What is Next with Zscaler Risk360™

In recent months, we’ve spoken to dozens of organizations about better cyber risk management. Be it in Europe, Asia, or the Americas, the need for an accurate, repeatable method of managing and mitigating cyber risk is acute.

There are many reasons for this. The first is the need to quantify and mitigate cyber risk to proactively improve security postures, reducing the chances of a breach. To complicate matters, security leaders are being increasingly asked to report on cyber risk—both internally to executives and board members, and externally for compliance reasons, such as the new SEC cyber security reporting requirements.

In an effort to meet both of these requirements, security teams often rely on manual processes of pulling data from disjointed tools, attempt to normalize the data, then spend time building reports.  This is time-consuming, and distracts security team members from being able to proactively protect the enterprise. Sometimes, these leaders resort to third-party, outside-in cyber risk point products, which are a great expense to purchase and a hassle to set up, only to receive an incomplete risk picture.

For these reasons, Zscaler brought Risk360 to market early this summer. Built on the Zscaler Cloud, Risk360 helps security leaders overcome these challenges—and we’re already sharing a major product update with compelling enhancements.

How Risk360 helps

Zscaler Risk360 is our powerful risk quantification and visualization framework for remediating cyber risk. Risk360 ingests data from external sources, as well as a company’s own Zscaler environment, to create a detailed view of enterprise cyber risk posture across all four stages of a potential cyberattack. It leverages over 110 unique risk factors across the attack chain.  These factors are the risks, threats, and potentially dangerous user actions that create organizational cyber risk.

Risk360 quantifies these factors to deliver a full picture of cyber risk and track it over time, while also providing clear mitigation detail to kick off security workflows.  Additionally, it estimates potential financial exposure and generates CISO Board slides in a single click that report an organization’s current cyber risk in an executive format.  

Risk360 is unique in that it gives CISOs the ability to evaluate the efficacy of their cybersecurity controls across the four stages of attack: external attack surface, compromise, lateral propagation, and data loss.  

What’s more, Risk360 leverages Zscaler’s architecture, sitting inline to traffic. We leverage the data and signals that flow through our architecture to populate Risk360, meaning organizations can manage risk with their current Zscaler deployment without having to deploy any additional agents.

What’s New In Risk360

Zscaler released Risk360 a few months ago, but we’re already delivering a major product update. Let's take a closer look at what's new today:

• New Integrations with CrowdStrike: Risk360 now integrates with CrowdStrike, allowing organizations to pull risk signals from CrowdStrike's threat intelligence platform. Incorporating this additional data source enhances the ability of Risk360 to identify potential compromise risks.
• Highlighting UEBA Risks: User and Entity Behavior Analytics (UEBA) are a critical component of modern cybersecurity. They help organizations detect and mitigate potential threats posed by insiders or compromised user accounts. Risk360 now includes new factors that specifically highlight UEBA risks to analyze user behavior and identify anomalous activities. 
• AI-Driven Cybersecurity Maturity Assessments: These new assessments are powered by Zscaler’s Generative AI, which includes custom in-house developed large language models (LLMs). These reports can replace expensive third-party consulting initiatives, and give companies a better idea of how far along they are on their zero trust journeys.
• Expanded Financial Modeling: Risk360 now offers expanded financial modeling capabilities with Monte Carlo simulations. This advanced modeling technique allows organizations to simulate various scenarios, factoring in residual risk, inherent risk, and risk tolerance, building on the financial risk exposure estimates already present in Risk360. By providing a more accurate estimate of financial loss, Risk360 enables organizations to prioritize their mitigation efforts through a financial lens.  
• Security Risk Framework Mapping: To align with industry best practices, Risk360 now maps to popular security risk frameworks such as MITRE ATT&CK and NIST CSF. This allows organizations to map their cybersecurity controls and risk posture against recognized standards and frameworks, greatly assisting in their effort to reduce risk as well as achieve and maintain compliance.
• SEC Compliance Support: Risk360 now offers enhanced reporting capabilities, including SEC disclosure samples to streamline compliance with S-K 106 (b) in describing cybersecurity processes.

With these new updates, Risk360 will continue empowering organizations by giving them a comprehensive, data-driven approach to cybersecurity risk management. To learn more, register for our webinar discussing Zscaler Risk360 and the launch of Zscaler Business Insights, or request a demo from your Zscaler team