"We now have an automated, robust process for validating that planned changes are made correctly. That reduces regulatory and operational risk, lowers costs, and allows us to drive continuous improvement."

"UpGuard catches things that penetration testing misses and helps Xinja automate our vendor risk management processes."

"We can now get comprehensive vulnerability reports, tied directly to specific CIs. Because of this, we’ll also be able to drive end-to-end remediation processes within ServiceNow, and tie this directly back into other areas such as GRC.”

"Having an automated way to look at the attack surface is a great way to flag things like unmanned pages or EOL apps. It’s a low-hanging fruit to improve our security."

"UpGuard was able to give us insight immediately into our online profile and identify our cyber risk."

“Our previous vendor assessment process required a significant amount of time and also lacked the capability to identify specific types of risks that may be present across our supply chain.”

“Before UpGuard, we had to juggle the vendors we could monitor due to our limited-licensing structure. If we partnered with a new vendor, we had to evaluate which vendors to remove to make room.”

“We used UpGuard because it was an easily-delegated, easily-deployed product which did what we needed it to do."

“We had no way of determining the overall maturity of a vendor. So we had no way of estimating and comparing security maturity between vendors when going to tender.”

“The biggest factor for us was time, We needed a tool that wouldn’t take more time to manage than the value it provided. UpGuard was by far the most efficient and user-friendly.”

“We’re stewards of public funds, When we choose a vendor, we need to justify that decision. Now, if anyone questions why we selected a particular provider, we can point to an independent, third-party assessment. That transparency is crucial.”

"Open-Xchange uses a vulnerability scanner across the organization’s internal and external attack surfaces. While the scanner provides in-depth coverage, it doesn’t have asset discovery capabilities. It can only monitor what we know. It doesn’t have a perfect register of where every IT asset is, especially as we use dozens of …

“We were relying on spreadsheets, emails, and a lot of back-and-forth to assess vendor security. It was slow, inconsistent, and frankly, a nightmare to manage at scale.”

“We handle vast amounts of sensitive personal and patient data, including prescription records. If a vendor’s security posture is weak, it could expose us to regulatory risk and reputational damage. We needed a solution that would streamline risk assessments and ensure compliance without slowing the business down.”

"One thing that's been really impressive has been the continuous little tweaks and new features that the development team has been doing. Those things keep the solution fresh and I find the new features are really, really useful."