Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions

Prevalent Delivers First Truly Unified Solution for Third-Party Risk Assessment and Monitoring

Prevalent TPRM Platform v3.19 and Vendor Threat Monitor v2.2 deliver a unified risk register for unmatched vendor intelligence and more informed decisions, plus deep machine-learning analytics.
Alastair Parr
Senior Vice President, Global Products & Services
July 21, 2020
Press industry first assessment monitoring 0720

It’s clear that static “checkbox” compliance isn’t enough to address today’s complex vendor and supply chain risks. The most successful third-party risk management programs now require continuous assessment and monitoring underpinned with rich integration, automation, intelligence and analytics. And that’s just what we’re delivering in our latest releases, Prevalent Platform v3.19 and Vendor Threat Monitor v2.2.

Expanded Business Risk Intelligence Sources Add Context to Continuous Monitoring

Prevalent Vendor Threat Monitor (VTM) is the only continuous monitoring solution to truly integrate business and cyber risk monitoring for more informed decision-making. Business risk monitoring complements cyber monitoring with both qualitative and quantitative insights into vendor financial information, legal actions, executive leadership changes, violations on OFAC lists, and more – all of which provide early indicators of potential cybersecurity or compliance issues.

Vendor Threat Monitor v2.2 includes vastly expanded business monitoring capabilities that collate information from over 567,000 new sources, including:

  • Data breach sites
  • Corporate sites
  • Regulatory portals
  • Review websites
  • Job boards
  • Trade publications
  • Industry sites
  • News feeds
  • Social media
Prevalent Third-Party Marketplace Monitoring Profile
With Prevalent Vendor Threat Monitor, you can automatically associate events with risks, create tasks for further risk review, get remediation guidance, and generate reports for communicating progress.

Unified Risk Register Correlates Cyber and Business Insights with Assessment Findings for Real-Time, 360-Degree Risk Visibility

While point-in-time, internal control assessments are central to third-party risk management, a lot can happen between these (usually annual) assessments. Business and cyber intelligence feeds can help to bridge these gaps and keep you out in front of emerging vendor risks. However, the value of monitoring a vendor is severely limited if you can’t correlate their monitoring data and scores with their annual assessment results. And that’s where other TPRM solutions typically drop the ball.

Prevalent Platform v3.19 solves this problem with a unified risk register that aggregates and correlates continuous, real-time monitoring data with the assessment results for each of your vendors. With intelligent rules and automation, the Prevalent TPRM Platform transforms vendor cyber and business event data into actionable risks that are recorded in the register. For example, with the Prevalent Platform, you can correlate a vendor’s assessment responses revealing weak password management or patch management practices with associated vulnerabilities, breaches or leaked credentials on the dark web. This makes it easy to not only identify and prioritize issues, but also take clear steps for risk remediation.

Whether you combine Prevalent’s vendor risk assessment data with intelligence from Prevalent Vendor Threat Monitor or another supported solution, our unified risk register makes it easier than ever to view, understand and act on risk. Actions can include sending notifications, creating tasks or flags to track remediation, or elevating risk scores to bring real threats into focus. You can do all of this either manually or automatically via rule-based triggers.

Prevalent Risk Register
Prevalent’s unified risk register enables organizations to correlate findings between assessments and monitoring to automate risk reviews, reporting and response.

New ActiveRules and Automation Playbooks Streamline Risk Response Tasks

Many organizations struggle with spreadsheet-driven vendor assessment processes that require dozens of manual steps to analyze and act on responses. While most TPRM solutions serve to simplify the process, many don’t offer rules to further automate risk identification and management.

With Prevalent Platform v3.19, customers can leverage new ActiveRules capabilities for triggering risk response actions based on “If This, Then That” criteria for specific entities and risks. ActiveRules can automate a broad range of onboarding, assessment and review tasks – such as updating vendor profiles and risk attributes, sending notifications, and/or activating workflows. They also run perpetually to dynamically update the TPRM environment as new events and risks emerge.

To deliver a fast time-to-value, Prevalent has packaged sets of ActiveRules into a series of Automation Playbooks that enable customers to address common risk management scenarios.

Prevalent ActiveRules
ActiveRules simplify and speed workflows for common risk response tasks.

Machine Learning Brings More Clarity to Enterprise Reporting and Analytics

As threats become increasingly sophisticated, so too is the need for sophisticated reporting to better interpret risk and enable response activities. That’s where machine learning comes in.

Prevalent Platform v3.19 introduces significant reporting enhancements that incorporate machine learning analytics to identify exceptions in common behavior – for example outliers across assessments, tasks, risks, etc. – that could warrant further investigation. Built directly into the Prevalent Platform, the new capability also includes templates for communicating exceptions arising from threat and business monitoring, SLAs and user behavior tracking, and other activities.

Prevalent Report
Analyze risk data from assessments, threat monitoring, and events in one consolidated report, including machine learning insights of noteworthy trends.

For more information on this release, please see the What’s New document or read the Release Notes on the Prevalent Customer Portal.

Leadership alastair parr
Alastair Parr
Senior Vice President, Global Products & Services

Alastair Parr is responsible for ensuring that the demands of the market space are considered and applied innovatively within the Prevalent portfolio. He joined Prevalent from 3GRC, where he served as one of the founders, and was responsible for and instrumental in defining products and services. He comes from a governance, risk and compliance background; developing and driving solutions to the ever-complex risk management space. He brings over 15 years’ experience in product management, consultancy and operations deliverables.

Earlier in his career, he served as the Operations Director for a global managed service provider, InteliSecure, where he was responsible for overseeing effective data protection and risk management programs for clients. Alastair holds a university degree in Politics and International Relations, as well as several information security certifications.

  • Ready for a demo?
  • Schedule a free personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo