The ever-growing complexity of third-party and vendor ecosystems presents a critical challenge for enterprises worldwide. As organizations onboard and offboard an increasing number of suppliers, apps, and service providers, the need for robust, scalable, and efficient risk management solutions has never been greater.
At Cisco Investments, we’re committed to supporting groundbreaking technologies that address these challenges head-on. That’s why we’re thrilled to announce VISO TRUST as the newest addition to our portfolio.
Enterprises frequently onboard and offboard third-party apps and suppliers, all while navigating evolving regulations and compliance checks. This dynamic environment requires enterprises to ensure these third parties remain compliant and pose no security risks. Traditional methods, such as self-administered questionnaires, are becoming less effective due to low vendor participation and the lack of continuous monitoring.
The gravity of this threat can’t be understated.
Third parties often have access to sensitive data or critical infrastructure, making them potential entry points for attackers. Threat actors frequently exploit third parties as backdoors into larger organizations, knowing that these vendors may have weaker security postures.
In our most recent CISO Survival Guide, approximately half of the respondents identified third-party software risk as one of the top vulnerabilities in the software supply chain. Consequently, nearly every respondent indicated that they were either using or considering the use of software supply chain security solutions. They recognize the significant risks posed by third-party software.
VISO TRUST co-founder and CEO, Paul Valente brings over 25 years of experience in the cybersecurity industry to the table. His extensive career includes serving as the Chief Information Security Officer (CISO) at prominent companies such as Restoration Hardware and Lending Club. Throughout his career, Paul encountered significant challenges associated with managing third-party risk. These experiences fueled his passion for developing a more efficient solution, ultimately leading to the creation of VISO TRUST. His deep understanding of the complexities involved in cybersecurity risk management positions him uniquely to drive innovation and transformation in the field.
I recently had a conversation with Valente, about VISO TRUST and the impact it’s having on third-party risk management.
AI-Driven Efficiency and Accuracy in Risk Management
VISO TRUST leverages artificial intelligence (AI) to transform the traditionally demanding process of third-party risk management.
“Having set up a risk-management program according to industry best practices at many companies, I really found that it was labor-intensive and slow, and the result didn’t deliver much value from a risk standpoint,” Valente explains.
Using AI-powered artifact intelligence, VISO TRUST delivers fast, accurate risk assessments, reducing the operational burden for clients and vendors alike.
"An AI and evidence-based approach is what sets us apart,” Valente says. “It allows collaboration at scale. Really any sized team can interact with any number of third parties."
Continuous Monitoring and Enhanced Visibility
The platform's continuous monitoring capabilities are a game-changer in managing third-party risks. By tracking various sources, including 8-K filings, news, and threat and vulnerability information, VISO TRUST provides real-time telemetry on both third and fourth-party risks.
“With the tremendous scale of third parties, security teams just can't hire infinite analysts to analyze all that information, all the time. They’re overwhelmed by the volume of third-party data they need to monitor. Our platform automates this process, ensuring no critical threat goes unnoticed,” Valente says.
This continuous oversight ensures that organizations can promptly respond to potential threats, maintaining robust security postures.
“Companies can get full visibility into their third-party populations, no matter what the scale, and be in the best possible position to manage and monitor that risk over time, to minimize the loss from breaches and incidents,” Valente explains.
Future Integration and Continuous Innovation
Looking ahead, VISO TRUST aims to incorporate AI into broader governance, risk, and compliance (GRC) programs, including both third-party and first-party information. This vision underscores their commitment to continuous innovation and staying ahead of the cybersecurity landscape.
"We’re looking to provide information that enriches various toolsets on the market today, while enriching the experience of our customers and their visibility into their third-party landscape and ecosystems."
VISO TRUST’s impact to the Cybersecurity ecosystem cannot be overemphasized – their AI innovation has put Trust back in deploying third-party vendors.