The second UpGuard Summit of 2024 kicked off at the end of May, welcoming security professionals from APAC, EMEA, India, and the U.S. to discuss key developments and strategies across the cybersecurity industry. This quarter’s event focused on third-party risk management (TPRM), specifically how security teams can use automation to eliminate manual work and streamline critical TPRM workflows and processes.
Highlights from this quarter’s Summit include deep dives into UpGuard’s Trust Exchange, Detected Products, and Vendor Risk Assessments, which are capabilities that empower security teams to holistically improve the efficiency of their cybersecurity programs. UpGuard’s suite of products provides solutions across TPRM, attack surface management, trust management, vendor risk management, and other essential cybersecurity strategies. Summit also included a panel discussion with security leaders from renowned organizations who discussed their experiences building out TPRM programs.
Whether you missed this quarter’s event or simply want to review the information presented, here’s a recap of the event’s greatest highlights. Also, stay tuned to the UpGuard Newsletter to learn how to save your spot for the next UpGuard Summit as soon as registration goes live.
Learn more about the #1 TPRM solution in the world: UpGuard Vendor Risk >
Solving the most pressing problems for security teams
Welcoming attendees to the second UpGuard summit of 2024, Dan Bradbury, UpGuard’s Chief Product Officer, recapped the company’s three key focus areas for the year: removing manual effort from TPRM programs, transforming how organizations exchange trust information, and helping users stay ahead of emerging cybersecurity threats. These focus areas will shape UpGuard’s priorities throughout 2024, guiding future product enhancements and capabilities.
Insight Session: Automating Security Questionnaires with Trust Exchange
Jess Hooper introduced Trust Exchange, a new AI-powered product designed to streamline the security questionnaire process for sales and security teams. Trust Exchange allows users to import questionnaires, use AI to autofill responses from a repository of their past answers and collaborate with team members to complete and return forms and documents efficiently.
Continuing her demonstration, Jess showcased how Trust Exchange stores all questionnaires, enabling users to monitor progress, add collaborators, and quickly edit responses. Jess also highlighted the efficiency of AI Autofill and AI Enhance, significantly reducing the manual effort required to complete extensive questionnaires.
Finally, Jess introduced UpGuard’s Trust Page, which allows organizations to proactively share their security posture and documents with prospects and customers. This reduces the need for repeated questionnaire requests and effectively builds trust between vendors and organizations. Trust Exchange aims to accelerate sales cycles, reduce manual work, and improve collaboration between security and sales teams.
Join 12,000 security professionals and start using Trust Exchange for FREE>
Insight Session: The Evolution of Vendor Risk Assessments
Lisa Baldacchino provided an overview of the platform’s vendor risk management features, primarily focusing on improving and accelerating third-party risk assessments. Lisa highlighted the ongoing challenges organizations face when scaling their programs to cover large vendor networks, noting that many organizations are still developing robust processes and determining how to assess all their third-party vendors and service providers effectively.
UpGuard’s risk assessment capabilities create a unified workflow for assessing and managing vendors using comprehensive risk profiles, automated scans, questionnaires, and security documentation. Lisa also discussed UpGuard’s focus on flexibility, efficiency, and customization and outlined the upcoming enhancements UpGuard plans to make to improve the risk assessment process.
Key recent enhancements include:
- Flexibility: Customizable risk assessments for specific products, services, or regions, with the ability to conduct concurrent assessments for different engagements with the same vendor
- Efficiency: New workflows to adjust risk severity, add comments, and manage remediation and risk waivers within the platform
- Customization: Greater flexibility in customizing risk assessment reports, including commentary, report sections, formatting, and pre-populated templates for consistent and efficient reporting
Looking ahead, Lisa outlined planned enhancements:
- AI-powered questionnaires: Leveraging AI capabilities to pre-populate questionnaires and generate automated risks based on vendor audit reports and security documentation, reducing the need for lengthy vendor questionnaires
- Automated risk assessment reports: Create instant risk assessment reports based on real-time data and vendor alignment with key security frameworks, including ISO and NIST
- Collaborative workflows: New workflows for managing collaboration, sharing, and approving risk assessments within the platform, streamlining and accelerating the entire process
Join our beta program to gain early access to new features and help guide their development>
Detecting the Latest Threats with the Scanning Engine
Jess Aiken presented recent advancements the company has made to its scanning engine, helping organizations stay ahead of emerging threats. The UpGuard scanning engine continuously monitors an organization's external attack surface and vendors, automatically identifying over 23,000 technology products across a given IP.
This feature, known as Detected Products, provides insights into various technologies, including network devices, Javascript plugins, and hosting providers, all crucial for effective risk management. With recent enhancements, the scanning engine now collects an additional 1.1 Billion data points daily.
Jess highlighted that as companies grow, the number of technologies in use expands exponentially. For instance, while companies with under 500 employees use an average of 60 technologies, those with 1000-5000 employees use an average of 560. This data underscores the challenge of comprehensive risk management strategies, especially for large organizations with expansive attack surfaces.
The scanning engine effectively captures familiar and obscure products, allowing organizations to ensure consistency across their footprint and proactively mitigate risks. It anticipates future risks by cataloging potentially targeted products across a user’s attack surface.
Beyond software vulnerabilities, the engine identifies risks specific to an organization's environment, such as deviations from IT policies or inadequate vendor risk management. The Detected Products feature facilitates the creation of vendor inventories and streamlines vendor risk assessments.
Panel Discussion: Evolving TPRM Programs
Jonathan Dowdall sat down with three security leaders to discuss their experience evolving critical TPRM functions and processes. The panel featured Carlo Falciola of Exprivia Group, Juris Šmits of Rimi Baltic, and Olaf Breil of ClimatePartner.
During the panel discussion, these leaders discussed several critical TPRM strategies and ideas, including:
- Navigating TPRM with scarce resources
- Improving communication with third-party vendors
- Monitoring changes in vendor security posture
- Utilizing automation to scale TPRM programs
Looking Forward: UpGuard Summit August 2024
The UpGuard Summit seeks to unite security leaders from around the world to discuss the current state of processes and strategies critical to the cybersecurity industry, including third-party risk management, attack surface management, and more. As we look forward, stay tuned for the next UpGuard Summit in August 2024.
Sign up for the UpGuard Newsletter to be the first to know about next quarter’s UpGuard Summit.
