Security news aggregator

Latest coverage for Vendor

Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.

Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.

Showing 2 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

Hornetsecurity Buys Vade to Fuel Strength in France, Germany

Joint Hornetsecurity-Vade Will Have More Geographic Reach, Microsoft 365 ProtectionHornetsecurity purchased French email security vendor Vade to expand its geographic footprint and protection capabilities around Microsoft 365 for small and midsized businesses. The acquisition of Vade will allow the joint company to have a strong presence in Europe's two most important markets.

Bank Info Security 2 years, 4 months ago

CrowdStrike to Buy Israeli Data Defense Vendor Flow Security

Data Security Posture Management Deal Will Help CrowdStrike Guard Endpoints, CloudsCrowdStrike plans to purchase a data security posture management startup led by an Israeli Defense Forces team leader to safeguard information across endpoints and clouds. The proposed Flow Security deal will give CrowdStrike visibility into cloud data flows and how data interacts with applications.