Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

UpGuard Automates Vendor Risk Management

Cyber resilience company UpGuard announced on Tuesday the launch of a new product designed to help organizations automate risk assessment for third-party vendors.

Cyber resilience company UpGuard announced on Tuesday the launch of a new product designed to help organizations automate risk assessment for third-party vendors.

The new CyberRisk product scans each third-party vendor’s assets for cybersecurity weaknesses and assigns them a risk score based on UpGuard’s Cybersecurity Threat Assessment Rating (CSTAR) system.

UpGuard, formerly known as ScriptRock, has raised nearly $27 million since 2012, including $17 million in a Series B funding round last year. Several major data breaches discovered by the company in the past months showed the risks posed by third-party vendors.

UpGuard

The list of incidents includes a Republican Party contractor exposing the details of 198 million American voters, recruiting firm TalentPen exposing information on job applicants at security firm TigerSwan, a call center services provider exposing the details of Verizon customers, and Booz Allen Hamilton exposing U.S. military files. In all cases, data was leaked online due to unprotected Amazon Web Services (AWS) S3 buckets.

UpGuard’s CyberRisk solution aims to help organizations prevent such incidents byproviding detailed information on their third-party vendors’ security posture. UpGuard’s Cloudscanner analyzes billions of web properties every day in search of risk factors that could lead to data breaches.

The targeted vendor is then assigned a CSTAR risk score ranging between 0 and 950. This score takes into account several factors, including an organization’s size, infrastructure, asset configurations, exposure, industry trends, and device vulnerabilities.

Since the security firm’s automated scans cannot detect all potential weaknesses, CyberRisk provides integrated questionnaires that organizations can send to their vendors. The customer simply has to select which categories they want the questionnaire to cover and enter the targeted vendor’s email address. Once the vendor completes the questionnaire, the results of the assessment are stored in the respective company’s risk profile.

“Just as companies do background checks on prospective employee hires, it only makes sense that they conduct similar assessments of any third-party business partners before granting them access to their corporate data,” said Mike Baukes, co-founder and co-CEO of UpGuard.

Advertisement. Scroll to continue reading.

“Unfortunately, many organizations still lack the processes and tools to conduct a comprehensive audit of internal and external factors affecting vendor risk. This is evidenced by the sheer number breaches occurring on a daily basis. This is an epidemic. Our CyberRisk product not only integrates both critical aspects, but we take it several steps further by providing our customers with clear remediation guidance to become truly cyber resilient,” Baukes added.

Related: Third-Party Cyber Risks a Rising Threat, Research Shows

Related: Thousands of Third-Party Library Flaws Put Pacemakers at Risk

Related: CyberGRX Partners With BitSight to Address Supply Chain Risks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.