Vendor Due Diligence

Get to know your vendors better than they know themselves

Cost-effective vendor due diligence program based on solid technical assessment and not superficial questionnaires.

assessments rely entirely on the perception of the vendor but not on their actual security practices

Commercial relationships between business and 3rd-parties often require the exchange of sensitive information such as employee and customer details, access to the company's network and generally access to otherwise well-guarded IT assets. As a result, there is an inherent risk of 3rd-party tools and services. A crucial element of managing 3rd-party risk is the assessment of the 3rd-party's security posture. This is part of the vendor due-diligence process. During this stage, the 3rd-party is evaluated in terms of their ability to protect company's data, guard access to the company's network, use of best security practices and ability to handle cyber attacks and incidence response.

Almost all 3rd-party due-diligence processes used by companies large and small are based on an updated approach focused on simple questionnaires. Thus assessments rely entirely on the perception of the vendor but not on their actual security practices.

SecApps Scout offers a unique solution to support the vendor due diligence process using security expertise, data science and automation. SecAps Scout passively fingerprints (non-invasive scan) the target organization providing a deep level of insight of the 3rd-party security operations. Scout not only can identify all target assets but also provide lists of compromised passwords, demonstrate technical weaknesses in the security posture of the target as well as provide advice and further guidance and next steps. All information is discovered passively using a state of the art OSINT (open-source intelligence) framework powered by graph-based algorithms and machine learning.

Your 3rd-party due diligence program does not have to be complex or expensive

Your 3rd-party due diligence program does not have to be complex or expensive based on long back and forth meetings or other tedious work around questionnaires. Simply fire Scout and let it do what it does best. Once the report is ready, your security team can make a judgment on the risk your vendor represents to your business based on actual real data. Best of all, vendors can be assessed continuously (scheduled interval) and their measures over-time.

SecApps Scout is an alternative way of dealing with 3rd-party risk and negating the effects of supply-chain attacks. It is based on solid fundamentals, principles and passive fingerprinting techniques used by hackers, security researchers and bug bounty hunters. Scout is easy to use and integrate into any existing tools and workflows.