Third Party Risk Assessment
Identify the weakest links in the Third Party / Supply Chain and/or assess Third Party Controls with the Third Party Risk Assessment.
What is a Third Party Risk Assessment?
This is a similar service to that provided by the Domain Risk Assessment; however, it allows an organisation to understand their weakest link in the Third Party / Supply Chain and or assess Third Party controls.
What we do
By simply entering the Third Party (3rd party) top level domain (TLD), our technology will discover all related sub-domains. All the 3rd Party domains are validated against known vulnerabilities, misconfigurations, website issues, cryptographic weaknesses etc. which in-turn, provides a complete picture of where the issues are and how to correct them.
The 3rd Party domain infrastructure will also be evaluated for vulnerabilities, weaknesses, and entry points for an attacker with confirmation of any exploits that have been attempted and found to be successful.
In addition, we will provide details of the 3rd Party compliance against internationally recognised standards and frameworks, such as General Data Protection Regulation (GDPR), ISO 27001, National Institute of Standards Technology (NIST), Payment Card Industry Data Security Standard (PCI DSS) etc.
The non-intrusive review of public facing infrastructure with reporting details aligned to the categories and attack vectors are listed in the table aside:
| Safeguard | Privacy | Resiliency | Reputation |
|---|---|---|---|
| 3rd Party Digital Footprint | 3rd Party SSL/TLS Strength | 3rd Party Attack Surface | 3rd Party Brand Monitoring |
| 3rd Party Patch Management | 3rd Party Credential Management | 3rd Party DNS Health | 3rd Party IP Reputation |
| 3rd Party Application Security | 3rd Party Hacktivist Shares | 3rd Party Email Security | 3rd Party Fraudulent Apps |
| 3rd Party CDN Security | 3rd Party Social Network | 3rd Party DDoS Resilience | 3rd Party Fraudulent Domains |
| 3rd Party Website Security | 3rd Party Information Disclosure | 3rd Party Network Security | 3rd Party Web Ranking |
Key Features of a Third Party Risk Assessment
3rd Party assessment reporting is provided to accommodate both Board and Technical level staff and contains quantified risk in monetary terms using the widely adopted Factor Analysis of Information Risk (FAIR) model.
The Quantum Evolve methodology is also augmented by experienced consultants who will perform additional relevant checks to provide the human element depending on the devices in-scope.
3rd Party Digital Footprint
Identify related domains (active and dormant), subdomains, IP addresses, DNS Records, Services, Social Media, and ASN (Autonomous System Number) information.
3rd Party Patch Management
Identify Domain / Sub-domain infrastructure with issues, weaknesses and / or vulnerabilities such missing patches identified.
3rd Party Application Security
Weaknesses (aligned to CWE (Common Weakness Enumeration).
3rd Party CDN (Content Delivery Network) Security
Vulnerabilities identified, including blacklisted IPs.
3rd Party Website Security
Security Headers, Cookies, vulnerabilities such as, but not limited to, POODLE, HEARTBLEED, ROBOT, TICKETBLEED, CSRF (Cross-Site Request Forgery), Information Exposure, Server level vulnerabilities and web application code quality review. Website Performance – How improvements could be made for both desktop and mobile user experience.
3rd Party Cryptographic status (SSL/TLS)
Revealing how digital certificates affect the organisation from a trust and compliance perspective.
3rd Party Credential Management
Details of any discovered leaked credentials on the web / dark web.
3rd Party Hacktivist Shares
Identified leaks (Hacker publicised information).
3rd Party Social Networking
Any found publications / leaks.
3rd Party Information Disclosure
Found on the web / dark web.
3rd Party Attack Surface
What this looks like, including discovered / associated third party security status.
3rd Party DNS Health
DNS setup and configuration issues
3rd Party Email Security
Any misconfigurations that may allow for email spoofing. Email domain blacklist check to avoid organisational disruption authentication and port status are confirmed.
3rd Party DDoS (Distributed Denial of Service) Resiliency
15 different checks to verify any amplification points.
3rd Party Network Security
Detection of any open critical ports, unprotected network drives, misconfigured firewalls, and service endpoints (SMB, FTP etc.).
3rd Party Brand Monitoring
Various channels are monitored to gain an insight about the company and brand in the Cyberspace. WoT (Web of Trust) is a crowdsourced web safety reputation and review service, utilised in conjunction with web efficiency including scoring of: • Vendor Reliability.• Child Safety (dependant on applicability). • Trustworthiness. • Privacy.
3rd Party IP Reputation
Validate the organisation’s IPs reputation against the IPs or domains that are blacklisted or that are used for sophisticated Advanced Persistent Threats (APT) attacks.
3rd Party Fraudulent Applications
Reputable and non-reputable application stores are checked for any association with an organisation, to ensure there are no fraudulent applications available, protecting both customer and the end user.
3rd Party Fraudulent Domains
Identified scam domains are provided.
3rd Party Web Ranking
Reveals Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
Key Benefits of a Third Party Risk Assessment
Understanding third-party or supply chain risk exposure is crucial for organisations.
Risk Mitigation
By comprehending the risks associated with Third-Party suppliers, organisations can proactively mitigate potential disruptions. Whether it is a security breach, reputational damage, or environmental issue, early awareness allows for effective risk management.
Reputation Protection
A thorough understanding of Third-Party risks helps safeguard an organisation’s reputation. By avoiding association with unethical practices or hidden issues buried within the supply chain, organisations can maintain their hard-earned standing.
Competitive Advantage
Organisations that grasp their risk exposure and assess their suppliers’ risk profiles are better positioned. They experience fewer disruptions and instil confidence in customers, who recognise their commitment to security and reliability.