specific prioritized recommendations Tanium, Cylance, Recorded Future
    Level 3 – Culture & Process View Professional Services based assessment with the integration of results into base service report with specific prioritized recommendations Verizon Cyber Risk Program
  • The Verizon Risk Report Portal

  • The Verizon Risk Report offers a simple self-registration process that makes it quick and easy to begin using the portal.

    Supported Browsers – The latest versions of the main browsers are supported.

    Self-Registration and Logging In - Following the Welcome Letter, you will receive an invitation (email address sender: mss-csd@intl.verizon.com) that will include the URL link and instructions for self-registration so you may login to access the Verizon Risk Report portal. Please note that for security reasons, the invitation URL is only valid for forty-eight (48) hours. If you do not register within this timeframe, you will need to contact us (see below).

    Verizon Risk Report Self-Registration Process

    1. To begin the Verizon Risk Report self-registration process, please refer to your User Registration Invitation email. (Note that the email may be delivered to your Spam or Junk folder.)
    2. Create Account: Enter the requested information under the User Registration Details heading and click Create Account. Username must be unique and cannot contain an email address.
    3. Login: Once your account has been successfully created, you will be forwarded to a login page. Use your newly created Username and Password to log into the system.
    4. One-Time-Passcode: Check your email for an email titled Your Verizon Managed Security Passcode. Copy and paste the 8-digit passcode from the email into the One-Time Passcode (OTP) field and click Submit.
    5. Security Questions: You will be required to select and answer two Security Questions. These questions will be used if you need to unlock your account in the future. After you have selected and answered both questions, click Save & Continue.
    6. Mobile Authentication: Finally, you are able to sync your smart phone’s Two-Factor App (any iTunes / Playstore supported app) by scanning the provided QR codes to generate One-Time Passcodes which will be used in the login process.
      1. Go to the Main menu in the Google Authenticator app
      2. Tap More > More > Settings
      3. Tap Time correction for codes
      4. Tap Sync now
    7. Note: You may choose to Skip Mobile Authentication, resulting in a pop-up window that will allow you to proceed directly to the Verizon Risk Report in the future. If you choose this option, you will use an OTP delivered to your email to login to the portal.

      Please note that using Google Authenticator on Android devices is not recommended due to Google’s time synching issue. If you choose to use Google Authenticator on an Android device, please follow the instructions below to ensure your device time is synched correctly.


      Once the app verifies that the time has been synched, you may use your verification codes to sign in.

      Note: The sync will only affect the internal time of your Google Authenticator app, and will not change your device’s Date & Time setting.

    8. You will be directed to your Verizon Risk Report dashboard page.

      Accessing the Verizon Risk Report

      Now that you have completed the Verizon Risk Report self-registration process, you may click on the following link (depending on your region) to enter your Username, Password, and One-Time Passcode to access the Verizon Risk Report going forward:

  • Value-Added Features

  • There are value-added features available with your Verizon Risk Report.

    Note Not all options are available at every level, and additional fees may apply. Ask your Verizon Account Team for more details.

    Vendor Monitoring

    This add-on service is available with all three Levels and allows customers to monitor the security posture of the vendors and partners they do business with.

    • Continuously monitor and quantify the cyber risk of third parties
    • Lead intelligent, data-driven conversations with vendors about their security posture
    • Increase visibility during M&A activity
    • Will be accessed via the Verizon Risk Report portal

    Vendor Monitoring

    This add-on service is available for all 3 Levels and allows customers to monitor the security posture of the vendors and partners they do business with.

    • Continuously monitor and quantify the cyber risk of third parties
    • Lead intelligent, data-driven conversations with vendors about their security posture
    • Increase visibility during M&A activity

    Cylance and Tanium Additional Licenses

    Levels 2 and 3 include 500 Cylance and 500 Tanium licenses.  If you want visibility into more than 500 endpoints, you will need to purchase additional licenses. Licenses are available in increments of 500, up to 5000. 

  • Service Contact Information

  • Service Issue Be prepared with the following information: Call / Visit Account Team

    Order

    Service Order Number

    Contact Assigned Account Team

    Contact Assigned Account Team

    Service Assurance

    Company name and User’s name -or- Previously opened ticket number

    Contact MSS-CSD at ; mss-csd@intl.verizon.com, or call:
    USA: +1 703 857 4170
    EMEA: +49 231 972 3000 
    APAC: +61 2 6256 3780

    Contact Assigned Account Team

  • Frequently Asked Questions

What is Verizon Risk Report? +

See What is Verizon Risk Report above.

What service levels are available with Verizon Risk Report? +

See Verizon Risk Report Service Level Options above.

What should I do if my Company Legal Entity(ies) information is inaccurate? +

If your Company Legal Entity (ies) information is incorrect and/or missing, please contact support at mss-csd@intl.verizon.com to correct the issue.

What do I do if my company domain(s) information is inaccurate? +

If your company domain (URL) information is missing, please go to the domain tab within the BitSight Portal to add the missing domain information.

If your company domain (URL) information is incorrect, you can contact MSS-CSD (mss-csd@intl.verizon.com). The MSS-CSD team will engage BitSight Support to update the domain.

How do I upgrade my Verizon Risk Report service? +

Please contact your Verizon Sales Representative to discuss upgrading your Verizon Risk Report service.

Who can help me understand how to use the Verizon Risk Report Dashboard? +

To help you get the most value out of your Verizon Risk Report, a member of our security practice team will set up a meeting to walk your team through the Dashboard and answer any questions.

How do I add users to my company account? +

In order to add new users, please contact support at mss-csd@intl.verizon.com. You will be asked to provide the user’s email address and name. They will be contacted by support with instructions to set up their account.

  • Important Links

  •  

    Accessing the Verizon Risk Report
    For access in the Americas
    For access in EMEA
    For access in APAC
    Introduction to Navigating the VRR Dashboard
    Access here