CyberGRX Portfolio Risk Findings enables customers to identify riskiest vendors
CyberGRX launched a new capability, Portfolio Risk Findings, allowing customers to gain visibility into their organization’s specific control coverages gapped by the riskiest third parties through the lens of any framework or threat profile.
With Portfolio Risk Findings, CyberGRX will leverage both attested data and predictive risk profiles (US patent pending) to provide a detailed report on customers’ riskiest vendors and their specific unmet gapped controls. CyberGRX data will be measured against control coverage and a selected framework—whether industry standard or custom—or threat profile of their choosing to return a score between 1% to 100%.
This score will help customers identify where third-parties fall on the risk spectrum, from high risk to low risk. Not only will customers have visibility into their riskiest third parties, but they’ll be able to filter their vendors by each unmet control to gain a new perspective on where their greatest risk lies. Customers can also filter results to identify potential business exposure of a security incident based on the nature of the relationship with the third-party.
“Our goal with Portfolio Risk Findings is to help our customers find that ‘needle in a haystack.’ Given the sheer amount of vendors, partners and suppliers organizations have, along with an evolving threat landscape, it is no longer enough to just know that a third-party is ‘risky’, but where these risks lie and how critical they are to your company,” said Fred Kneip, CEO at CyberGRX.
“To drive more efficiency in risk management, security teams need to understand which vendors they need to focus on and have the tools readily available to quickly mitigate risk. No other third-party risk management company provides this level of visibility and that’s what makes our platform so revolutionary,” added Kneip.
The announcement of the Portfolio Risk Findings comes on the heels of the company’s launch of a Predictive Data tool for the Attack Scenario Analytics feature. This feature allows organizations to evaluate levels of risk posed by a third party against 13 key security categories established by the MITRE ATT&CK framework.
The addition of these capabilities to the CyberGRX Exchange platform provides a central location where stakeholders, cyber defenders, and vendors can see the gaps in controls and where third parties are not meeting quality standards in their own risk posture, allowing the vendor themselves to assess and take steps to ensure proper cyber defenses. By doing so, organizations can spend less time researching and tackling concerns that may be of low impact and systematically focus on the high and medium-level threats.