Here's a new concept on how to utilize your security ratings solution, like Bitsight, to help you reduce your own security risk. Many organizations are struggling with running a Third Party Risk Management (TPRM) program - if spreadsheets, email, phone calls & missed SLAs sound familiar, I urge you to consider Vendor Risk Management on ServiceNow. If you're already using ServiceNow for Vendor Risk Management, there are still some considerations you should have for your first party security risk program, in addition to TPRM.
I recently attended the BitSight Exchange 2019 conference held in partnership with BitSight, a Security Ratings solution with a mission to change the way the world addresses cyber risk. It was clear to me that there are elements of security risk that BitSight is capturing and security teams need to be aware of. Yet I typically don't see the security team engaging with BitSight directly. Here's how you can get started.
What is First Party Security Risk Management (and Security Performance Management)?
Are there any companies out there that do not work with vendors for their business operations, and are not a vendor themselves? Chances are unlikely. Most of us are in the business of providing services to our customers, and all of us have a complex supply chain and vendor ecosystem that we rely on for our daily business operations. If you are leveraging BitSight as part of your vendor management process, chances are your customers are also looking at your security rating when evaluating their relationship with your organization. This is where Security Performance Management (also known as the 'first party' ratings) should be on your radar.
Security Ratings providers detect botnet infections, vulnerabilities, spam propagation and other suspicious behavior on your perimeter devices. With Security Performance Management, the security team can automatically be alerted to these detected security findings on your internet facing infrastructure. This is another layer of detection in addition to your SIEM and other monitoring tools.
There is a framework for response & remediation to these 1st party security alerts:
1. Security rating information about your company, along with any alerts, are fed into Security Incident Response from your ratings providers.
2. A security incident can be launched to assign security findings to the appropriate analysts.
3. Enrichment of the security incident occurs automatically; for example, domain lookups, running processes & services on the affected endpoints occurs even before the L1 SOC analyst has a chance to pick up the incident.
4. Automated runbooks kick off response procedures to SOC handlers and orchestration capabilities can isolate hosts from your network. The focus is on rapid containment and remediation in order to reduce security risk and improve your security ratings.
5. Remediation of the security findings means two things: reduced security risk & improvement in your security rating. An improved security rating means better outcomes when your organization is being assessed as a potential vendor.
For more information on ServiceNow's Vendor Risk Management solution, please visit https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-...
