UpGuard Automates Vendor Risk Management

Cyber resilience company UpGuard announced on Tuesday the launch of a new product designed to help organizations automate risk assessment for third-party vendors.
The new CyberRisk product scans each third-party vendor’s assets for cybersecurity weaknesses and assigns them a risk score based on UpGuard’s Cybersecurity Threat Assessment Rating (CSTAR) system.
实施华丽的EHS意识培训,只需三步!
UpGuard, formerly known as ScriptRock, has raised nearly $27 million since 2012, including $17 million in a Series B funding round last year. Several major data breaches discovered by the company in the past months showed the risks posed by third-party vendors.
The list of incidents includes a Republican Party contractor exposing the details of 198 million American voters, recruiting firm TalentPen exposing information on job applicants at security firm TigerSwan, a call center services provider exposing the details of Verizon customers, and Booz Allen Hamilton exposing U.S. military files. In all cases, data was leaked online due to unprotected Amazon Web Services (AWS) S3 buckets.
UpGuard’s CyberRisk solution aims to help organizations prevent such incidents byproviding detailed information on their third-party vendors’ security posture. UpGuard’s Cloudscanner analyzes billions of web properties every day in search of risk factors that could lead to data breaches.
The targeted vendor is then assigned a CSTAR risk score ranging between 0 and 950. This score takes into account several factors, including an organization’s size, infrastructure, asset configurations, exposure, industry trends, and device vulnerabilities.
Since the security firm’s automated scans cannot detect all potential weaknesses, CyberRisk provides integrated questionnaires that organizations can send to their vendors. The customer simply has to select which categories they want the questionnaire to cover and enter the targeted vendor’s email address. Once the vendor completes the questionnaire, the results of the assessment are stored in the respective company’s risk profile.
跟踪软件会帮助找回失窃的电脑,但是不少跟踪软件的合法性受到大众的质疑,应制定相应的规范。
“Just as companies do background checks on prospective employee hires, it only makes sense that they conduct similar assessments of any third-party business partners before granting them access to their corporate data,” said Mike Baukes, co-founder and co-CEO of UpGuard.
“Unfortunately, many organizations still lack the processes and tools to conduct a comprehensive audit of internal and external factors affecting vendor risk. This is evidenced by the sheer number breaches occurring on a daily basis. This is an epidemic. Our CyberRisk product not only integrates both critical aspects, but we take it several steps further by providing our customers with clear remediation guidance to become truly cyber resilient,” Baukes added.
Related: Third-Party Cyber Risks a Rising Threat, Research Shows
Related: Thousands of Third-Party Library Flaws Put Pacemakers at Risk

Related: CyberGRX Partners With BitSight to Address Supply Chain Risks
如何做好机密防外泄和信息公开的平衡,智者见智,仁者见仁,您的公司是如何做的呢?有进行密级划分和等级保护吧?

猜您喜欢

移动计算时代应该严肃对待安全漏洞
网络信息安全小调
Security-Frontline-安全前线
这美女到底是是机器人还是真人?网友都炸开锅了
KONTELKABLE LAMARHUNTJR
互联网金融行业信息安全意识