The firm has rolled out a risk assessment solution for the Pacific region in response to the spike in cyber threat activity.
Cyber security services provider Trustwave has launched Managed Vendor Risk Assessment (MVRA) — a new solution that provides supply chain assessment services for enterprises and small businesses across the Pacific region.
The service is designed to facilitate access to deep, fully scalable cyber security vendor assessments amid a rise in demand for data processing and storage services and other cloud-based or security-sensitive offerings.
The rollout also seeks to fill gaps identified following major supply chain exposures, including the SolarWinds Orion breach.
Other features offered by the MVRA service include:
- streamlined process to onboard vendors and collect essential data, including penetration test reports, audit reports, and technical and organisational data;
- comprehensive security maturity questionnaire built on the NIST Cybersecurity Framework that is both reasonable and realistic for vendors to complete;
- a further review of each vendor’s responses and data conducted by a skilled Trustwave specialist who understands possible indications and implications of vendor risk. Each answer and security asset is reviewed by Trustwave's experts for completeness and accuracy;
- a report delivered for each vendor assessment within eight days, identifying the vendor’s maturity and risk rating on a consistent scale; and
- delivery of an impact analysis with recommendations for remediating gaps and issues for each vendor.
“Part of the reason we built MVRA is our concern for the cyber resilience of the enterprise space,” Nick Ellsmore, head of consulting strategy at Trustwave, said.
“We are encountering gaps in organisations where vendors are left unassessed because of the perceived cost.
“MVRA gives organisations the ability to assess a large number of vendors with a consistency of measurement not possible before while still leveraging the expertise of genuine security consultants. For these organisations and the wider community, scalability brings safety.”
This technology has been developed by Findings, which automates the vendor assessment process, bolstering coverage of an organisation’s supply chain.
“While conventional methods apply a Pareto cutoff to invest their manual resources in some of their vendors, current attacks have shown this approach’s vulnerabilities and the need for wider coverage,” Kobi Freedman, co-founder and CEO of Findings, said.
“Security friction is becoming a global challenge on supply chains, whether from regulatory or objective risk.”