UpGuard intros risk mitigation platform to boost vendor oversight

The company's new CyberRisk platform aims address a lack of oversight and accountability when it comes to third party vendor relationships.

Silicon Valley cybersecurity firm UpGuard is rolling out a new risk mitigation platform that aims address a lack of oversight and accountability when it comes to third party vendor relationships.

Accenture left a huge trove of client passwords on exposed servers

The four exposed servers had no password, but contained the "keys to the kingdom."

Read More

UpGuard says CyberRisk streamlines the risk management process by providing users a real-time view of the cyber risk associated with every vendor in their portfolio.

The risks are evaluated against the Cybersecurity Threat Assessment Rating and assigned a score, which security teams can use when determining whether to allow third-party vendors access to corporate data. CyberRisk also lets users monitor security compliance and automate vendor risk assessments.

"Unfortunately, many organizations still lack the processes and tools to conduct a comprehensive audit of internal and external factors affecting vendor risk," said UpGuard co-CEO Mike Baukes. "This is evidenced by the sheer number of breaches occurring on a daily basis. This is an epidemic."

UpGuard is behind some of the more notable breach exposures in recent memory, including breaches at Verizon, Viacom, and the Pentagon's National Geospatial-Intelligence Agency. UpGuard's new cyber risk analyst Chris Vickery is also touted as the internet's data breach hunter.

UpGuard's flagship product is a credit-style score for cybersecurity, which determines a company's cyber-risk factors by scanning its internal network and systems before issuing a report on where it can improve. UpGuard also has a free web-based tool that lets anyone run a scan on any company's external network (such as a website and subdomains) to measure its security posture.

The company raised $17 million in financing last year pinned on its cybersecurity grading system.

The news comes on the same day as the company's cyber risk team discovered a massive exposure of Accenture data.