Trustwave Launches First-of-Its-Kind Cyber Supply Chain Risk Assessment Solution for the Pacific Region
August 04 2021 - 7:03PM
Business Wire
In The Face of Increased Concern About Vendor Cybersecurity
Risk, Company Behind SolarWinds Vulnerability and GoldenTax
Discoveries Creates Fully Scalable Solution
Trustwave, a leading managed security services provider focused
on managed detection and response, has launched a first-of-its-kind
cyber supply chain risk assessment solution for enterprises and
SMBs in the Pacific region. The service, called Managed Vendor Risk
Assessment (MVRA), gives organisations access to deep, fully
scalable cybersecurity vendor assessments formerly prohibitively
expensive.
Demand for this solution has been driven by organisations
increasingly reliant on external vendors for the provision of data
processing and storage services, as well as a range of other
cloud-based or security-sensitive services. Greater outsourcing and
deeper integration with vendors means heightened supply chain risk
exposure.
In addition, recent supply chain breaches discussed extensively
in the media, including the SolarWinds Orion breach, have raised
awareness of the need to move away from ad hoc vendor assessments
or those built solely on technology which frequently miss
vulnerabilities or lead to bad commercial outcomes for both
parties.
“Part of the reason we built MVRA is our concern for the cyber
resilience of the enterprise space. We are encountering gaps in
organisations where vendors are left unassessed because of the
perceived cost. MVRA gives organisations the ability to assess a
large number of vendors with a consistency of measurement not
possible before while still leveraging the expertise of genuine
security consultants. For these organisations and the wider
community, scalability brings safety,” said Nick Ellsmore, global
head of strategy, consulting & professional services at
Trustwave.
Ellsmore said that MVRA is a solution informed by decades of
real-world consulting experience on the cybersecurity frontlines
married to best-in-class risk assessment technology.
This technology has been developed by Findings — whose platform
is a global solution of choice in VRM automation for enterprises
and vendors of all sizes. By automating the labour-heavy process of
vendor assessments, Findings allows for fuller coverage of the
organisation’s supply chain, and therefore heightened security and
lower supply chain risk.
“While conventional methods apply a Pareto cutoff to invest
their manual resources in some of their vendors, current attacks
have shown this approach’s vulnerabilities and the need for wider
coverage,” says Kobi Freedman, co-founder and CEO of Findings.
“Security friction is becoming a global challenge on supply chains,
whether from regulatory or objective risk.”
Ellsmore added, “MVRA uses Findings’ technology to accelerate
and harmonise critical elements of the audit. Riding on top of this
is a layer of experience and strategic human cybersecurity thinking
specifically applied to deliver the best outcomes.”
“It takes people to assess people. Purely technological
solutions to the vendor supply chain risk are sometimes adequate
but often come up short because they tend to minimise real risk
while amplifying smaller risks. They don’t apply a business
thinking lens.”
Ellsmore also said that part of the challenge is what he calls
“Go/No Go” decisions about third-party suppliers. These decisions
are being made without enough information and consistency. For
example, a fully automated supply chain assessment might lead a
company to rule out a vendor too quickly without considering the
business implications.
“What we’re seeing is unintended cybersecurity consequences,”
Ellsmore said. “A marketing department, for instance, gets rid of a
very effective customer engagement technology based on a
superficial vendor risk assessment, only to find three months later
everyone on the team is surreptitiously using a handful of
different, unvetted solutions to fill this gap.”
Based on 25 years of cybersecurity services experience and
thousands of risk assessments, the service encompasses both an
automated and specialist-led assessment, built on a
software-as-a-service (SaaS) platform that is easy to use by
organisations of all sizes.
The MVRA service provides:
- Streamlined process to onboard vendors and collect essential
data, including penetration test reports, audit reports, and
technical and organisational data;
- Comprehensive security maturity questionnaire built on the NIST
Cybersecurity Framework that is both reasonable and realistic for
vendors to complete;
- A further review of each vendor’s responses and data conducted
by a skilled Trustwave specialist who understands possible
indications and implications of vendor risk. Each answer and
security asset is reviewed by our experts for completeness and
accuracy;
- For each vendor assessed, a report is delivered within eight
days. The report identifies the vendor’s maturity and risk rating
on a consistent scale, helping clients understand the potential
risk exposure as it pertains to the nature of their business – the
type of system, sensitivity and volume of data, and nature of the
supply chain link;
- Assessment reports also importantly deliver an impact analysis
with recommendations for remediating gaps and issues for each
vendor.
For more information about Managed Vendor Risk Assessment (MVRA)
from Trustwave, please contact cpspacific@trustwave.com. You can
also view our offering overview here.
About Trustwave
Trustwave is a leading cybersecurity and managed security
services provider focused on threat detection and response.
Offering a comprehensive portfolio of managed security services,
consulting and professional services, and data protection
technology, Trustwave helps businesses embrace digital
transformation securely. Trustwave is a Singtel company and the
global security arm of Singtel, Optus and NCS, with customers in 96
countries. For more information about Trustwave, visit
https://www.trustwave.com.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20210804006170/en/
Edward Fernandez Trustwave +1 (312) 702-2497
Edward.Fernandez@trustwave.com