A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties Breadcrumb Home Insights Blog DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties July 28, 2017 DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties Every year I like to take a look at the talks at Black Hat and DEF CON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities. However, for many of us, we are not able to review these devices for the vulnerabilities very easily. For those that fall in this camp you will need to have conversations with the vendors and manufactures about their controls and specifics, which is a manual and grueling process. Luckily organizations can leverage their third-party risk management processes, if they have them, along with the ability to create customized questionnaires to address these vulnerabilities with their manufactures. In my previous blog post, Three Steps for Management and Remediation of Security Vulnerabilities, I shared how organizations would look for vulnerabilities within their vendors. This same process applies to IoT and cloud systems. In preparation for this week’s activities it might be a good step to review your organization and perform any preparations you can. Some key areas that stood out this year include: Exposure areas – Understand where your key exposure areas may be including operating systems and other systems on your network Third-party risk – Define your key third parties and technologies being used to deliver critical business services Incident response program – Take a quick moment to review and share your incident response plan and run book adding in some quick stop gaps (i.e. do you know what to do for cloud, IoT and third parties?) To ensure your vulnerability response program is comprehensive, dedicating time and resources to your third-party risk management program is a must and there is no better time than the present. By: James Robinson Vice President, Third-Party Risk Management As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation. Share: Vulnerabilities Risk Third-Party Risk Incident Response