Panorays Release Notes

Transform your risk management process, simplify third-party management, and automate time-consuming tasks. Our latest features let you enhance your workflow, ensure compliance, and drive efficiency.

Workflow Automation

Save time and resources by streamlining your third-party evaluation process with the new Workflow Automation feature. Now, you can define preset rules to automatically approve or reject third parties, generate remediation tasks, and assign responsibilities to multiple stakeholders throughout the approval journey. These rules are triggered based on Questionnaire Ratings, Cyber Posture Ratings, and Risk Ratings that reflect your company’s security policy. Additionally, rules can be applied based on business impact as well as third-party risk status. Learn More.

Smart Match: Upload Questionnaires

This feature allows third parties to upload previously answered questionnaires from outside Panorays, enabling Smart Match to draw better results when answering new questionnaires. Learn More.

Internal References

Leave internal notes for questionnaire reviewers, giving them additional details into company policy, compliance and more. This accelerates the review process and enhances accuracy.

Optimize the evaluation process with our new AI-powered feature, Smart Match!

Panorays integrates AI capabilities to benefit the entire ecosystem – a fast, easy, and secure solution for both sides of the evaluation process.

Smart Match

Streamline the questionnaire submission process, reduce reliance on internal stakeholders and ensure consistent answers across various questionnaires with Smart Match.

Smart Match uses previously answered questions and suggests matching answers while completing the questionnaire. The AI-generated library presents pre-answered questions ranked by similarity score allowing responders to choose the most relevant answer. This effectively accelerates the questionnaire response time. Learn More.

Gain valuable insights into your extended attack surface with Panorays’ latest features!

From Supply Chain Discovery to detailed Asset Management and Risk Insights, you’ve got the tools you need to monitor your expanding attack surface and respond to cyber threats.

Extended Attack Surface Monitoring

Supply Chain Discovery
By generating an extensive list of your direct and indirect suppliers, Supply Chain Discovery maps out your digital supply chain, revealing Shadow IT, and providing a cyber posture rating for each identified supplier. Next to each discovered company, you’ll also see a Commonality rating, reflecting how broadly this company appears in others’ Supplier Inventory. With a click of a button, you easily add relevant suppliers to your own inventory for extensive monitoring and managing. Learn more.

Risk Insights and Response Portal
Get first-hand alerts on cyber risks impacting your supply chain with the Risk Insights and Response Portal. The portal reports an overview of several types of risks such as vulnerabilities, breaches, news updates, and zero-day attacks, revealing your exposure to the event across your digital supply chain. With automated details of each risk, you’ll see which of your direct and indirect suppliers were affected by the incident and take immediate action by sending a breach questionnaire to your suppliers. As well, the detailed breakdown of affected companies makes it easier to comply with today’s regulations requirements and report on the full impact of a cyber event. Learn more.

Known Exploited Vulnerabilities
We’ve added CISA’s Known Exploited Vulnerabilities (KEVs) into our detection of technology vulnerabilities, to provide a more accurate risk assessment. KEVs are now prioritized as Critical findings, reflecting a more actionable view of your riskiest findings and making it easier to prioritize KEVs as part of your Findings remediation efforts. Learn more.

Asset Details
The new Asset Details sidebar provides enriched data on your and your third parties’ discovered Assets, letting you drill down to DNS, Network, Registration, and Web details. Make informed decisions to remediate findings and reduce your cyber risks, by understanding how each asset was discovered, its criticality, and the implications it has on your overall cyber posture.

Improved Remediation Management

Remediation Management: Bulk Task Creation
Save time with new Bulk Task Creations! Simplify the process of creating multiple remediation tasks by “bulk selecting” findings and questions at once. Instead of multiple emails to your third parties, they will now receive one condensed email with the selected task IDs. Learn more.

API Improvements
We’ve improved our API capability to include:

• Expanded web documentation with additional endpoints, enabling you to automate a wider range of rules and actions.
• Admins now can create, modify, and remove API Tokens within the Panorays platform, while maintaining control over access permissions.

Learn more.

Custom Emails
Personalize your emails to third parties with our newly customizable email templates! You can now edit emails for Security Questionnaires, Remediation Tasks, and Security Passport by fully customizing the email copy, subject, and CTA, giving you full control of what to communicate. Learn more.

Inventory Management
Gain visibility over all your unassessed third parties from one centralized place. Now you can make informed decisions by selectively evaluating chosen third parties and determining their assessment type from your Inventory.

In this release we added a few new capabilities to help manage third-party security risk from start to finish and eliminate the need to jump between tools and platforms.

Read how our Q1 2023 features support the entire process from prioritization, evaluation, mitigation and continuous monitoring.

1. Prioritization

Third-Party Inventory
Third-Party Inventory allows you to view and manage all your third parties in one place, regardless of tiers and types of evaluations. Your single source of truth enables you to classify third parties by inherent risk and choose the appropriate evaluation process for each third party. You can also upload security control documentation for unassessed third parties and monitor their approval status. Learn more.

2. Evaluation

External Attack Surface Assessment

Endpoint Detection
Endpoint detection is a new category in Panorays’ external attack surface assessment. Endpoints, referring to all devices connected to a company’s network such as desktops and laptops, are often a major target for malicious actors. That’s why ensuring the security of all endpoints is a critical step for defending the front line of an organization’s network. With Endpoint Detection, Panorays users have visibility into their third-party’s endpoints and their impact on cyber posture, allowing them to address any security gaps. Learn more.

Smart Questionnaires

Questionnaire Conversations
Communicate and collaborate efficiently with third parties on every question, while they answer the questionnaire, rather than waiting until after its submission. This results in a more streamlined and organized experience. Additionally, send internal messages to your team members for clarification or adjustment, creating an efficient internal workflow. Learn more.

Integration and Ratings

Correlated Insights
With Panorays’ integrated solution, view the results from questionnaires and external assessment findings side-by-side, in a single pane of glass. No misalignment and no fragmented workflows; you can validate responses and findings against each other and streamline your entire review process. Learn more.

Risk Policy
Your admin can customize your third parties’ bottom-line risk rating calculation, providing greater flexibility and control. This includes adjusting the weighting methodology for questionnaires and External Attack Surface Assessment, and factoring in additional considerations such as critical tests and expired questionnaires. You can also modify the risk rating matrix values based on inherent risk and Panorays combined score. These modifications apply to all third parties and are fully transparent, as outlined in the newly added manual. Learn more.

Override Risk Rating
By granting admin permissions, you can manually adjust the bottom-line risk rating (which considers the questionnaire score, external attack surface assessment score and inherent risk calculation). This provides you the flexibility you need to consider external factors that were not included in the evaluation conducted through Panorays. Real-time changes are visible to all users for transparency and easy tracking. Get complete control and flexibility over your third-party’s risk rating. Learn more.

3. Mitigation

Remediation Management
There is a new centralized location to oversee and manage remediation tasks, streamlining the entire process from creation to resolution, while collaborating with your third parties.
Easily create tasks for your third parties so they can quickly address any security issues identified in questionnaire responses or External Attack Surface Assessments findings. Our new Cyber Impact Score makes it simple for you to prioritize tasks by informing you how mitigating a task will enhance the rating of the third party involved. Collaborate with your third parties on each task by assigning it to the relevant contact and communicating through the platform. In the new remediation tab, track and monitor all tasks assigned to each third party, enhancing visibility. Learn more.

4. Continuous Monitoring

Automated Reevaluation
Customize and automate the reevaluation of your third parties based on their inherent risk, frequency, and priority. Set up a personalized process for each third party that includes creating reminders with email notifications, and scheduling recurring reevaluation using relevant question templates.

Approval Snapshot
Automatically capture the bottom line risk rating score of your third parties once their status is changed. Screenshots are saved as a record of past scores and can assist your decision-making process. Compare scores for each third party before reevaluations and obtain an overview of cybersecurity posture improvements.