Search form

Third-Party Cyber Risk Security Features

Bank-grade Third-Party Cyber Risk management, for any organisation.

Manage

Monitor

Escalate

Attack Surface Discovery

  • Automated discovery of digital assets.
  • Eliminate false positives.
  • Monitor for changes.

Reporting & Benchmarking

  • C-Suite reporting.
  • Alerts & Automated reports.
  • Custom competitor analysis.

Third Parties

  • Provide free access for remediation.
  • Monitor changes.

 Security Ratings

  • Organisation security ratings.
  • Domain security ratings.
  • Benchmarking.

 Enquiries & Improvements

  •  Live enquiries tool.
  • Access to expert analysts.
  • Track organisation & domain scores.

 IT Security Questionnaires

  • Issue & Analyse.
  • Manage & Monitor.
  • Assess & Remediate.

Attack Surface Reduction

  • Breaches.
  • Vulnerabilities.
  • Misconfigurations.

Integration

  • APIs.

Vendor Due Diligence & Selection

  • Standard & custom questionnaires.
  • Track, report & benchmark.

Oversight

  • Accounts & permissions.
  • Historical scores.
  • Account security.
  

Manage your third parties

Gain visibility over your third parties with accurate, automated attack surface discovery, actionable security ratings and like-for-like peer comparison.

Features

Bank-grade attack surface management, for any organisation.

Attack surface discovery

Automated discovery of digital assets

Orbit Cyber Risk’s powerful Machine-Learning algorithm accurately & automatically discovers your public-facing IT infrastructure.

  • ML algorithm automates the discovery process
  • Continuously monitors for domains added or taken offline
  • Identifies absolute global exposure, not just infrastructure managed by local IT team
  • Pinpoint’s location of digital assets globally

Eliminate false positives

Attack surface discovery module is designed to eliminate false positives, accurately identifying the digital assets an organisation manages & is exposed to.

  • Minimal manual intervention required
  • Highly accurate for identifying each of your underlying domains
  • Robust, absolute methodology, not liable to user manipulation

Monitor for changes

Instantly identify when domains are added or removed from your network.

  • Automatically monitors for new domains
  • Alerts users when changes occur
  • Updated continuously

Security Ratings

Organisation security ratings

Orbit Cyber Risk ratings provide continuous, objective analysis of your network. Our security ratings are based on Thomas Murray’s proprietary methodology, as well as analysis of open-sources and high-quality third-party data feeds.

  • Organisation security rating from 0-1000
  • Analyses 10,000+ data points across six risk categories
  • Identifies breaches, vulnerabilities and misconfigurations across your attack surface
  • Updated continuously

Domain security ratings

Visualise risk at a domain and sub-domain level, with individual ratings for every digital asset in your footprint. Explore the underlying issues, toggle according to the highest risk to focus remediation.

  • Security ratings for every underlying digital asset, from 0-1000
  • Drill into underlying risks, prioritised by impact
  • Access detailed explanations and remediation advice

Benchmarking

Orbit Cyber Risk benchmarks your organisation against its peers, giving absolute security ratings a real-world perspective.

  • Compare your organisation to every other major group in your sector
  • Benchmark against Orbit’s ‘Global’ universe
  • Custom benchmark against named competitors

Risks

Breaches

Discover breaches in your network to prevent attacks which could lead to data loss, operational disruption, financial loss or reputational damage.

  • Continuously monitor for infrastructure breaches including Malware, Phishing or Port Scanning.
  • Identify when data breaches have occurred, such as employee email addresses & passwords.
  • Take action to prevent attacks & build resilience.

Vulnerabilities

Discover vulnerabilities running on your domains that could be exploited by malicious actors.

  • Identify publicly accessible services with known vulnerabilities that do not need to be exposed.
  • Scan for c.10,000 known issues and vulnerabilities.
  • Each vulnerability has an impact rating, helping you determine its criticality.

Misconfigurations

Continuous information about misconfigurations observed in your network, allowing you to remediate potential operational and security issues.

  • Check for misconfigurations in your network such as issues in your DNS setup, TLS or HTTPS configuration.
  • Protect your security, performance, and reputation.
  • Each misconfiguration has an impact rating, helping you determine its criticality.

Monitor

Get alerts directly into your inbox, create tailored benchmarks, and report with confidence to management in a language they understand. Manage accounts with confidence and raise enquiries directly with our expert analysts.

Reporting & Benchmarking

Executive Reporting

Access tailored management reporting suite for boards, regulators, risk & compliance and IT Security.

  • Reporting with scores, history, benchmarks & underlying risks.
  • Filter based on multiple categories.
  • Generate customised reporting.
  • Export to PDF

Email Notifications

Get real-time alerts and reporting on your portfolio directly into your inbox, with custom tiggers and recipients.

  • Default notifications when third party scores drop.
  • Set custom notifications to ensure oversight at all times.
  • Customise audience, risk triggers and timing.
  • Set regular, bespoke reports summarising risks.

Custom Competitor Analysis

Create custom benchmarks of direct peers and competitors.

  • Default benchmarks against peers and ‘Global’ universe of companies.
  • Customise benchmarks to include names competitors, for vendor assessment & selection.
  • Provide management with comparative, as well as absolute, cyber risk performance in language they understand.

Enquiries and Improvements

Live enquiries tool

Complement the tool’s continuous security analysis and intuitive dashboards by raising enquiries with our expert team.

  • Scan every vendor for c.10,000 known issues and vulnerabilities.
  • Identify known vulnerabilities that do not need to be exposed.
  • Every risk is given an explanation and impact rating.
  • Raise granular or high-level queries to escalate with a third-party or request more information

Access to expert analysts

Access our team to escalate with third parties, request remediation advice, risk quantification or any other queries.

  • Request any third-party is given 30-day full, free access to their report.
  • All queries responded to be expert analysts.
  • Query anything from risk impact to remediation tips and likely score improvements.
  • Reduce your expose with the help of industry experts.

Track organisation and domain scores

See how your portfolio’s score changes over time, as well as every underlying domain.

  • Chart score changes over time & monitor for high-risk vendors.
  • Provide access to companies in your portfolio and see the impact of their remediations in real time.
  • Demonstrate to management the impact of their investment.

Integration

APIs & Data Feeds

Access information via APIs or integrate external data feeds into your Thomas Murray account.

  • Get real-time information, security ratings and remediation steps via our API.
  • Integrate existing risk feeds into Thomas Murray’s platform.
  • Integrate your risk analysis into a single platform for ease of use and holistic oversight.

Oversight & Operations

Accounts & Permissions

Share access with InfoSec and management colleagues across departments and offices and provide access to high-risk third parties.
  • Provide access to colleagues in your team and across departments.
  • Allocate permissions and track account usage.
  • Add or remove users easily.
  • Request 30-day full, free access to high-risk third parties.

Historical Performance

See your organisation’s security performance at any point in history.
  • View your full analysis from any historical point in time.
  • See how remediations have impacted risk profile over time.
  • Demonstrate reduced attack surface to management.
  • Report on any previous point in time.

Account Security

Ensure account & data security with permissions, sensitive data redaction and robust platform security.

  • Manage SSO permissions with other Thomas Murray platforms & products.
  • Breached sensitive data is redacted & carefully managed.
  • Thomas Murray’s platform and staff adhere to the highest security standard.

Escalate with third parties according to your risk framework

Provide third parties free and full access to the Cyber Risk dashboard to remediate key issues; issue questionnaires to any third-party to find out more about their internal security- controls, procedures, frequency of testing, details of recent breaches and much more.

Third Parties

Provide free access for remediation

Provide third parties with full, free access to their assessment for 30 days.

  • Request 30-day free access for any third-party.
  • Request that they engage with the platform to remediate key risks.
  • Highest areas of concern or refer to Thomas Murray’s analysts.

Monitor changes

See your clients’, suppliers’ and other counterparties’ scores improve every week, demonstrably reducing supply chain risk.

  • Track scores across your portfolio.
  • Receive alerts whenever scores drop significantly, according to your risk appetite.
  • Maintain a low-risk portfolio and escalate with high-risk providers.

IT Security Questionnaires

Issue & analyse

Escalate with high-risk third parties (or your whole portfolio) with in-depth IT security questionnaires.

  • Build your own or access pre-built questionnaires built by industry experts.
  • Auto-schedule issuance according to your framework.
  • Auto-score responses & dig into detail.

Manage & Monitor

Manage projects, track completion rates and communicate with team members and respondents.

  • Manage complex & simple projects efficiently.
  • Track completion rates and live projects in real-time.
  • Communicate with your team or cross-department, as well as with respondents.

Assess & Remediate

Access third parties and benchmark against peers; identify risks & escalate them with third parties.

  • Access all third parties in a single platform.
  • Compare the performance of vendors.
  • Escalate with high-risk providers

Vendor due diligence & selection

Standard and custom questionnaires

Access industry-standard IT security questionnaires, recycle questions and streamline your framework.

  • Access Thomas Murray’s questionnaires library or build a custom assessment.
  • Respondents can reuse answers & issuers can review responses by exception.
  • Assign criticality, create question tags, and store documents for maximum efficiency.

Track, Report & Benchmark

Track and report the assessment process, create dynamic benchmarks and investigate findings with interactive analytics.

  • Track respondent progress, create timelines & prompts.
  • Address concerns early & add comments.
  • Monitor remediation.

  • Benchmark against peers.
  • Use report wizard to export data & produce meaningful analysis.

For more information about Cyber Risk, contact our experts:

Robert Smith

Head of SaaS Sales and Customer Success

rsmith@thomasmurray.com

Request a Demo