Learn how to use Vendor Risk to understand and manage your potential supply chain exposure to the CrowdStrike incident
UpGuard is committed to helping organizations respond to the CrowdStrike incident on 19 July 2024 and ensuring they have the information needed to mitigate its effects across their third and fourth-party ecosystems. Using Vendor Risk, users can gain an understanding of how the CrowdStrike incident impacts their third and fourth-party ecosystem.
Learn more in this article and in this video walk-though:
Understanding which of your Vendors are affected by the incident
To help you understand which of your monitored vendors are affected by the incident we've added a Fourth Party Products filter to the Vendors page. To view your list of affected vendors, navigate to the Vendors page and select CrowdStrike Falcon from the Fourth Party Product filter.
You can also view your list of affected vendors on the Fourth Parties page by selecting CrowdStrike Falcon and expanding to view the side panel.
To make sure you have a comprehensive view of your 3rd and 4th party exposure level, you should check our list of potentially affected entities in Incidents and News and monitor all your potentially affected vendors and partners.
Understand your vendors' exposure level and management of the incident
Once you have a comprehensive view of which of your vendors are affected, you need to understand their exposure level and management of the incident to understand the risk to your organization. For any vendors for which you do not already have sufficient information, you can use our CrowdStrike Incident questionnaire. To simplify this process we have automatically enabled this questionnaire in your questionnaire library following the incident. As this is an incident specific questionnaire, this will not affect your vendors' risk profile or score.
To send the questionnaire, apply the CrowdStrike Falcon filter as outlined above, then navigate to the questionnaires page and select Send Questionnaire.
You will then be presented with a filtered list of potentially affected vendors. Select which ones you want to send the questionnaire to.
Once you have selected relevant vendors, select the CrowdStrike Incident questionnaire type and proceed with send questionnaire as per normal.
You can assess the level of risk to your organization and appropriate response based on your vendors' responses to this questionnaire.
Understand CrowdStrike's security posture
To help you get a better understanding of CrowdStrike's security posture, and manage impact to your organization, UpGuard have prepared and added a Crowdstrike risk assessment report available to all Vendor Risk users who monitor CrowdStrike. The report can be directly downloaded from the CrowdStrike vendor summary page.
To learn more about best practices and procedures for responding to this incident, refer to the UpGuard Blog Post.
See also
What is the 'Fourth Parties' module?