The Verizon Risk Report (VRR) Explained

Posted: 28th March 2018

In today’s ever-evolving cybersecurity landscape, organizations cannot afford to rely on stale security strategies and wait for threats to hit them. The Verizon Risk Report (VRR) is a method for organizations to quantify risk using real-time data and intelligence from Recorded Future. Combining extensive data on cybercriminal activity from Verizon’s Data Breach Investigations Report (DBIR) with specialized data sources from technology providers, this new security assessment creates a comprehensive security risk scoring framework that can identify current security gaps and weaknesses.

By using a multi-tiered approach, companies can assess and mitigate weaknesses from multiple viewpoints, including:

  • An outside-in view: Collect data from external sources to assess an organization’s external posture, and contextualize this data with insights from the Verizon Data Breach Investigation Report (DBIR).
  • An inside-out view: Enhance the initial view with additional data from internal sources, such as internal analysis of a business’s in-house systems.
  • A cultural and process view: Assess security processes and policies for an organization to accurately determine the customer’s cybersecurity posture.

Threat intelligence from the VRR is sourced daily from multiple data security sources, and this service includes an overall security posture score coupled with specific view score. The overall security posture (hygiene) has a complementary threat-level score that addresses environmental situations outside of the hygiene. Based on the level of information that exists within the VRR, at any given time, there is a confidence level assigned for the security posture and threat level scores.

This three-tiered approach helps to prioritize and direct resources to the greatest areas of need while providing executives and board-level members a measurable view of their overall risk while assisting leaders with risk management, budget priorities, investment measurements, and benchmarking business units.

According to Alex Schlager, executive director, security services, for global products and solutions at Verizon, “With VRR, Verizon is changing not only how security solutions are used, but more importantly, how customers can develop their security strategies.”

We are pleased to collaborate with Recorded Future on this important initiative. Blending Recorded Future threat intelligence data and Verizon’s security expertise into a unified process is groundbreaking and will empower teams to make data-driven security decisions and better understand current and future threats to their organizations.

Joseph Kucic

Joseph (Joe) Kucic is the senior manager — security product leader for service and risk, product owner for the Verizon Risk Report, product creator for Verizon Mobile Access Management, and responsible for the Risk Product and Research business that includes the Data Breach Investigations Report. Previously, Joe held security leadership positions at Citigroup, CA Technologies, GM Asset Management, PricewaterhouseCoopers, and KPMG.