"Our complicated environment requires attention to detail when reviewing security risks. We have many cloud-first vendors so the UpGuard platform allows us to be granular and gives us an interesting layered insight on our supply chain that could have a critical impact on our operation. As a telecommunications company providing mission-critical services, this insight is vital."
“I take a deep dive into the technical features to help the vendor when I send a remediation request.”
"It becomes easy to monitor hundreds of vendors on the UpGuard platform with instant email notifications if the vendor’s score drops below the threshold set based on risk or business."
"Having a system like UpGuard helps us sleep at night because we always know if we’ve overlooked any vulnerabilities."
“If you’re familiar with Active Directory Group Policy, then UpGuard makes a lot of sense. Ultimately you have this environment and you have this policy you’re applying to it. We’re also using Octopus Deploy and UpGuard uses many of the same methodologies. The two products complement each other.“
“The UpGuard user experience was much nicer than other platforms and easier to use, while other platforms felt more outdated and not as friendly.”
“Our previous vendor assessment process required a significant amount of time and also lacked the capability to identify specific types of risks that may be present across our supply chain.”
"Vendor Risk helps us manage vendor security performance across a diverse client base. It’s easy to use, and the vendor security questionnaire module helps us track workflows, surface security and prioritise specific risks for remediation."
“We used UpGuard because it was an easily-delegated, easily-deployed product which did what we needed it to do."
"Having an automated way to look at the attack surface is a great way to flag things like unmanned pages or EOL apps. It’s a low-hanging fruit to improve our security."
"This multinational provides a wide range of financial services. UpGuard helps prevent data breaches, by continuously scanning their own, as well as third-party vendors helps de-risk their exposure to suppliers and enables them to be proactive in managing third-party vendor risk."
“If they had a potential accounting impact, then we would insist on a SOC 1, Type 2 or SOC 2, Type 2. If they did not have an accounting impact, we had a phone call or sent a questionnaire.”
“I look at the newsfeed to see if any companies we do business with have had a cybersecurity incident.”
"UpGuard catches things that penetration testing misses and helps Xinja automate our vendor risk management processes."
“We had no way of determining the overall maturity of a vendor. So we had no way of estimating and comparing security maturity between vendors when going to tender.”