How to view the changes in a vendor’s attack surface over time

Learn how you can use UpGuard to track and monitor for changes in your vendors' attack surfaces

Written by Abi Tyas Tunggal
 

You can use your vendor’s risk profile to see the changes in their attack surface over time as far back as a year ago. The changes captured include scoring algorithm improvements, domains added or removed, and risks introduced or resolved.

To view the changes that occurred, log in to and head to your Vendors by clicking here or by clicking on Vendors in the left navigation.

Once you are on your Vendors page, click on the search bar and type in the company you want to explore. In this example, I’m using UpGuard.

Once you’ve found the vendor you’re looking for, click on their name to open up their Vendor Summary.

Once you’re on their Vendor Summary, use the left navigation to open up their Risk Profile.

Now that you’re on their risk profile, choose the timeframe you want to view the changes in. You can choose 1 month, 3 months, or 1 year.

Once you are happy with your selection, click and drag on the security ratings chart to select the period you want to view changes for. In the example below, I’ve chosen the period between Oct 15, 2021 and Nov 21, 2021. As you can see, a blue box has appeared around the page to indicate it is in “Changes View” and the selected timeframe is darker than the rest of the graph.

To view the changes that have happened in this timeframe, click View Changes.

When you click View Changes, the buttons will be replaced with an Exit Changes View button to reflect the different states. When you scroll down, you will see that the risks have been replaced by up to five containers:

  1. New domains detected: New domains that were detected and added to your risk profile along with their security rating.

  2. Domains removed: Domains that were removed from your risk profile and their security rating.

  3. Scoring algorithm changes: A notification that changes were made to our security rating algorithm during the selected period.

  4. Risks introduced: The risks introduced over the selected period, their severity, name, risk, category, and the domains that were affected.

  5. Risks resolved: The risks that were resolved over the selected period, their risk, category, and domains that were protected.

To choose a new timeframe or to exit the changes view, click Exit Changes View.

 

See also