Características del riesgo cibernético de terceras partes

Automated discovery of digital assets

Orbit Cyber Risk’s powerful Machine-Learning algorithm accurately and automatically discovers your public-facing IT infrastructure.

• ML algorithm automates the discovery process
• Continuously monitors for domains added or taken offline
• Identifies absolute global exposure, not just infrastructure managed by local IT team
• Pinpoint’s location of digital assets globally

Eliminate false positives

Attack surface discovery module is designed to eliminate false positives, accurately identifying the digital assets an organisation manages and is exposed to.

• Minimal manual intervention required
• Highly accurate for identifying each of your underlying domains
• Robust, absolute methodology, not liable to user manipulation

Monitor for changes

ttack surface discovery module is designed to eliminate false positives, accurately identifying the digital assets an organisation manages and is exposed to.

• Automatically monitors for new domains
• Alerts users when changes occur
• Updated continuously

Organisation security ratings

Orbit Cyber Risk ratings provide continuous, objective analysis of your network. Our security ratings are based on Thomas Murray’s proprietary methodology, as well as analysis of open-sources and high-quality third-party data feeds.

• Organisation security rating from 0-1000
• Analyses 10,000+ data points across six risk categories
• Identifies breaches, vulnerabilities and misconfigurations across your attack surface
• Updated continuously

Domain security ratings

Visualise risk at a domain and sub-domain level, with individual ratings for every digital asset in your footprint. Explore the underlying issues, toggle according to the highest risk to focus remediation.

• Security ratings for every underlying digital asset, from 0-1000
• Drill into underlying risks, prioritised by impact
• Access detailed explanations and remediation advice

Benchmarking

Orbit Cyber Risk benchmarks your organisation against its peers, giving absolute security ratings a real-world perspective.

• Compare your organisation to every other major group in your sector
• Benchmark against Orbit’s ‘Global’ universe
• Custom benchmark against named competitors

Breaches

iscover breaches in your network to prevent attacks which could lead to data loss, operational disruption, financial loss or reputational damage.

• Continuously monitor for infrastructure breaches including Malware, Phishing or Port Scanning.
• Identify when data breaches have occurred, such as employee email addresses and passwords.
• Take action to prevent attacks and build resilience.

Vulnerabilities

Discover vulnerabilities running on your domains that could be exploited by malicious actors.

• Identify publicly accessible services with known vulnerabilities that do not need to be exposed.
• Scan for c.10,000 known issues and vulnerabilities.
• Each vulnerability has an impact rating, helping you determine its criticality.

Misconfigurations

Continuous information about misconfigurations observed in your network, allowing you to remediate potential operational and security issues.

• Check for misconfigurations in your network such as issues in your DNS setup, TLS or HTTPS configuration.
• Protect your security, performance, and reputation.
• Each misconfiguration has an impact rating, helping you determine its criticality.

Executive Reporting

Access tailored management reporting suite for boards, regulators, risk and compliance and IT Security.

• Reporting with scores, history, benchmarks and underlying risks.
• Filter based on multiple categories.
• Generate customised reporting.
• Export to PDF

Email Notifications

Get real-time alerts and reporting on your portfolio directly into your inbox, with custom tiggers and recipients.

• Default notifications when third-party scores drop.
• Set custom notifications to ensure oversight at all times.
• Customise audience, risk triggers and timing.
• Set regular, bespoke reports summarising risks.

Custom Competitor Analysis

Create custom benchmarks of direct peers and competitors.

• Default benchmarks against peers and ‘Global’ universe of companies.
• Customise benchmarks to include names competitors, for vendor assessment and selection.
• rovide management with comparative, as well as absolute, cyber risk performance in language they understand.

Live enquiries tool

Complement the tool’s continuous security analysis and intuitive dashboards by raising enquiries with our expert team.

• Scan every vendor for c.10,000 known issues and vulnerabilities.
• Identify known vulnerabilities that do not need to be exposed.
• Every risk is given an explanation and impact rating. ,
• Raise granular or high-level queries to escalate with a third-party or request more information

Access to expert analysts

Access our team to escalate with third parties, request remediation advice, risk quantification or any other queries.

• Request any third-party is given 30-day full, free access to their report.
• All queries responded to be expert analysts.
• Query anything from risk impact to remediation tips and likely score improvements.
• Reduce your expose with the help of industry experts.

Track organisation and domain scores

See how your portfolio’s score changes over time, as well as every underlying domain.

• Chart score changes over time and monitor for high-risk vendors.
• Provide access to companies in your portfolio and see the impact of their remediations in real time.
• Demonstrate to management the impact of their investment.

Accounts and Permissions

Share access with InfoSec and management colleagues across departments and offices and provide access to high-risk third parties.

• Get real-time information, security ratings and remediation steps via our API.
• Integrate existing risk feeds into Thomas Murray’s platform.
• Integrate your risk analysis into a single platform for ease of use and holistic oversight.

Historical Performance

See your organisation’s security performance at any point in history.

• Provide access to colleagues in your team and across departments.
• Allocate permissions and track account usage.
• Add or remove users easily.
• Request 30-day full, free access to high-risk third parties.

Account Security

Ensure account and data security with permissions, sensitive data redaction and robust platform security.

• View your full analysis from any historical point in time.
• See how remediations have impacted risk profile over time.
• Demonstrate reduced attack surface to management.
• Report on any previous point in time.
• Manage SSO permissions with other Thomas Murray platforms and products.
• Breached sensitive data is redacted and carefully managed.
• Thomas Murray’s platform and staff adhere to the highest security standard.

Provide free access for remediation

Provide third parties with full, free access to their assessment for 30 days.

• Request 30-day free access for any third-party.
• Request that they engage with the platform to remediate key risks.
• Highest areas of concern or refer to Thomas Murray’s analysts.

Monitor changes

See your clients’, suppliers’ and other counterparties’ scores improve every week, demonstrably reducing supply chain risk.

• Track scores across your portfolio.
• Receive alerts whenever scores drop significantly, according to your risk appetite.
• Maintain a low-risk portfolio and escalate with high-risk providers.

Issue and analyse

Escalate with high-risk third parties (or your whole portfolio) with in-depth IT security questionnaires.

• Build your own or access pre-built questionnaires built by industry experts.
• Auto-schedule issuance according to your framework.
• Auto-score responses and dig into detail.

Manage and Monitor

Manage projects, track completion rates and communicate with team members and respondents.

• Manage complex and simple projects efficiently.
• Track completion rates and live projects in real-time.
• Communicate with your team or cross-department, as well as with respondents.

Assess abd Remediate

Access third parties and benchmark against peers; identify risks and escalate them with third parties.

• Access all third parties in a single platform.
• Compare the performance of vendors.
• Escalate with high-risk providers

Standard and custom questionnaires

Access industry-standard IT security questionnaires, recycle questions and streamline your framework.

• Access Thomas Murray’s questionnaires library or build a custom assessment.
• Respondents can reuse answers and issuers can review responses by exception.
• Assign criticality, create question tags, and store documents for maximum efficiency.

Track, Report and Benchmark

Track and report the assessment process, create dynamic benchmarks and investigate findings with interactive analytics.

• Track respondent progress, create timelines and prompts.
• Address concerns early and add comments.
• Monitor remediation.
• Benchmark against peers.
• Use report wizard to export data and produce meaningful analysis.