Dark web monitoring for supply chain risk is becoming a mandatory feature for cyber risk ratings providers. Panorays’ latest press release shows that it is catching up to the big players.
Dark web monitoring checks hacker forums and marketplaces for mentions of specific company names. These mentions could include offers to sell stolen databases or information that could be used to target the company, such as credentials or vulnerabilities. The inclusion of dark web monitoring information provides an additional dimension to cyber risk ratings, providing customers with more insight into their supply chain security threats.
“With the latest rash of misconfigured servers and data leaks, many companies have discovered too late that a significant breach has occurred,” said Noam Maman, VP Product of Panorays. “Many third-party security solutions assess the attack surface of vendors, but do not venture into the Dark Web. With Panorays, companies receive further necessary visibility into the security posture of their third parties.”
Cyber risk rating services are sometimes criticized for being too shallow in their assessments. Too often these services only provide open-source information that anyone could gather themselves using freely available tools. As a result, any deeper insights into supply chain threats will make a product more valuable. Of course, the more well-known players in this space, BitSight and SecurityScorecard, have included dark web monitoring in their products for some time. This announcement is therefore more of a catch-up than an innovation, but it is good news and demonstrates that Panorays is serious about competing.
Normshield recently announced that it has licensed the FAIR model to allow customers to quantify supply chain security risk in terms of financial impacts. It is innovative, but is it useful?
BitSight Enterprise Analytics looks to increase the value proposition of using cyber risk ratings for internal risk management, but are they barking up the wrong tree? If you assume that cyber risk ratings are mostly useful for third-party risk management, you aren’t alone. BitSight is aiming to change that with its new Enterprise Analytics solution, but it may be chasing after the wrong audience.
Panorays has announced a partnership with Shared Assessments to provide Panorays customers with access to the Standard Information Standard (SIG) questionnaire. This is an innovative offering but may prove to be a mixed blessing.
SecurityScorecard has announced the availability of new professional advisory services to help customers consume its vendor cyber risk rating product. In doing so, it is tacitly admitting that risk ratings are not the easy solution they’ve been hyped to be.
RiskRecon and RSA have announced a partnership to bring RiskRecon’s third-party risk rating services to RSA’s Archer Governance, Risk and Compliance (GRC) system. This should be a welcome move for Archer customers.
BitSight, one of the leaders in cyber risk rating, has announced a new product to allow organizations to benchmark against their peers. Dubbed “Peer Analytics,” this service will interest companies where benchmarking is a compliance obligation.
SecurityScorecard, a leader in vendor cyber risk rating, has announced an initiative to help non-profit organizations with third-party risk management. Named Project Escher, this initiative demonstrates SecurityScorecard’s commitment to the non-profit sector.