Third Party Risk Management (TPRM)
More than half of all data breaches begin with an insecure third party, usually one with access to an organization’s network or that holds its sensitive information. While most TPRM programs focus on cybersecurity risk, third parties require scrutiny across other risks too, including financial viability, alignment with ESG objectives, and compliance with privacy regulations and sanctions, among others.
Workflow automation platforms can be single point solutions or embedded in multi-suite offerings. Most programs incorporate cyber risk ratings to continuously monitor externally visible risk factors that indicate vulnerability to future breaches. Risk ratings are also available for financial, ESG and other risk categories. Organizations can use technology to cover more third parties, across more risk categories, at a lower cost per party.
Organizations must also sustain a strong cyber reputation to meet the standards set by their own customers. We help organizations build policies and controls based on recognized IT frameworks, and prepare for SOC2 audits. We promote the use of trust centers to facilitate fast and secure release of assessment artifacts to relieve vendor fatigue and accelerate time-to-sale.
Attack Surface Management (ASM)
ASM embraces an attacker’s perspective, enabling organizations to identify, analyze, and mitigate potential attack vectors. Continuous red teaming provides visibility into attack surfaces as hackers perceive them so security teams can defend against emerging threats, reduce vulnerabilities, and enhance incident response capabilities.
One of the most important, but undermanaged, aspects of an attack surface involves the management of TLS/SSL certificates and configurations, a basic IT housekeeping function. A vendor partner provides the leading certificate lifecycle management tool, and consolidates multiple authorities that issue certificates to save money and reduce complexity.
Endpoint Security
Our partner provides 24/7 expert-driven management, threat hunting, monitoring, investigation and response across customers’ attack surface to stop breaches. With native and third party telemetry ingestion, customers benefit from better cross-domain visibility and end-to-end remediation to eradicate threats holistically and efficiently.
External Threat Protection
Continuously monitor digital assets across the deep and dark web, open web, and social media to protect brand equity and highly targeted executives, detect threats, and provide underground intelligence.
Cloud Security
In a cloud and mobile-first world, where people access multiple devices from any location, security and privacy programs must better manage data that recognizes no perimeter. Organizations must deeply understand its data traffic and apply enhanced encryption, detect malware and other threats, and identify anomalous activity.
Our partner since 2015 is the leader in this category. Its original cloud access security broker (CASB) offering combats shadow IT by identifying and risk assessing SaaS apps, steering users to sanctioned ones. Our partner also offers a next-generation secure web gateway, zero-trust network access (VPM alternative), a unified approach to security across multiple hyper scalers such as AWS and Azure, secure browser isolation, and software defined wide area network (SD-WAN).
Security Awareness and Compliance Training
Every organization should invest in its human firewall. Our vendor partner is the world’s largest integrated platform for security awareness training and simulated phishing attacks, with the best library of content that engages and delights users.
IT/OT Network Detection and Response
The best fortified network will always be vulnerable to threat intrusion. We have studied all of the technology categories designed to manage this risk, including SIEMs, anti-virus software, endpoint security, and next generation firewalls. The only way to effectively manage the risks from within the network is to utilize unsupervised machine learning and artificial intelligence (AI) to detect anomalous activity and stop it autonomously. Our vendor partner pioneered this approach, and remains the category leader in detection and response technology to protect both information technology (IT) and operational technology (OT) networks.
Next-gen Incident Response
The same partner has revolutionized incident response by leveraging insights from its Detection capability to prepare for an event and quickly heal from it. AI-generated, bespoke playbooks model realistic, simulated incidents, enabling automated remediation and recovery.
Email Security
The same partner also combats suspicious inbox messages, such as business and vendor email compromises, that legacy providers like Proofpoint and Mimecast overlook.
Governance, Risk and Compliance (GRC)
We help organizations design a governing control framework, identify and manage the risks faced in the business, and comply with regulations. Our vendor partners accommodate organizations of all sizes and in every industry.
Cyber Risk Quantification (CRQ)
Boards increasingly want to discuss cyber risk with IT and security teams in a common language the expresses risk in monetary terms. We have relationships with several leading CRQ partners.
Privacy Management Software
The personal data that organizations collect and retain has value. Customers and employees increasingly have a say over the care and handling of it. Privacy regulators take matters a step further by establishing certain privacy rights for data subjects, with stiff penalties for non-compliance.
Depending on the jurisdiction, data subjects have rights, such as the right to be informed about the personal data an organization holds, or the right to be forgotten, requiring organizations to delete personal information upon request. These regulations are challenging organizations to rethink what data they collect, why they are collecting it, how that data gets processed, and when it gets disposed. We and our vendor partners provide the kind of surgical control of such data as well as process automation that’s essential for regulatory compliance.
Private Equity Portfolio Monitoring
We pioneered the use of cyber risk ratings to continuously monitor private equity portfolio companies and prescriptively remediate deficiencies to strengthen security posture, and to evaluate new investment opportunities.
Anything Else?
We have access to virtually every technology vendor through distribution partnerships, so tell us what else you have in mind.