Product Spotlight Q2 2023
Our Chief Product Officer, Dan Bradbury, will go over some of the amazing new features we are launching and cover some of the features we have in the pipeline.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
UpGuard Summit May 2023 - Panel Discussion
Join Zindzi Speede, our Technical Customer Success Manager, as she and a panel of cyber security experts delve into topics such as best practices, compliance, and the implications of AI on cyber security. Guests Jacques Van Zyl - Cyber Security Analyst at Youi Insurance Alen Zenicanin - Information Security Officer at Law in Order Michael Viney - Head of IT at Square Peg Capital.
Protect your organization and vendors from subdomain takeovers
Our VP for BreachSight, Greg Pollock, will run through what subdomain takeovers are, why they're a problem, and how UpGuard can protect your subdomains 10-20 times better than competitors.
Leverage UpGuard's robust reporting functionality
Our Senior Product Manager, Lisa Baldacchino, will show you how to take advantage of the recently improved reporting capabilities, providing comprehensive reporting for you and your stakeholders.
Time savers to help optimize your Vendor Risk Management
Our Senior Product Manager, Jess Hooper, will pass on some practical tips that will help you save time and scale your vendor risk management processes effectively.
How To Communicate Attack Surface Management to the Board
With digital transformation rapidly multiplying attack vectors across the cloud, remote work environments, and Shadow IT endpoints, mapping your digital footprint, let alone implementing an effective attack surface management strategy, is not as easy as it once was. As a result, communicating the value and progress of Attack Surface Management (ASM) to the board is becoming a considerable challenge that must be addressed before threat landscapes evolve beyond the reach of mitigation capabilities.
My Vendor Doesn't Have a SOC Report, How Do I Assess Them?
Though very helpful in representing the efficacy of a service provider’s third-party risk management program, SOC reports aren’t always available. Some service providers either don’t have the budget for a SOC report or are unwilling to undergo the laborious process of an SSAE-18 audit. While a lack of a SOC report should raise alarm bells during the due diligence process, it shouldn’t necessarily result in the disqualification of a prospective vendor.
Free ISO 27001 Vendor Questionnaire Template (2023 Edition)
ISO 27001 is commonly used for assessing supply chain and data breach risks during due diligence. This post provides a free ISO 27001 vendor questionnaire template for a high-level evaluation of vendor information security standards. Though this security assessment template only broadly covers Supply Chain Risk Management aspects of ISO 27001, it should still be sufficient for identifying potential deficiencies in a vendor’s security control strategy requiring further investigation.
Understanding FedRAMP: What Federal Agencies Need to Know
FedRAMP refers to the Federal Risk and Authorization Management Program, a US government-created program to smooth the connection between its federal agencies and cloud service providers. The General Services Administration (GSA) established FedRAMP Program Management Office (FedRAMP PMO) to help achieve the following goals: This post will examine the benefits of using FedRAMP and will provide an overview of the system and its requirements for cloud service offerings (CSOs).
How to Communicate Third-Party Risk to the Board in 2023
The following list offers three effective strategies for keeping your board informed of the business’s third-party risk exposure and the efficacy of its Third-Party Risk Management program.