In today’s dynamic cybersecurity environment, effectively managing vendor relationships is crucial for protecting digital assets. According to PwC’s 2022 Global Digital Trust Survey, 75% of executives reported that their organizations are overly complex, leading to concern about cyber and privacy risks.

Grand Bank, a prominent financial institution, faced similar challenges in monitoring and mitigating risks with its vendors. To address this, they partnered with Latest Solutions to implement Ivanti’s External Attack Surface Management (EASM). This provided Grand Bank with improved visibility into vendor security, streamlined onboarding and improved their overall cybersecurity program.

Overcoming vendor security challenges

Maintaining strong vendor relationships is crucial for safeguarding an organization’s digital assets. Grand Bank encountered significant difficulties in securing its vendor ecosystem. The adoption of External Attack Surface Management (EASM) addresses the need to identify and mitigate risks linked to an organization’s extended digital environment, encompassing third-party vendors and partners.

By deploying EASM solutions, companies can achieve enhanced visibility into their vendors’ external attack surfaces, thereby reducing overall cybersecurity risk and strengthening supply chain security.

Before adopting Ivanti's EASM solution, Grand Bank carried out vulnerability assessments and penetration tests on their internal systems. "As we moved to the cloud, it became evident that this approach was necessary for our cloud assets and vendors as well. Evaluating vendor security proved especially difficult. We required a method to assess our vendors' security stance," said Robert Hanson, CTO of Grand Bank.

The bank's previous vendor security procedures were outdated and inefficient, increasing the bank's vulnerability to security threats. Forrester highlights that EASM is crucial for thorough due diligence, especially during mergers and acquisitions, where uncovering hidden vendor assets is vital for assessing risk.

To address these challenges, Grand Bank opted for Ivanti’s EASM solution. It offers an automated, comprehensive vendor management approach that continuously monitors vendors' attack surfaces, assesses and mitigates risks. With Ivanti's EASM, the bank has streamlined vendor onboarding and greatly enhanced exposure management. To further bolster their security measures, Grand Bank also engaged one of Ivanti’s strategic partners, Latest Solutions, to assist with the implementation.

The value of the latest solutions partnership

interactive easm display

2018, the collaboration between Grand Bank and Latest Solutions has been mutually beneficial. Combining their industry knowledge with Latest Solutions' cybersecurity expertise, the Grand Bank implemented Ivanti’s EASM solution to improve vendor security management. This partnership allows Grand Bank to continuously monitor and assess vendor risks, streamline onboarding, and mitigate third-party threats, thus strengthening its overall cybersecurity framework.

Additionally, it helps Grand Bank comply with regulatory standards, protect sensitive data and maintain client trust. This partnership has notably improved Grand Bank's security and that of its vendors.

Moreover, the continuous support and technical expertise provided by Latest Solutions has enabled Grand Bank to stay ahead in the rapidly evolving cybersecurity landscape. The collaboration ensures that Grand Bank remains resilient against emerging threats, thereby securing its operations and improving stakeholder confidence.

The strategic alignment between the two organizations has fostered a proactive approach to cybersecurity, creating a robust and reliable vendor management system. This seamless cooperation has been exemplified through the effective implementation of Ivanti's EASM solution, as detailed in the following use case.

"EASM is a pretty easy lift from a partner's perspective as a lot of the lift comes from the product itself in the background. Four hours and you're up and running...pulling data and it just gets more fine-tuned...it's basically doing something that would take a team to do for your organization," said Jared Carver, President of Latest Solutions.

Vendor management use case of Ivanti's EASM solution

Grand Bank's implementation of Ivanti's External Attack Surface Management (EASM) solution follows a multi-phased approach that has greatly improved their cybersecurity posture. Initially, Grand Bank used Ivanti EASM to assess its assets, uncovering unknown vulnerabilities and gaining a comprehensive overview of its security landscape. This self-evaluation serves as the foundation for a more robust and informed vendor management program.

In the second phase, Grand Bank focused on evaluating the security posture of their existing vendors. By using Ivanti's EASM, they gained unprecedented visibility into their vendors' attack surfaces, identifying potential risks and vulnerabilities that had previously remained undetected. This included insights from the dark web, providing a deeper understanding of exposure management and enabling Grand Bank to take proactive measures to mitigate potential threats.

The ability to continuously monitor their vendors' security postures ensured that Grand Bank could swiftly address any issues, thereby fortifying their overall cybersecurity stance.

The final phase involved integrating EASM into Grand Bank's pre-onboarding checks for potential vendors. This streamlined the vendor onboarding process, ensuring that only vendors meeting stringent security standards were brought on board. The continuous monitoring capabilities of EASM also facilitate efficient offboarding, reducing the risk of residual vulnerabilities from former vendors.

This not only saved time and resources but also ensured compliance with industry regulations, a crucial aspect of GRC (Governance, Risk and Compliance).

Robert Hanson explains their approach: "If I'm going to check my vendors, why don't I just check my vendors before I onboard those vendors? So now it's part of our TPRM (Third-Party Risk Management) process where we're redrafting our policy and procedures. As we're looking at bringing vendors on board to work with us, we're going to thoroughly assess them before granting approval. This proactive strategy sets the stage for using some of the advanced features that Ivanti’s EASM solution offers.”

Key features and benefits of Ivanti's EASM Solution

Ivanti's EASM solution has revolutionized the way organizations handle vendor management and cybersecurity. One of its most significant strengths is its ability to offer detailed recommendations for addressing vulnerabilities, making it particularly helpful for organizations with limited cybersecurity resources. This feature allows organizations to improve their vendor security without requiring additional personnel.

Another advantage of Ivanti's EASM is its use of CVSS scores to prioritize and resolve security issues effectively. By providing a standardized method for assessing vulnerabilities, organizations can concentrate on the most urgent threats. This feature is crucial in optimizing resource allocation and ensuring prompt resolution of critical issues.

According to Robert Hanson, “Ivanti's EASM reporting capabilities are regularly presented to the risk group and board, providing an overall picture of the bank's and its vendors' risks. It's a crucial solution in balancing the delivery of innovative products while safeguarding the bank's data and assets.”

Furthermore, Ivanti's EASM solution promotes collaboration between organizations and their vendors to improve security. This approach streamlines the vendor onboarding process, thanks to continuous monitoring and actionable insights provided by the solution. This encourages vendors to understand their vulnerabilities and take proactive measures to mitigate risks.

Jared Carver, President of Latest Solutions, notes that “Ivanti's EASM is effortless to implement from a partner's perspective, as most of the work is done by the product itself in the background. It eliminates the need for a dedicated team to manage these tasks for the organization.”

Besides these features, Ivanti's EASM solution also ensures compliance with GRC guidelines. By offering comprehensive exposure management, the solution enables organizations to meet industry standards and regulations.

This not only minimizes the risk of non-compliance penalties but also builds trust with customers and partners. The user-friendly and practical benefits of Ivanti's EASM solution make it an ideal choice for businesses seeking to improve their cybersecurity and vendor management strategies.

Plans for Ivanti EASM

Grand Bank’s implementation of Ivanti’s EASM solution hasn't only improved their current cybersecurity posture but also established a framework for a more secure tomorrow. The bank is strategically planning to deepen the integration of EASM within their GRC processes, creating a comprehensive security framework that's both resilient and flexible. This alignment will ensure that every facet of the bank’s operations, from internal controls to vendor partnerships, meets the highest security standards and regulatory mandates.

Looking ahead, Grand Bank plans to further integrate EASM into their GRC processes to create a more holistic security framework. This will ensure that all aspects of the bank’s operations, from internal controls to vendor relationships, are aligned with the highest security standards and regulatory requirements.

The bank will also use EASM to enhance their vendor management practices. Regular security assessments will be a cornerstone of their strategy, ensuring that vendors are continually evaluated, and risks are mitigated in real time. This proactive approach will help in vendor onboarding and maintaining strong, secure relationships with existing vendors.

As Grand Bank continues to move more of its services to cloud-based platforms, the role of EASM becomes even more critical. The solution will be key in identifying and mitigating risks that result from this transition, ensuring that the bank’s vendor security posture remains strong. By continuously monitoring the external attack surfaces of their vendors, Grand Bank can proactively address potential threats, thereby protecting their assets and maintaining customer confidence.

Additional resources and support

For more information on Ivanti, exposure management and how our solutions can benefit your organization, visit the Ivanti website. Additionally,  to find an authorized partner for support, visit the Ivanti partner area online. Last, join our upcoming live webinar with Ivanti and Grand Bank on December 12th, focusing on proactive protection through Exposure Management, featuring practical advice on improving your cybersecurity posture.

This blog post was enhanced by the contributions of Kalyan Vishnubhotia.