What is the difference between UpGuard Vendor Risk and UpGuard BreachSight?

Learn about the difference between UpGuard Vendor Risk, UpGuard BreachSight, and how they can work together.

Written by Abi Tyas Tunggal

The UpGuard platform has two main products:

  1. UpGuard Vendor Risk: A third and fourth-party security ratings platform that lets you rate, understand, and continuously monitor the security posture and risk of any company in the world. 

  2. UpGuard BreachSight: A first-party security ratings and identity breach detection engine that helps you continuously monitor your external security posture and detect data exposures and leaked credentials. 

UpGuard Vendor Risk Overview

UpGuard Vendor Risk is a third and fourth-party security ratings platform that lets you rate, understand, and continuously monitor the security posture and risk of any company in the world.

Akin to measuring credit risk with credit ratings, security ratings are used to measure cybersecurity risk.

UpGuard's security ratings are generated through the analysis of trusted commercial and open-source threat feeds, as well as non-intrusive data collection methods to quantitatively evaluate and continuously monitor the security posture of millions of companies. 

In addition to third-party security ratings, UpGuard Vendor Risk can help you:

  • Instantly and continuously monitor any organization

  • Scale your security questionnaire assessment process

  • Request remediation for third-party vendors

  • Manage your fourth-party vendor exposure

  • View proactively shared information about your vendor's security posture

  • Store documents about a particular vendor

UpGuard BreachSight Overview

UpGuard BreachSight is a first-party security rating and identity breach detection engine that helps you continuously monitor your external security posture and detect data exposures and leaked credentials.

Armed with security ratings, you'll be able to proactively identify, quantify, and remediate high-risk attack vectors fast.

In addition to first-party security ratings, UpGuard BreachSight can help you:

  • Monitor, manage and improve the external security posture of any Internet-facing asset

  • Request and track internal remediation requests

  • Detect, track and prioritize vulnerabilities detected across your IT infrastructure

  • Prevent typosquatting

  • Detect leaked credentials in known data breaches

  • Proactively discover data leaks before attackers do

  • Proactively share information about your security posture

What makes UpGuard different from other security rating providers is that we have an unparalleled ability to detect leaked credentials and exposed data before it falls into the wrong hands. 

For example, we were able to detect data exposed in a GitHub repository by an AWS engineer in 30 minutes. We reported it to AWS and the repo was secured the same day.

This repo contained personal identity documents and system credentials including passwords, AWS key pairs, and private keys. 

We were able to do this because we actively discover exposed datasets on the open and deep web, scouring S3 buckets, public GitHub repos, and unsecured RSync and FTP servers. 

Our data leak detection engine continuously searches for keywords provided by our customers and is continually refined by our team of security analysts, using the expertise and techniques gleaned from years of breach research.

The knowledge, techniques, and technology used to discover these data leaks are baked into the UpGuard platform. We process over 120 billion data points each day and are directly responsible for securing over 1.4 billion records. 

 

See also: