Plucky little startup UpGuard ahs a bit of a penchant for being front and center in the news. The company is all about offering organizations a visual way of assessing threats to their operation. The UpGuard dashboard offers a cybersecurity threat assessment rating that spans the totality of the organization’s digital assets. To use an often overused term, UpGuard is the “single pane of glass” through which to assess organizational security – gathering data across the various digital surfaces, sorting it all in a single, searchable repository and providing continuous validation and visualizations upon which to make informed decisions.
But the issue here is that many risks that an organization faces, stem from external vendors’ products and services. Which is why it’s interesting to hear that UpGuard is moving on from pure visualization, and closing the loop by automating the process by which organizations assess both internal and external risk factors and threats. The resultant single threat assessment is an accurate reflection of all the risks – whether they’re from internal or external services.
The platform, not so imaginatively named CyberRisk aims to reduce the time it takes to develop a risk assessment, as well as to minimize, wherever possible, the manual intervention that risk assessment requires. The traditional methods for vendor assessment tend to be ineffective when dealing with dynamic modern environments with billions of risk factors. Security professionals are tasked with manually surveying the risks posed by third-parties, an arduous process that involves reviewing lengthy questionnaires with no mechanism for tracking and verifying responses.
CyberRisk streamlines the risk assessment process by way of a single, easy-to-understand score, the Cybersecurity Threat Assessment Rating (CSTAR). With CyberRisk, enterprises are able to evaluate susceptibilities to their internal and external infrastructure, monitor security compliance, and automate vendor risk assessments.
UpGuard’s co-founder and co-CEO (he’s Australian, forgive him the need to buddy up!) explains CyberRisk with an analogy:
Just as companies do background checks on prospective employee hires, it only makes sense that they conduct similar assessments of any third-party business partners before granting them access to their corporate data. Unfortunately, many organizations still lack the processes and tools to conduct a comprehensive audit of internal and external factors affecting vendor risk. This is evidenced by the sheer number breaches occurring on a daily basis. This is an epidemic. Our CyberRisk product not only integrates both critical aspects, but we take it several steps further by providing our customers with clear remediation guidance to become truly cyber resilient.
And it has to be said, referencing my comment about media mentions, that UpGuard would seem to have something of an unrivaled track record for identifying enterprise business risk. In the third quarter of 2017 alone, UpGuard’s Cyber Risk Team has discovered and secured a multitude of third-party data exposures from enterprises including Verizon, via technology vendor NICE Systems, and the Pentagon’s National Geospatial-Intelligence Agency, via defense contractor Booz Allen Hamilton.
In other words, UpGuard proves its importance to the market by highlighting the sometimes less than stellar job that existing risk assessment processes, systems, and personnel are doing. True to their Aussie form, UpGuard isn’t scared to bruise a few egos in its aim to change the face of cybersecurity.