UpGuard CyberResearch Features

Monitor vendors

Evidence chasing

Any third party risk management program starts with the collection of security evidence. And it takes time and effort to chase your vendors to complete security questionnaires, provide additional evidence and then validate their responses. Let our analysts do this for you, so you can better allocate your security resources.

Vendor registration

Instantly request our third-party risk analyst team to kick off a new vendor risk assessment.

One-click request through the UpGuard platform
Collect relevant information about this vendor, to kick off an assessment
Let your vendor know that UpGuard will be assessing them

Vendor classification

Prioritize and tier your vendors, so we apply the appropriate level of due diligence through the risk assessment process. You can decide if UpGuard should simply chase evidence, or conduct a risk assessment and facilitate remediation.

Classify your vendors by criticality
Prioritize UpGuard risk assessment activities

Vendor administration

Let us chase and follow up your vendors to ensure they complete questionnaires and provide relevant evidence.

Don't let vendors avoid giving you evidence
Track progress in a single dashboard
Get updated as soon as vendor evidence is available

Questionnaire selection

UpGuard’s meticulously designed questionnaire library means you no longer have to create questionnaires from scratch.

UpGuard questionnaire
Short-form UpGuard questionnaire
ISO 27001 questionnaire
NIST Cybersecurity framework questionnaire
PCI DSS questionnaire
COBIT 5 questionnaire
ISA 62443-2-1:2009 questionnaire
ISA 62443-3-3:2013 questionnaire
GDPR questionnaire
CIS Controls 7.1 questionnaire
NIST SP 800-53 Rev. 4 questionnaire
CCPA questionnaire
Modern slavery questionnaire
Pandemic questionnaire
Security and privacy program questionnaire
Web application security questionnaire
Infrastructure security questionnaire
Physical and data centre security questionnaire

Response validation

Improve the speed and consistency of your vendors' responses to information requests. We'll validate responses to security questionnaires and requests for additional evidence.

Be certain that vendor responses make sense
No unanswered questions
Link additional evidence to their responses

Data protection

Failure to detect exposed data can have serious consequences on your business, from enabling corporate espionage to customer identity theft. This data provides attackers with a huge advantage: enabling reconnaissance, providing a foothold in the network for further exploration, selling data to the highest bidder, or holding data at ransom.

Data leak detection

UpGuard's proprietary Data Leak Search Engine scans every corner of the Internet, and identifies data that presents a risk. It doesn't just monitor your Internet presence but also scans every website we can find, cloud storage buckets, source code repos like GitHub, the Dark Web, pastebin, exposed databases like Mongodb, and many other sources.

Detect sensitive documents that aren’t meant for distribution
Protect customer data and avoid reputation, business, and regulatory damage
Find exposed employee credentials before attackers do
Automatically classify identified leaks
Identify API keys from hundreds of providers, database connection strings, SSL certificates, and more
Monitor for data exposures that occur at third-party party vendors that reference your organization

Vendor data leak detection

Don't get surprised by a vendor data leak. Provide UpGuard with a list of vendors you want to monitor, and get notified when any of them leak their data.

Prevent data leakage due to third party breaches
Identify your critical risk vendors
Manage all third-party risks
Collaborate with vendors on remediation efforts
Get analyst support to close the leaks

Assess and remediate vendor risk

Risk assessment

Stop using lengthy and error-prone spreadsheet-based vendor risk assessments. Let our analysts perform these for you, right from within the UpGuard platform. From evidence obtained from security questionnaires to additional evidence such as security documents, we combine these with security ratings and data leak detection to create a comprehensive third-party risk assessment. When we’re done, you can access the risk assessment in the platform and we can help you with your remediation strategy.

Managed risk assessment

Our analysts use UpGuard platform's in-built risk assessment process to comprehensively assess your third-party vendors.

Request a managed risk assessment in one click
Track the progress of your risk assessments
Review completed risk assessments
Review the evidence (like security questionnaire) we used to complete the assessment
Include results from security ratings, questionnaires and data leaks scans
Export the assessment as a PDF report

Questionnaire analysis

Our team will analyze all security questionnaire responses and publish them in the risk assessment report.

Analyze security questionnaire responses
Assign risk severity
Security questionnaire ratings
Single view of risks in the assessment report

Vendor security ratings

Instantly understand your vendor’s overall security posture.

Easy to understand for non-technical stakeholders and senior management
Updated multiple times a day
Based on the analysis of each of your vendor’s underlying domains and their security posture
Takes into account risks identified in UpGuard security questionnaires

Vendor data leak assessment

Our managed risk assessments include a vendor data leak search. Our team will analyze the results and include any identified risks in the assessment report.

Prevent data leakage due to third party breaches
Identify vendors with poor data security
Manage third party risks
Collaborate with vendors on remediation efforts

Additional evidence analysis

Our team will analyse additional evidence like publicly available security reports and audit reports (e.g. SOC-2, ISO27001).

Comprehensive view of a vendor's security posture
Reuse existing documentation to reinforce the risk assessment
All risks identified are published in a risk assessment report

Risk remediation

Eliminate the pain of chasing vendors to remediate risks. Our analysts will use the results of a vendor risk assessment to create a remediation plan and expedite the remediation process. Similarly, we'll also help your close any data leaks for your organization.

Remediation planning

Our analysts will prepare a remediation plan based on the risk assessment report.

Risk mitigation recommendation for each identified risk
Save time and deploy security resources more efficiently
PDF version available

Managed remediation process

Ease the pain of chasing vendors for risk remediation. Our analysts proactively follow up with your vendors, helping shorten the remediation cycle.

Chase vendors to remediate risks
Record who conducted the remediation
Improve your own security rating by remediating vendor risks

Remediation tracking

Track the progress of remediation activities through a single, easy-to-use dashboard.

Single remediation dashboard
Track the progress of your requests
Know when risks are remediated

Close data leaks

UpGuard gives you everything you need to close data leaks before they fall into the wrong hands.

Review findings within the platform
Remediate leaks with support from our analyst team
Get notified in-app and via email when leaks are closed
Close leaks and prevent costly data breaches

Manage vendor risk

Reporting and insights

Effectively report on your third-party risk management program to the Board and C-Suite. Have more productive conversations and create a common language and reporting framework that is easily understood by anyone at your organization.

Executive reporting

Use our prebuilt executive reporting suite to get insights right inside the platform. With structure access to your data, you can do things such as: see your average vendor security rating and twelve-month history, explore your current vendor risk ratings breakdown, and find your highest and lowest rated vendors.

Prebuilt reporting for your third-party risk management program
Current average vendor rating and twelve-month history
Distribution of vendor ratings and twelve-month comparison
Highest and lowest-rated vendors
Most and least improved vendors
Concentration of fourth-party technologies

Business operations

Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.

Roles and permissions

Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.

Get fine-grained control on providing specific users access to specific products and features
Create roles, and associate permissions with these
Grant users access to a role
A change in permission associated with a role applies to all users with that role

Account security

Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.