It’s clear that static “checkbox” compliance isn’t enough to address today’s complex vendor and supply chain risks. The most successful third-party risk management programs now require continuous assessment and monitoring underpinned with rich integration, automation, intelligence and analytics. And that’s just what we’re delivering in our latest releases, Prevalent Platform v3.19 and Vendor Threat Monitor v2.2.
Prevalent Vendor Threat Monitor (VTM) is the only continuous monitoring solution to truly integrate business and cyber risk monitoring for more informed decision-making. Business risk monitoring complements cyber monitoring with both qualitative and quantitative insights into vendor financial information, legal actions, executive leadership changes, violations on OFAC lists, and more – all of which provide early indicators of potential cybersecurity or compliance issues.
Vendor Threat Monitor v2.2 includes vastly expanded business monitoring capabilities that collate information from over 567,000 new sources, including:
With Prevalent Vendor Threat Monitor, you can automatically associate events with risks, create tasks for further risk review, get remediation guidance, and generate reports for communicating progress.
While point-in-time, internal control assessments are central to third-party risk management, a lot can happen between these (usually annual) assessments. Business and cyber intelligence feeds can help to bridge these gaps and keep you out in front of emerging vendor risks. However, the value of monitoring a vendor is severely limited if you can’t correlate their monitoring data and scores with their annual assessment results. And that’s where other TPRM solutions typically drop the ball.
Prevalent Platform v3.19 solves this problem with a unified risk register that aggregates and correlates continuous, real-time monitoring data with the assessment results for each of your vendors. With intelligent rules and automation, the Prevalent TPRM Platform transforms vendor cyber and business event data into actionable risks that are recorded in the register. For example, with the Prevalent Platform, you can correlate a vendor’s assessment responses revealing weak password management or patch management practices with associated vulnerabilities, breaches or leaked credentials on the dark web. This makes it easy to not only identify and prioritize issues, but also take clear steps for risk remediation.
Whether you combine Prevalent’s vendor risk assessment data with intelligence from Prevalent Vendor Threat Monitor or another supported solution, our unified risk register makes it easier than ever to view, understand and act on risk. Actions can include sending notifications, creating tasks or flags to track remediation, or elevating risk scores to bring real threats into focus. You can do all of this either manually or automatically via rule-based triggers.
Prevalent’s unified risk register enables organizations to correlate findings between assessments and monitoring to automate risk reviews, reporting and response.
Many organizations struggle with spreadsheet-driven vendor assessment processes that require dozens of manual steps to analyze and act on responses. While most TPRM solutions serve to simplify the process, many don’t offer rules to further automate risk identification and management.
With Prevalent Platform v3.19, customers can leverage new ActiveRules capabilities for triggering risk response actions based on “If This, Then That” criteria for specific entities and risks. ActiveRules can automate a broad range of onboarding, assessment and review tasks – such as updating vendor profiles and risk attributes, sending notifications, and/or activating workflows. They also run perpetually to dynamically update the TPRM environment as new events and risks emerge.
To deliver a fast time-to-value, Prevalent has packaged sets of ActiveRules into a series of Automation Playbooks that enable customers to address common risk management scenarios.
ActiveRules simplify and speed workflows for common risk response tasks.
As threats become increasingly sophisticated, so too is the need for sophisticated reporting to better interpret risk and enable response activities. That’s where machine learning comes in.
Prevalent Platform v3.19 introduces significant reporting enhancements that incorporate machine learning analytics to identify exceptions in common behavior – for example outliers across assessments, tasks, risks, etc. – that could warrant further investigation. Built directly into the Prevalent Platform, the new capability also includes templates for communicating exceptions arising from threat and business monitoring, SLAs and user behavior tracking, and other activities.
Analyze risk data from assessments, threat monitoring, and events in one consolidated report, including machine learning insights of noteworthy trends.
Prevalent Platform v3.24 enhances customer-third party collaboration and introduces technology concentration risk capabilities.