UpGuard Summit is UpGuard’s quarterly virtual event where we discuss the future of cybersecurity with security leaders across the globe.
During the latest UpGuard Summit, on August 18, 2021, some exciting announcements were made about new and upcoming features.
The details are summarized below.
Remediation Planner
Without visibility into the projected improvements to security posture, it’s difficult to establish an efficient security program.
With UpGuard’s new Remediation Planner, you can now see the potential impact on security ratings alongside each remedial action.
This will help you establish a highly efficient remediation process where the risks that will have the greatest positive impact on security posture are addressed first.
Key benefits of the Remediation Planner
- Supports a more efficient distribution of remediation efforts.
- Provides stakeholders with advanced exposure to future security posture improvements.
- Helps you maintain a resilient security posture during digital transformation.
For a walk-through of UpGuard’s Remediation planner, refer to the video below:
For more information about how this feature solves the problems limiting conventional remediation programs, refer to UpGuard’s risk remediation planning whitepaper.
Vendor Trust Page
UpGuard’s Vendor Trust Page feature (formerly Shared Profile) gives vendors the option of creating a security profile for their company to proactively share security information with anyone requesting access to it.
By requesting access to these profiles you can significantly reduce the time spent on security assessments.
This feature also greatly benefits vendors because it will reduce the cyclical administrative burden of supplying security details to new business partners. It will also increase a vendor’s chances of expanding business partnerships by demonstrating exemplary cybersecurity due diligence.
Vendors can publish the following information on their Trust Page:
- Company description - A clear explanation of what a vendor does.
- Security ratings - Vendors have the option to include their security rating and the industry average rating.
- Security spokesperson contact information - Contact information for key employees in the security team.
- Completed security questionnaires - By sharing completed questionnaires, vendors will help their clients minimize the time spent on similar assessments.
- Any supporting security documentation - Any security-related documentation or compliance certifications such as PCI DSS, SOC 2, ISO 27001, FedRAMP, etc.
Key benefits of Vendor Trust Pages
- Avoid answering the same security questions multiple times.
- Reduces time spent on security assessments.
- Vendors can demonstrate their dedication to cybersecurity by proactively sharing their security efforts with existing and new partners.
- Reduces vendor onboarding time.
- The convenient summary of key security details streamlines vendor recommendations with other businesses.
For a walk-through of UpGuard’s Vendor Trust Page, refer to the video below:
Incidents and News Feed
UpGuard’s Incidents and News feature offers a searchable and reverse-chronological feed of publicly disclosed data breaches and relevant security-related news covering cyberattacks, ransomware developments, malware updates, key acquisitions, spin-offs, mergers, and more.
This advanced exposure to cyber incidents impacting current or potential vendors promotes preemptive response efforts that could significantly reduce the impact of supply chain attacks.
The feed breaks down each incident by date, severity, impacted company, and event summary.
A personalized feed of incidents and news impacting you and your vendors can be accessed from the You and your Vendors tab.
The new Incidents and News feature compliments UpGuard’s existing security ratings, security questionnaires, and Identity Breaches features, offering you an advanced description of each vendor’s risk posture.
Key benefits of the Incidents and News Feed
- Provides important breach context for risk assessments.
- Compliments UpGuard’s Identity Breaches feature which identifies employees that have had their credentials exposed in third-party breaches.
- Promotes preemptive security response efforts to minimize the impact of supply chain attacks.
For a walk-through of UpGuard’s News and Incidents feed, refer to the video below
Upcoming Features
UpGuard’s development team will be working on the following features during the upcoming quarter:
1. Vendor Comparison
It’s important for you to carefully consider all of the potential security risks a new vendor could introduce. With Vendor Comparison, you can perform a side-by-side security posture comparison for multiple vendors.
This feature will streamline the onboarding process by helping you quickly evaluate a prospective vendor’s cybersecurity program against their competitors - simply choose a list of vendors and UpGuard will generate a single report comparing them for you.
2. Vendor Tiering
In your third-party risk management program, prioritizing your vendor risk assessments by criticality is essential. Critical vendors require more comprehensive cyber risk assessments.
Vendor tiering helps you classify, or tier, vendors based on the degree of sensitivity of the resources they access, and the criticality of the vendor relationship - the higher the tier, the more critical the vendor.
This will help you send targeted risk assessments based on the specific tier each vendor belongs to - further expanding UpGuard’s customization capabilities beyond its Questionnaire Builder.
3. Compliance and Security Standards
Compliance and Security Standards help you measure each vendor’s level of compliance with industry-standard frameworks like ISO 27001 and NIST CSF.
Through a generated report, you can assess overall compliance against selected standards based on security questionnaire responses and attack surface scans. This will enable you to uncover any compliance gaps that can then be specifically addressed.
4. Custom Notifications
In cybersecurity, time is a precious commodity, so it shouldn’t be wasted by reading through irrelevant notifications.
Custom notifications allow you to trigger notifications for the specific events that matter to you. These events will recognize UpGuard’s upcoming tiering functionality.
For example, rather than being notified every time any vendor’s score drops below a certain threshold, a trigger for this event can be set for only tier-1 vendors.
This feature will empower you to focus on the events that are most important to your specific security objectives.
Request a FREE Demo of UpGuard’s New Features
For a free demo of UpGuard’s Trust Page (formerly Shared Profile), Incidents and News Feed, and Remediation Planner, click the link below.