The solution will become available sometime in April 2014

Mar 7, 2014 20:01 GMT  ·  By

InfoArmor has announced Vendor Security Monitoring (VSM), a new solution that’s specially designed to help organizations avoid being severely impacted by data breaches suffered by their external vendors.

Many companies have come to realize the risks associated with external vendor breaches after the incident involving the US retailer Target.

Hackers gained access to servers storing the personal and financial details of tens of millions of Target’s customers after breaching the systems of Fazio Mechanical Services, a company that provides heating, ventilation, and air conditioning services.

Normally, a HVAC company shouldn’t have unrestricted access to a client’s network. And Fazio didn’t have unrestricted access to Target’s systems – in fact, it only had access for billing, contract submission, and project management. However, it was more than enough for sophisticated cybercriminals.

InfoArmor’s VSM solution is a first-of-its-kind tool that gives organizations access to safety reports about their vendors, enabling them to make calculated decision regarding the firms they do business with.

“Data breaches are the greatest risk factor for identity fraud. Now, we're able to help businesses do even more to protect their customers,” commented Drew Smith, InfoArmor's chief executive officer.

VSM is powered by PwnedList, a company recently acquired by InfoArmor. PwnedList specializes in monitoring compromised accounts.

“Businesses tend to approach third-party security breaches as a cost of doing business, but that's set to rapidly change as their customers demand more accountability and security,” said Steve Thomas, president and co-founder of PwnedList.

“Companies are realizing that they are only as strong as their weakest link, and research proves that in many cases, external vendors are that weak link.”

Some companies might ask vendors about their security systems before signing a contract. However, they mostly rely on questionnaires that don’t ask the right questions. Furthermore, the vendor might not even know its security posture too well.

VMS proactively monitors vendors to see if they’ve been hit by hackers. The solution relies on data harvested from hacker forums, data loss databases, web crawlers, hacker communities, malware logs, file sharing portals, and even the dark net.

If a breach is detected, the organization that relies on VMS is immediately notified so that preventive measures can be taken.

“Both consumers and the government are making it the company's responsibility to evaluate and use secure vendors,” Thomas said. “In fact, future legislation is pointing toward making corporations financially responsible for breaches within their organization, regardless of whether they are directly or indirectly involved in a security breach.”

Vendor Security Monitoring is still in beta testing. The product will become available sometime in April 2014.