Assessing third-party security controls with Panorays Smart Questionnaires

Panorays, a provider of third-party security risk management, announced new research about the most common third-party cyber gaps and released a new automated, dynamic vendor security questionnaire functionality that helps resolve cyber gap issues in supply chains.

Using data from Panorays’ external attack surface evaluations of tens of thousands of vendors from various industries, researchers determined the top five cybersecurity issues hidden in supply chains. They were:

• Significant web assets not protected by Web Application Firewalls (WAF) (48% of companies affected)
• Unpatched web server with severe vulnerabilities (40% of companies affected)
• Vulnerable default CMS configuration (34% of companies affected)
• Insufficient security team personnel (31% of companies affected)
• Supporting deprecated SSL protocols (25% of companies affected).

To help resolve supply chain cyber gaps, Panorays now offers new automated, easy-to-use Smart Questionnaires that are typically completed in as little as nine days rather than the industry average of nine weeks, allowing organizations to significantly reduce time spent on the vendor evaluation process. They complement Panorays’ external attack surface evaluations, thereby providing a complete and accurate view of supplier risk.

Unlike manual security questionnaires, Smart Questionnaires include only the questions that are relevant for each supplier based on the business relationship context. Customers can easily track the progress of hundreds of third parties at once, and can also immediately identify if there are any policy gaps that need to be addressed.

Panorays Smart Questionnaires features

• An overview page, providing visibility into the risk score of each category in the supplier’s questionnaire response.
• Quick navigation of questionnaire responses using filters and color-coding of questions by risk level.
• Unparalleled SIG support, including the ability to auto-complete the Smart Questionnaire by uploading a past SIG.
• The ability to customize due dates and question weighting according to preference, and to check adherence to relevant regulatory requirements such as GDPR and NYDFS.
• Multi-language translation, allowing companies to send questionnaires in suppliers’ native languages, and then view responses in their own language.

In-platform engagement, including the ability to comment on specific questions for more clarification.

“Smart Questionnaires have completely revolutionized our third-party risk management process,” said Jennifer Habshush, Information Security Specialist at AppsFlyer, a Panorays customer that works with hundreds of vendors. “We used to assess vendors using spreadsheets, but as our company grew, we understood that we needed an automated system to accelerate the process. With Panorays, the process is streamlined, we save lots of time and effort, and we can easily scale to add more vendors to the system.”

“This past year, we’ve seen that more and more, organizations from every industry are realizing that comprehensive third-party security risk management is essential. Our latest research provides a glimpse of some of the most common vendor vulnerabilities that organizations need to be aware of and know how to address,” said Matan Or-El, CEO, Panorays. “We also created the Smart Questionnaire to help tackle the problem of third-party security. The Smart Questionnaires automate and change the way organizations communicate with vendors, resulting in a safer, quicker onboarding process. When combined with Panorays’ vendor cyber posture assessment and business context, the platform provides companies with a complete view of third-party cyber risk.”