CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

Trustwave Launches First-of-Its-Kind Cyber Supply Chain Risk Assessment Solution for the Pacific Region

In The Face of Increased Concern About Vendor Cybersecurity Risk, Company Behind SolarWinds Vulnerability and GoldenTax Discoveries Creates Fully Scalable Solution

SYDNEY, AUSTRALIA – Trustwave, a leading managed security services provider focused on managed detection and response, has launched a first-of-its-kind cyber supply chain risk assessment solution for enterprises and SMBs in the Pacific region. The service, called Managed Vendor Risk Assessment (MVRA), gives organizations access to deep, fully scalable cybersecurity vendor assessments formerly prohibitively expensive.

Demand for this solution has been driven by organizations increasingly reliant on external vendors for the provision of data processing and storage services, as well as a range of other cloud-based or security-sensitive services. Greater outsourcing and deeper integration with vendors means heightened supply chain risk exposure.

In addition, recent supply chain breaches discussed extensively in the media, including the SolarWinds Orion breach, have raised awareness of the need to move away from ad hoc vendor assessments or those built solely on technology which frequently miss vulnerabilities or lead to bad commercial outcomes for both parties.

“Part of the reason we built MVRA is our concern for the cyber resilience of the enterprise space. We are encountering gaps in organizations where vendors are left unassessed because of the perceived cost. MVRA gives organizations the ability to assess a large number of vendors with a consistency of measurement not possible before while still leveraging the expertise of genuine security consultants. For these organizations and the wider community, scalability brings safety,” said Nick Ellsmore, global head of strategy, consulting & professional services at Trustwave.

Ellsmore said that MVRA is a solution informed by decades of real-world consulting experience on the cybersecurity frontlines married to best-in-class risk assessment technology.

This technology has been developed by Findings  whose platform is a global solution of choice in VRM automation for enterprises and vendors of all sizes. By automating the labour-heavy process of vendor assessments, Findings allows for fuller coverage of the organization’s supply chain, and therefore heightened security and lower supply chain risk.

“While conventional methods apply a Pareto cutoff to invest their manual resources in some of their vendors, current attacks have shown this approach’s vulnerabilities and the need for wider coverage,” says Kobi Freedman, co-founder and chief executive officer of Findings. “Security friction is becoming a global challenge on supply chains, whether from regulatory or objective risk.”

Ellsmore added, “MVRA uses Findings’ technology to accelerate and harmonize critical elements of the audit. Riding on top of this is a layer of experience and strategic human cybersecurity thinking specifically applied to deliver the best outcomes.”

“It takes people to assess people. Purely technological solutions to the vendor supply chain risk are sometimes adequate but often come up short because they tend to minimize real risk while amplifying smaller risks. They don’t apply a business thinking lens.”

Ellsmore also said that part of the challenge is what he calls “Go/No Go” decisions about third-party suppliers. These decisions are being made without enough information and consistency. For example, a fully automated supply chain assessment might lead a company to rule out a vendor too quickly without considering the business implications.

“What we’re seeing is unintended cybersecurity consequences,” Ellsmore said. “A marketing department, for instance, gets rid of a very effective customer engagement technology based on a superficial vendor risk assessment, only to find three months later everyone on the team is surreptitiously using a handful of different, unvetted solutions to fill this gap.”

Based on 25 years of cybersecurity services experience and thousands of risk assessments, the service encompasses both an automated and specialist-led assessment, built on a software-as-a-service (SaaS) platform that is easy to use by organizations of all sizes.

The MVRA service provides:

  • Streamlined process to onboard vendors and collect essential data, including penetration test reports, audit reports, and technical and organizational data;
  • Comprehensive security maturity questionnaire built on the NIST Cybersecurity Framework that is both reasonable and realistic for vendors to complete;
  • A further review of each vendor’s responses and data conducted by a skilled Trustwave specialist who understands possible indications and implications of vendor risk. Each answer and security asset is reviewed by our experts for completeness and accuracy;
  • For each vendor assessed, a report is delivered within eight days. The report identifies the vendor’s maturity and risk rating on a consistent scale, helping clients understand the potential risk exposure as it pertains to the nature of their business – the type of system, sensitivity and volume of data, and nature of the supply chain link;
  • Assessment reports also importantly deliver an impact analysis with recommendations for remediating gaps and issues for each vendor.

For more information about Managed Vendor Risk Assessment (MVRA) from Trustwave, please contact You can also view our offering overview here.

About Trustwave

As a recognized global cyber defender that stops cyber threats all day, every day – we enable our clients to conduct their business securely.

Trustwave detects threats that others can’t see, enabling us to respond quickly and protect our clients from the devastating impact of cyberattacks. We leverage our world-class team of security consultants, threat hunters and researchers, and our market-leading security operations platform to relentlessly identify and isolate threats with the right telemetry at the right time for the right response.

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security. Our elite Trustwave SpiderLabs team provides award-winning threat research and intelligence, which is infused into Trustwave services and products to fortify cyber resilience in the age of advanced threats.

Latest News Releases

Trustwave Named a Major Player in New IDC MarketScape on Worldwide Cybersecurity Consulting Services

CHICAGO – April 3, 2024 – Trustwave, a leading cybersecurity and managed security services provider, was named a Major Player in the IDC MarketScape: Worldwide Cybersecurity Consulting Services 2024...

Read More

Trustwave Adds Threat Intelligence as a Service to its Offensive Security Offering Portfolio

CHICAGO – April 2, 2024 – Trustwave , a global cybersecurity and managed security services leader, today announced the launch of Trustwave Threat Intelligence as a Service (TIaaS). Trustwave TIaaS...

Read More

Trustwave Welcomes General Availability of Microsoft Copilot for Security

Chicago — April 1, 2024 — Trustwave, a leading cybersecurity and managed security services provider, today celebrates the general availability (GA) of Microsoft Copilot for Security. Trustwave was a...

Read More