Question
Vyopta and Cyber security risk ratings - what is the solution used by Vyopta for Cybersecurity Risk Rating
Answer
Vyopta occasionally receives notifications/reports from customers coming from a Cybersecurity Risk Rating vendor.
We are familiar with the Cybersecurity Risk Rating marketplace (Security Scorecard, BitiSight, UpGuard etc.), and after reviewing the other major solutions, we have made the decision to use SecurityScorecard to provide us with visibility into risks related to publicly available information about poorly-secured or poorly-configured endpoints which may not be deployed or detected by our traditional internal security toolsets.
We have worked with SecurityScorecard to mitigate findings related DNS and SPF for parked zones, poorly configured endpoints managed by partners/vendors and removal of retired or deprecated endpoints and after a short period of time, we have raised our score to an A. We receive alerts whenever a new detection is made which impacts our score and we are actively resolving new items as they are detected. We would encourage our customers to go look at Security Scorecard for the same reasons we use it (for assessing our own and our vendors risk posture) and we welcome them to view the Vyopta score.
We realize there are other tools for this and that each vendor, even though they may share some of the same publicly available pools of information to develop their reports, may ultimately end up with different findings, but in order to preserve resources for our security roadmap and ongoing timelines/commitments, we have chosen to not address every finding in every other Cybersecurity Risk Rating platform. If our customers/vendors/partners see something of concern using these tools, they may send it to us and we will review it on a timeline commensurate with the assessed impact with respect to our already scheduled timelines.
Comments
Article is closed for comments.