Vendor & Supply Chain Diligence

Planning to do business with a vendor, or planning an acquisition?

Do any of these situations apply to you?

  • We don't know where to begin
  • Our current risk management team is overwhelmed and we need help.
  • We are building a vendor and supply chain risk team and we need help.
  • We do business with many companies who have access to our data, but have never asked about their security posture.
  • Other companies have access to our internal network(s) and we want to understand what kind of risks this presents.
  • We want to purchase a company, but need to understand how risky their security posture is to our investment.

If so, Oppeo Security can definitely help you. Get in touch.

Why do we need vendor or supply chain diligence?

If you wish to do business with a company that offers a product or service which solves a business need, you'll want to understand what kind of risk this could present to your organization. Adversaries today are examining the products that are offered to organizations such as yours, and attempting to compromise as many victims as possible through supply chain interdiction.

Below are a few examples of what kind of risks partners in your supply chain can present to your business

Scenario 1
Your organization wants to use a product which requires access to cookies on your website. If the product is breached or misconfigured, then it may allow attackers to gain access to all session cookies for all users on the website. What's more, the product may be able to read and alter each individual request on the page, including accessing user passwords and other sensitive data.

What if there was a way to considerably minimize this risk while still achieving the intended goal? Oppeo Security can help you.

Scenario 2
You just acquired a new company, or hope to acquire one. You need to understand what risks are associated with your investment so you can implement procedures to patch them, or decide not to make the purchase based on unacceptable risk.

Oppeo Security can perform a very in-depth risk assessment using experienced risk assessors who have penetration testing experience and thoroughly understand the presented risks.

Scenario 3
Another company needs access to certain machines on your internal network. They need this for one business reason or another and you need the services they offer. If you have an open network which allows all other machines to communicate with each other, then if either company is breached the other may also become a victim of a breach.

These are only a few examples of common risks. In reality, many other risks are possible. Oppeo Security can help you understand these risks and provide compensating controls to help you avoid exploitation at scale.

Some of the advantages we have over the competition include:

Advantages Oppeo Assessors Traditional Risk Assessment
Industry Experts X X
Penetration Testing Knowledge X  
Application Security Knowledge X  
Cloud Security Knowledge X  
Extremely Thorough X  
Utilizes Open-Source Intelligence (OSINT) X  

Whatever the needs of your business, we can help. Interested? Get in touch.