Panorays automates third-party security management. The platform enables companies to easily view, manage and engage on the security posture of their third parties, vendors, suppliers and business partners.
How It Works
The platform inherently combines a continuous hacker’s view of the evaluated company together with internal policy enforcement.
With the Panorays platform, companies dramatically shorten their third-party security evaluation process and gain continuous visibility while ensuring compliance to regulations such as GDPR and NY DFS.
Panorays is a SaaS-based platform, with no installation needed.
Transparency in Ratings
Ratings are context-based, depending on the unique relationship between the third party and the company.
Ratings are aggregates of further detailed ratings ultimately based on thousands of tests and inquiry results.
It is possible to view a third party’s rating in the following structured manner:
A single rating based on a 0-100 scale, reﬂecting an overview of the third party’s cyber posture based on the technological and relationship level between the company and the third party.
This rating captures both the “hacker’s view” of the third party and the company’s internal policy.
Rating per layer
An overall rating for each layer of the third party’s digital perimeter, as captured by mimicking thousands of hackers performing reconnaissance.
Data is analyzed from more than 1,000 known data sources as well as from Panorays’ own proprietary research.
Speciﬁcally, ratings represent the cyber resilience of these three layers:
- Network & IT – Parameters involving DNS servers, SSL-related protocols and more.
- Application – Parameters involving Web applications, domain hijacking and more.
- Human – Parameters involving social posture, presence of dedicated security team and more.
Ratings per parameter
All in all, there are 13 evaluated parameters that compose the layers.
The rating for each parameter is a weighted calculation based on running thousands of “hacker view” tests.
Tests are performed as the third party’s assets are unveiled one by one.
Severity of the cyber gap
Each test that results in a cyber gap is presented within the Panorays platform.
The platform pinpoints the affected asset and the corresponding issue.
The cyber gap is clearly detailed and provides a “how-to” for easy remediation.
Security inquiry rating
A speciﬁc rating representing the internal policy at the third party.
The rating is based on the third party’s responses to a security inquiry. The inquiry is a smart and automated questionnaire that is based on the business and technology relationship between the third party and the company, and prior knowledge obtained by the Panorays platform.
The Panorays platform provides a built-in inquiry, or a company can use its own customized inquiry.
The company may also decide on various weights for certain standards and which standards to mandate.
GDPR readiness rating
A scale representing the third party’s readiness for GDPR.
The scale ranges from no readiness to full compliance.
Disputing a Finding
Every once in a while, a third party – or even the company – may want to dispute the rating. For example, it may happen that the unveiled asset is not under the possession of the third party. Or, it may be that a company’s risk appetite is larger, allowing a third party to knowingly inject web code as part of its marketing platform.
Whatever the case, deﬁning what is disputable is part of the third party-company relationship. We understand that. For that reason, the Panorays platform provides the option to dispute a test within the platform. Both the third party and the company are required to validate the disputed ﬁnding and agree to reject it. There is no need for emails, phone calls or any other out-of-band methods – all communication is performed within the platform and each side is notiﬁed in real time.
Once both parties agree, the Panorays platform will automatically reevaluate the company, removing the disputed ﬁnding from the third party’s security rating calculation.