We're making it easier to understand and explain web risks by introducing Risk Remediation Guidance to BreachSight and Vendor Risk. This update offers detailed explanations of each risk, its importance, and how to remediate it, enabling swift action even for non-technical users. With Risk Remediation Guidance, BreachSight users can act more decisively, resolving risks efficiently with clear instructions, while vendors gain deeper insights to better understand and mitigate risks.
Digital Operational Resilience Act (DORA) questionnaire
We’ve introduced a new questionnaire to assess an organization’s adherence to the Digital Operational Resilience Act in the EU. In effect from January 17 2025, DORA addresses gaps in EU financial regulation by requiring financial institutions to manage ICT-related risks and operational resilience alongside traditional capital allocation for risk management.
Introducing Vendor Snapshots
Vendor Snapshots (previously Instant Reports) allow you to view the external risks of an organization for 30 days without adding it to your monitored vendor list. It’s perfect for when you need a point-in-time view of a vendor's security posture, such as when assessing or comparing potential vendors as part of a due diligence process.
Improvements that have been implemented as part of this release:
- Renamed feature to Vendor Snapshot to better reflect the functionality
- Made it easier to convert a Vendor Snapshot to a monitored vendor including retaining a view of expired snapshots
- Ability to include Vendor Snapshots in the vendor comparison tool and report
- Inclusion of Vendor Snapshots in vendors page exports (Excel and PDF)
- Changes to Vendor Snapshot entitlements: Enterprise plans will have unlimited Vendor Snapshots, Professional and Corporate plans will have a set number included, and all Vendor Risk plans will be eligible to purchase additional snapshots
To learn more see What is the difference between a Vendor Snapshot and a Monitored vendor?
Configuration Leak Detection
Our web scanner now detects client-side and server-side configuration leaks, enhancing protection against exposed API keys and configuration files. This update strengthens BreachSight and Vendor Risk by improving proactive risk detection for customers and their vendors.
Other improvements
- Each page now has its own title tag, which makes it easier to differentiate between multiple tabs in your browser
- This release includes a number of bug fixes