SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Vanta powers third-party vendor security with latest launch
Thu, 4th May 2023

Vanta has announced the launch of its Vendor Risk Management (VRM) solution, enabling organisations to accelerate, automate and simplify third-party vendor security reviews and due diligence.

Featuring vendor auto-discovery and continuous vendor assessment and remediation workflows, Vanta's VRM offering is designed to reduce the time and costs for security experts and novices alike to review, manage and report on third-party vendor risk.

Application proliferation is on the rise as organisations grapple with uncovering and securing hundreds of apps being used by employees every day.

With 53% of enterprise applications unmanaged and shadow IT accounting for over half the SaaS applications in a companys portfolio, security and IT teams are fighting a never-ending battle of app overload.

At the same time, third party vendors have emerged as a leading attack vector for hackers, with the period for discovering and containing a data breach averaging 280 days nearly an entire year. 

Compounding the pain for security teams is the status quo of ensuring third-party vendors are secure and properly protecting sensitive data are cumbersome, costly and time consuming.

Christina Cacioppo, CEO Vanta, says, "Between never-ending app sprawl and an increasing number of access points, organisations are only as secure as their weakest link.

"With Vanta's VRM solution, security teams can significantly reduce vendor risk by quickly inventorying vendors, performing security reviews, and remediating issues all in the same platform they use for security and compliance today."

Unlike other products that serve as siloed point solutions for security reviews or third-party risk assessment, Vanta enables the whole process of vendor management, from discovery to reviews to remediation, in one place.

With Vanta's VRM solution, reviews are reduced from days and weeks to mere hours, with cost savings of over 90%. When combined with Vanta's newly enhanced Access Reviews, security teams can ensure that only the right users have access to crucial systems, with the appropriate permissions.

The result is a single platform that:

  • Automatically discovers all vendors being used by employees.
  • Prioritises vendor reviews based on risk levels assigned by a customisable risk rubric.
  • Simplifies requesting security reviews via integrations with procurement systems.
  • Streamlines vendor security assessments with automated workflows to review vendor questionnaires, track compliance reports, and periodic reminders to request updated reports.
  • Optimises vendor spend by identifying vendor redundancies and reduces license costs by revoking employees that dont need access.

George Uzzle, Chief Information Security Officer, Vibrent Health, says, "It used to take us 100 hours per vendor to perform a security review, a process my team has to repeat across more than 50 vendors annually. Vanta's Vendor Risk Management solution allows us to reduce this to only a few hours a week for each vendor, freeing up time to focus on more strategic security objectives."

This launch is demonstrates Vanta's trust management platforms end-to-end capabilities, the company states.

The company also recently announced Questionnaire Automation, which utilises fast and accurate automation technology to help organisations quickly respond to security questionnaires and effectively communicate their security and compliance posture to customers and prospects. 

By automating the traditionally manual process of answering security questionnaires, Vanta enables companies to save time and resources while increasing response accuracy and completeness.

According to Vanta, with Questionnaire Automation, teams can:

  • Build and manage a library of accurate, up-to-date questionnaire answers by uploading previously completed questionnaires.
  • Complete questionnaires in web-based spreadsheets and forms, or answer one-off questions with the Browser Extension.
  • Take a first pass at entire security questionnaires in a single click with questionnaire auto-complete functionality.

Cacioppo comments, "Vanta pioneered the automated compliance category. With the launch of Questionnaire Automation, we're continuing our industry-leading approach to helping companies automate the mundane, manual tasks so their security teams can focus on their most important, strategic initiatives.

"As the all-in-one platform for everything from Automated Questionnaires to VRM to Access Reviews, Vanta serves as the single source of truth for businesses of all sizes to build the essential security practices needed to demonstrate compliance, stay secure, and deepen trust with customers, partners, and vendors."