We’ve expanded our vulnerability detection and management capabilities by differentiating between verified and unverified vulnerabilities.
As UpGuard scans from outside companies’ networks, there are some vulnerabilities we can confirm (verified vulnerabilities), but others we only know may exist (unverified vulnerabilities). When verified vulnerabilities are detected, you’ll also be able to see them on your, and your vendors’, risk profiles and use them in our remediation and risk waiver workflows.
In addition, you now can ignore unverified vulnerabilities to remove them from the vulnerabilities list. This is different from a risk waiver because you are signaling that the risk doesn’t exist, as opposed to a risk waiver where you are accepting the risk.
To learn how to use our vulnerabilities feature, see our articles on UpGuard BreachSight vulnerabilities and UpGuard Vendor Risk vulnerabilities.
Audit log
Administrators can now see an audit log of important events in the UpGuard platform and who actioned them.
This will allow you to see, for example, who has logged in, who has had their permissions changed, whether an UpGuard employee has viewed your account, when a questionnaire has been sent, when a risk assessment has been published, and much, much more.
Learn about the events tracked through our audit log.
Six new questionnaires
As part of our continued investment in the platform, we’re releasing six new questionnaires:
- COBIT 5 Security Standard Questionnaire: Assesses compliance against the Control Objectives for Information and Related Technologies Framework created by ISACA.
- ISA 62443-2-1:2009 Security Standard Questionnaire: Assesses compliance against the ISA 62443-2-1:2009 standard for industrial automation and control systems.
- ISA 62443-3-3:2013 Security Standard Questionnaire: Assesses compliance against technical control system requirements associated with the seven foundational requirements (FRs) described in IEC 62443-1-1.
- GDPR Security Standard Questionnaire: Assesses compliance against the personal information disclosure requirements outlined in the European Union's General Data Protection Regulation (GPDR).
- CIS Controls 7.1 Security Standard Questionnaire: Assesses compliance against the best practice guidelines for cybersecurity outlined in 20 CIS Controls.
- NIST SP 800-53 Rev. 4 Security Standard Questionnaire: Assesses compliance against the security and privacy controls required for all U.S. federal information systems except those related to national security.
Other fixes and improvements
- We’ve broken up Documents & Contacts into two separate pages (Documents and Contacts)
- Documents now includes all file-based evidence for a vendor and is categorized by source: general documents, additional evidence, or questionnaire responses
- Documents added as additional evidence are now available in the vendor’s Documents & Contacts
- Prioritized typosquatting results to first show homogylphs with only one substitute character and where characters look similar to the original domain.
- UpGuard analysts can now redact a sensitive URL on a data leaks finding
- Improved the readability of cookie-based automated scanning results
- Added parked domain detection for registrar CSC
- Fixed an issue where users on Chromebooks couldn’t upload files