Maintain constant, quiet, watch-FULL, view of your enterprise. Continuously monitor key technical and human resources. Monitor vendors, partners, affiliates, and potential merger/acquisition targets. Examine, investigate, and visualize your enterprise in EXACTLY the same way that a potential threat actor would do.
Merriam-Webster defines “vigilance” as
“the quality or state of being vigilant.”
Merriam-Webster defines “vigilant” as being
“alertly watchful especially to avoid danger.”
Our Due Vigilance service is very smart business. Sophisticated threat actors are moving their attacks upstream in the value chain. In order to compromise your enterprise, attackers increasingly first look to exploit a technical vulnerability, policy weakness, misconfiguration, or human error in a partner, vendor, supplier, or service provider you rely heavily on to do business or perform your mission.
Threat actors are well aware of the fact that your vendors, suppliers, partners, and others may have, out of necessity, login credentials or other privileged access to your systems. These privileges may include, Virtual Private Network (VPN), Remote Desktop Protocol (RDP), Cloud Storage, file management systems, industrial control systems, and many others. Threat actors work hard to identify and map these key enterprise relationships.