Panorays Release Notes
Q1’23
In this release we added a few new capabilities to help manage third-party security risk from start to finish and eliminate the need to jump between tools and platforms.
Read how our Q1 2023 features support the entire process from prioritization, evaluation, mitigation and continuous monitoring.
1. Prioritization
Third-Party Inventory
Third-Party Inventory allows you to view and manage all your third parties in one place, regardless of tiers and types of evaluations. Your single source of truth enables you to classify third parties by inherent risk and choose the appropriate evaluation process for each third party. You can also upload security control documentation for unassessed third parties and monitor their approval status. Learn more.
2. Evaluation
External Attack Surface Assessment
Endpoint Detection
Endpoint detection is a new category in Panorays’ external attack surface assessment. Endpoints, referring to all devices connected to a company’s network such as desktops and laptops, are often a major target for malicious actors. That’s why ensuring the security of all endpoints is a critical step for defending the front line of an organization’s network. With Endpoint Detection, Panorays users have visibility into their third-party’s endpoints and their impact on cyber posture, allowing them to address any security gaps. Learn more.
Smart Questionnaires
Questionnaire Conversations
Communicate and collaborate efficiently with third parties on every question, while they answer the questionnaire, rather than waiting until after its submission. This results in a more streamlined and organized experience. Additionally, send internal messages to your team members for clarification or adjustment, creating an efficient internal workflow. Learn more.
Integration and Ratings
Correlated Insights
With Panorays’ integrated solution, view the results from questionnaires and external assessment findings side-by-side, in a single pane of glass. No misalignment and no fragmented workflows; you can validate responses and findings against each other and streamline your entire review process. Learn more.
Risk Policy
Your admin can customize your third parties’ bottom-line risk rating calculation, providing greater flexibility and control. This includes adjusting the weighting methodology for questionnaires and External Attack Surface Assessment, and factoring in additional considerations such as critical tests and expired questionnaires. You can also modify the risk rating matrix values based on inherent risk and Panorays combined score. These modifications apply to all third parties and are fully transparent, as outlined in the newly added manual. Learn more.
Override Risk Rating
By granting admin permissions, you can manually adjust the bottom-line risk rating (which considers the questionnaire score, external attack surface assessment score and inherent risk calculation). This provides you the flexibility you need to consider external factors that were not included in the evaluation conducted through Panorays. Real-time changes are visible to all users for transparency and easy tracking. Get complete control and flexibility over your third-party’s risk rating. Learn more.
3. Mitigation
Remediation Management
There is a new centralized location to oversee and manage remediation tasks, streamlining the entire process from creation to resolution, while collaborating with your third parties.
Easily create tasks for your third parties so they can quickly address any security issues identified in questionnaire responses or External Attack Surface Assessments findings. Our new Cyber Impact Score makes it simple for you to prioritize tasks by informing you how mitigating a task will enhance the rating of the third party involved. Collaborate with your third parties on each task by assigning it to the relevant contact and communicating through the platform. In the new remediation tab, track and monitor all tasks assigned to each third party, enhancing visibility. Learn more.
4. Continuous Monitoring
Automated Reevaluation (coming soon)
Customize and automate the reevaluation of your third parties based on their inherent risk, frequency, and priority. Set up a personalized process for each third party that includes creating reminders with email notifications, and scheduling recurring reevaluation using relevant question templates.
Approval Snapshot (coming soon)
Automatically capture the bottom line risk rating score of your third parties once their status is changed. Screenshots are saved as a record of past scores and can assist your decision-making process. Compare scores for each third party before reevaluations and obtain an overview of cybersecurity posture improvements.