KELA’s TPRM module identifies software supply chain risks
KELA launched the Third-Party Risk Management (TPRM) module, fully integrated into its threat intelligence platform.
This new offering is specifically designed to strengthen organizational defenses by focusing on software supply chain risks. KELA’s TPRM module stands out in the market due to its advanced algorithm, which not only assesses traditional attack surface risk factors but also integrates comprehensive threat intelligence from KELA’s platform, including leaked credentials, network access and other critical threat indicators, providing a more robust and predictive risk score.
The TPRM module employs an advanced scoring algorithm that synthesizes data from KELA’s comprehensive cyber threat intelligence and attack surface monitoring solutions. This method utilizes current and impending, factual threat data enabling dynamic risk scoring that adjusts as new information surfaces. As a result, organizations receive risk assessments that are not only precise but also actionable, providing pinpointed insights and prioritized remediation measures.
This latest addition to KELA’s solution suite allows for more effective integration of Cyber Threat Intelligence (e.g. compromised assets, stolen credentials and identities) and Attack Surface Monitoring (ASM) with third-party risk management (TPRM). This strategic combination enhances KELA’s ability to provide real-time, actionable insights, making it easier for security teams to proactively identify and mitigate potential threats stemming from their supply chains.
Key Features Include:
- Third party attack surface monitoring: Conducting comprehensive asset discovery, integrating relevant intelligence findings, and continuously monitoring potential threats on both known and unknown vulnerabilities. This enables a detailed analysis, from an overall risk score down to actionable raw data, providing insights as seen through the eyes of the attacker.
- Predictive risk scoring: The predictive scoring feature, modeled and trained with intelligence on thousands of validated cyber incidents, provides ongoing monitoring and updates, allowing you to stay ahead of potential threats and take action before an attack occurs.
- Automated risk reports: Include high level and in-depth information about intelligence collected by KELA. These reports can be used to share information within third-parties and support prioritization and remediation processes.
Targeted for both Enterprises and Governmental Institutions: KELA’s advanced Third-Party Risk Management module is crucial for high-end sectors including banking, insurance, IT, computer software, healthcare, finance, telecommunications, and aviation. It provides these industries with essential tools to thoroughly assess and mitigate risks across their digital supply chain.
Additionally, for government, law enforcement agencies and national CERTs, this module is instrumental in gauging risk levels per sector, including critical infrastructure and public services, as well as assisting small businesses by providing corrective measures and guidance. This comprehensive approach significantly enhances national security measures.
“As we continue to witness the escalating complexities and the increasing frequency of cyber threats, the need for an advanced third-party risk management solution has become more apparent than ever,” said David Carmiel, KELA’s CEO. “In collaboration with our customers, we recognized that the need extends beyond risk assessment; there is a strong demand for real, validated actionable intelligence to effectively mitigate these external risks. Our new TPRM module is specifically designed to answer this need and fortify organizations’ defenses against the vulnerabilities introduced by third parties.”
source: HelpNetSecurity
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024