UpGuard is trusted by hundreds of companies worldwide
Trusted by hundreds of companies worldwide
Capabilities
Ability to create and automate workflows for onboarding and offboarding vendors. Helps users maintain a vendor inventory, along with relevant information.
2,000,000+ organizations scanned daily. Non-intrusive scans of IPv4 web space completed in just 24 hours.
Offers cybersecurity ratings and deep reporting capabilities to help businesses surface and manage cyber risks
Provides a risk rating between 0 and 100 but unknown number of companies covered.
Provides a security questionnaire and vendor due diligence information exchange to help reduce the operational overhead of traditionally manual and point in time assessments.
Usability and the learning curve
A fully cloud-based service with minimal installation criteria required.
High-level summation of risk with the ability to drill down into precise technical details.
Provides dashboard visibility for risk prioritization based on configured policy. Cloud based platform offers minimal need for installation.
Risks detailed on each point-in-time vendor assessment, as well as cybersecurity risk ratings.
Risks detailed on point-in-time vendor assessment coupled with continuous monitoring of inherent risk, threat intelligence, and risk scoring. The exchange model forces more frequent point in time assessments, as many as 2-3 times each year.
Community support
Engages their user community with regular blog posts on topics covering relevant security incidents, global privacy regulations, new feature updates, industry developments, webinars, and certification and training programs.
UpGuard Summit brings together a community of security leaders from leading companies, explores the future of security and helps businesses stay secure. The UpGuard cybersecurity and risk management blog is updated four times a week and our breach research blog has uncovered and secured some of the largest data breaches.
Offers a customer user academy, consistently updated company blog, coverage of critical global security events, and a regular webinar schedule for sharing best practices.
Company and product blog.
ProcessUnity (formerly CyberGRX) offers extensive community support sharing best platform and program practices via regularly updated podcasts, webinars, whitepapers, and strategic partnerships.
Release rate
States that they make at least monthly updates to their suite of product offerings.
UpGuard has adopted DevOps principles internally to develop, test, and release software continuously, ensuring fast, consistent, and safe releases.
RiskRecon does not appear to publicly share regular release rates, roadmaps, or documentation for solution updates.
ProcessUnity (formerly CyberGRX) makes product releases throughout the year as needed and documents release notes monthly to help users understand and make use of beneficial changes.
Pricing and support
Offers largely transparent pricing for their multiple offerings via their website, with flexible pricing & billing options for small & growing businesses.
UpGuard has a transparent pricing model which you can view here. UpGuard pricing starts at $5,999/year and scales with your company.
Public pricing information is not available. Pricing is reported to start at $10,000 and increases based on the number of vendors monitored.
Public pricing information is not available.
ProcessUnity (formerly CyberGRX) lists typical engagements as starting at around $120,000 USD. This includes validated assessments data, and unlimited access to the CyberGRX Exchange.
API and extensibility
Offers REST API and SDK for data feed connectivity and workflow management options with external applications.
UpGuard offers a standard API to pull data into other enterprise applications.
ProcessUnity (formerly CyberGRX) offers a fully functional bidirectional API.
Third-party integrations
Offers out-of-the-box integrations with a broad range of third-party platforms. OneTrust’s healthy ecosystem of integration options includes third-party platforms such as ServiceNow, UpGuard, Adobe, RSA Archer, and more.
Connect UpGuard with over 4,000+ apps using our Zapier integration.
Offers integrations with GRC platforms, such as RSA Archer, Sigma Ratings, Whistic, and more.
Integrates with ServiceNow.
Integrates with multiple GRC platforms, visualization tools, ticketing systems, and SOC tools.
Customers
Notable listed OneTrust customers include Air Canada, DHL, and Drax.
The New York Stock Exchange (ICE), Morningstar, TDK, PagerDuty, Hopin, and IAG. Read our customer stories.
Major customers include Informatica, Tufts Health Plan, University of San Francisco, and Sentara.
Customers include Iron Mountain, Pfizer, London Stock Exchange, Herbert Smith Freehills, and Ford.
Major customers include Medibank Private, Mass Mutual, QBE, Solix, and McAfee.
G2 rating
Accurate as of January 2024
4.5, based on 92 reviews
4.5, based on 164 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
4.5, based on 2 reviews.
4.6, based on 19 reviews.
4.5, based on 19 reviews.
Predictive capabilities
Offers an AI engine via their Athena product enabling risk insights across privacy, security, & governance risks. For their third-party risk offerings, this will include insights about a vendor’s internally managed security controls, policies, and practices. However, OneTrust does not natively incorporate many of the critical breach vectors associated with an organization’s external-facing attack surfaces.
As UpGuard checks for misconfigurations across your Internet footprint, many important breach vectors are covered, including phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data leaks are automatically surfaced by the platform for your team to assess and close before they become breaches.
Allows users to implement a baseline configuration within the RiskRecon portal to match risk structures being used to manage enterprise and third-party risk. Risks monitored provide visibility into email security, application security, network filtering, and more.
Relies on point-in-time risk assessments and cybersecurity risk ratings based on monitoring 1,500+ criminal forums; thousands of onion pages, 80+ dark web special access forums; 65+ threat intelligence feeds; and 50+ paste sites for leaked credentials and potentially targeted companies — as well as several security communities, code repositories, and vulnerability databases.
Checks identified risk vectors such as phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data breach incidents are captured, and notice is provided via the exchange.
Security rating
950
/ 950
950
/ 950
950
/ 950
950
/ 950
950
/ 950
Capabilities
Ability to create and automate workflows for onboarding and offboarding vendors. Helps users maintain a vendor inventory, along with relevant information.
Usability and the learning curve
A fully cloud-based service with minimal installation criteria required.
Community support
Engages their user community with regular blog posts on topics covering relevant security incidents, global privacy regulations, new feature updates, industry developments, webinars, and certification and training programs.
Release rate
States that they make at least monthly updates to their suite of product offerings.
Pricing and support
Offers largely transparent pricing for their multiple offerings via their website, with flexible pricing & billing options for small & growing businesses.
API and extensibility
Offers REST API and SDK for data feed connectivity and workflow management options with external applications.
Third-party integrations
Offers out-of-the-box integrations with a broad range of third-party platforms. OneTrust’s healthy ecosystem of integration options includes third-party platforms such as ServiceNow, UpGuard, Adobe, RSA Archer, and more.
Customers
Notable listed OneTrust customers include Air Canada, DHL, and Drax.
G2 rating
Accurate as of January 2024
4.5, based on 92 reviews
Predictive capabilities
Offers an AI engine via their Athena product enabling risk insights across privacy, security, & governance risks. For their third-party risk offerings, this will include insights about a vendor’s internally managed security controls, policies, and practices. However, OneTrust does not natively incorporate many of the critical breach vectors associated with an organization’s external-facing attack surfaces.
Security rating
950
/ 950
Capabilities
2,000,000+ organizations scanned daily. Non-intrusive scans of IPv4 web space completed in just 24 hours.
Usability and the learning curve
High-level summation of risk with the ability to drill down into precise technical details.
Community support
UpGuard Summit brings together a community of security leaders from leading companies, explores the future of security and helps businesses stay secure. The UpGuard cybersecurity and risk management blog is updated four times a week and our breach research blog has uncovered and secured some of the largest data breaches.
Release rate
UpGuard has adopted DevOps principles internally to develop, test, and release software continuously, ensuring fast, consistent, and safe releases.
Pricing and support
UpGuard has a transparent pricing model which you can view here. UpGuard pricing starts at $5,999/year and scales with your company.
API and extensibility
UpGuard offers a standard API to pull data into other enterprise applications.
Third-party integrations
Connect UpGuard with over 4,000+ apps using our Zapier integration.
Customers
The New York Stock Exchange (ICE), Morningstar, TDK, PagerDuty, Hopin, and IAG. Read our customer stories.
G2 rating
Accurate as of January 2024
4.5, based on 164 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
Predictive capabilities
As UpGuard checks for misconfigurations across your Internet footprint, many important breach vectors are covered, including phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data leaks are automatically surfaced by the platform for your team to assess and close before they become breaches.
Security rating
950
/ 950
Capabilities
Offers cybersecurity ratings and deep reporting capabilities to help businesses surface and manage cyber risks
Usability and the learning curve
Provides dashboard visibility for risk prioritization based on configured policy. Cloud based platform offers minimal need for installation.
Community support
Offers a customer user academy, consistently updated company blog, coverage of critical global security events, and a regular webinar schedule for sharing best practices.
Release rate
RiskRecon does not appear to publicly share regular release rates, roadmaps, or documentation for solution updates.
Pricing and support
Public pricing information is not available. Pricing is reported to start at $10,000 and increases based on the number of vendors monitored.
API and extensibility
Offers a standard API to create extensibility for RiskRecon cybersecurity ratings.
Third-party integrations
Offers integrations with GRC platforms, such as RSA Archer, Sigma Ratings, Whistic, and more.
Customers
Major customers include Informatica, Tufts Health Plan, University of San Francisco, and Sentara.
G2 rating
Accurate as of January 2024
4.5, based on 2 reviews.
Predictive capabilities
Allows users to implement a baseline configuration within the RiskRecon portal to match risk structures being used to manage enterprise and third-party risk. Risks monitored provide visibility into email security, application security, network filtering, and more.
Security rating
950
/ 950
Capabilities
Provides a risk rating between 0 and 100 but unknown number of companies covered.
Usability and the learning curve
Risks detailed on each point-in-time vendor assessment, as well as cybersecurity risk ratings.
Community support
Company and product blog.
Release rate
Pricing and support
Public pricing information is not available.
API and extensibility
Third-party integrations
Integrates with ServiceNow.
Customers
Customers include Iron Mountain, Pfizer, London Stock Exchange, Herbert Smith Freehills, and Ford.
G2 rating
Accurate as of January 2024
4.6, based on 19 reviews.
Predictive capabilities
Relies on point-in-time risk assessments and cybersecurity risk ratings based on monitoring 1,500+ criminal forums; thousands of onion pages, 80+ dark web special access forums; 65+ threat intelligence feeds; and 50+ paste sites for leaked credentials and potentially targeted companies — as well as several security communities, code repositories, and vulnerability databases.
Security rating
950
/ 950
Capabilities
Provides a security questionnaire and vendor due diligence information exchange to help reduce the operational overhead of traditionally manual and point in time assessments.
Usability and the learning curve
Risks detailed on point-in-time vendor assessment coupled with continuous monitoring of inherent risk, threat intelligence, and risk scoring. The exchange model forces more frequent point in time assessments, as many as 2-3 times each year.
Community support
ProcessUnity (formerly CyberGRX) offers extensive community support sharing best platform and program practices via regularly updated podcasts, webinars, whitepapers, and strategic partnerships.
Release rate
ProcessUnity (formerly CyberGRX) makes product releases throughout the year as needed and documents release notes monthly to help users understand and make use of beneficial changes.
Pricing and support
ProcessUnity (formerly CyberGRX) lists typical engagements as starting at around $120,000 USD. This includes validated assessments data, and unlimited access to the CyberGRX Exchange.
API and extensibility
ProcessUnity (formerly CyberGRX) offers a fully functional bidirectional API.
Third-party integrations
Integrates with multiple GRC platforms, visualization tools, ticketing systems, and SOC tools.
Customers
Major customers include Medibank Private, Mass Mutual, QBE, Solix, and McAfee.
G2 rating
Accurate as of January 2024
4.5, based on 19 reviews.
Predictive capabilities
Checks identified risk vectors such as phishing, ransomware susceptibility (like WannaCry), man-in-the-middle attacks, DNSSEC, vulnerabilities, email spoofing, domain hijacking, and DNS issues. Data breach incidents are captured, and notice is provided via the exchange.
Security rating
950
/ 950
OneTrust Pricing
OneTrust offers largely transparent pricing for their multiple offerings via their website. Additionally, OneTrust offers flexible pricing & billing options for small & growing businesses.
For established businesses with more advanced needs, OneTrust offers Standard & Advanced packages ranging in annual price from $6,000 - $18,000 USD.
Pricing for more complex deployments requiring API and integrations access can only be accessed by speaking to a OneTrust representative.
OneTrust Features
The OneTrust platform helps users assess and manage cyber risk from third-party vendors in their digital supply chain.
The OneTrust solution leverages security questionnaires and remediation workflows through both an exchange and ad-hoc model to help customers reduce risk and improve due diligence efficiency across vendor relationships.
OneTrust Use Cases
The core capability of OneTrust’s third-party risk offering is the ability to create and automate workflows for onboarding and offboarding vendors. This helps users maintain an inventory of their vendors along with relevant information such as risk tiers, service types, and commercial timeframes.
OneTrust Demo / Trial
OneTrust offers a free trial of its platform of Privacy & Data Governance, GRC & Security Assurance, Ethics & Compliance, and ESG solutions to help organizations learn how OneTrust can help operationalize risk, compliance, and business initiatives to make trust a competitive advantage.
OneTrust API
OneTrust offers out-of-the-box integrations with a broad range of third-party platforms. OneTrust’s healthy ecosystem of integration options includes third-party platforms such as ServiceNow, UpGuard, Adobe, RSA Archer, and more.
OneTrust Reviews
The general sentiment of OneTrust users based on multiple review sources is summarized below.
Key Pros:
1. Ease of Use and User-Friendly Interface
The user-friendly design of OneTrust's interface is highly regarded by users, simplifying the management of data privacy and governance tasks.
2. Impressive feature-set
OneTrust users have praised the platform's wide range of featues addressing multple categories of third-party risk management, including privacy management, GDPR compliance and even data mapping.
3. Customer support
OneTrust's customer support team is highly regarded by users, with prompt assistance consistently available even beyond initial implementation.
4. Regular updates
Some users have highlighted the regularity of updates being pushed to the OneTrust platform.
Key Cons:
1. Integration challenges
Several users have reported integration issues, particularly with cookies compliance and consent management tools. Issues include bugs and challenges with establishing integrations.
2. Complex implementation
While OneTrust offers an impressive set of features in its platform, users have reported frustrations with implementing these features, resulting in lengthy and challenging implementation processes.
3. Performance issues
Some users have reported functionality issues on the OneTrust platform, particularly with cookie compliance modules and export functionalities.
Gartner Peer Insights
Overall ratings for the IT VRM Solutions market. Accurate as of January 2024
UpGuard
4.4, based on 160 reviews. Named a Representative Vendor in the 2022 Gartner Market Guide for IT VRM Solutions
OneTrust
4.3, based on 163 reviews
G2
Accurate as of January 2024
UpGuard
4.5, based on 164 reviews. Named a G2 Market Leader for Third Party & Supplier Risk Management Software.
OneTrust
4.5, based on 92 reviews
Glassdoor
Accurate as of January 2024
UpGuard
4.6
OneTrust
.svg)
2.7
All Competitors & Alternatives
We want you to choose the best platform, even if it's not UpGuard.
Ready to see
UpGuard in action?
Want to see how UpGuard stacks up against the competition?
Start a free trial and get complete visibility into your attack surface and third-party risks.
