Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

All security professionals know third-party risk management doesn’t stop after one risk assessment. What about the next vendor? Or the future risks the vendors you’ve already evaluated will inevitably endure? While completing even a single risk assessment can feel like an arduous journey when done manually, all successful TPRM programs continue long after assessment.

Sequenced event templates are pretty cool, but they were developed around the time that Risk-based Alerting (RBA) was developed in Splunk Enterprise Security. Additionally, they don’t have all the great context we can generate with the holistic picture provided by risk, so I want to provide guidance on how we would implement its equivalent in the RBA context as they are now deprecated in Splunk Enterprise Security 8.0. There are two approaches we can utilize that do slightly different things.

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant. And how Tripwire makes that process automatic.

It’s no secret that human error still plays a significant role in data breaches - despite ongoing security and awareness training. But how do we finally disrupt this trend? The answer lies in a new approach to human risk management.

Every day, stolen credentials are bought, sold, and exploited on the dark web, fueling account takeovers, data breaches, and financial fraud. Organizations must act fast to stop these threats before they escalate. Yet, traditional security tools struggle to detect compromised credentials before it’s too late. According to Bitsight’s upcoming State of the Underground 2025 report, leaked credentials surged by 24% and logs listed on underground markets rose by 13.2% in 2024 alone.

In our recent article on Continuous Threat Exposure Management (CTEM), we highlighted how exposure assessment platforms (EAPs) like Nucleus can support several critical phases of the CTEM framework. In that article, we intentionally separated the scoping step from the other technology-dependent CTEM stages. Scoping begins as a business- and process-driven exercise. However, doing scoping well and at scale relies more on having the right technology.

Riscosity has made it even easier to prioritize issues where data types are being shared by your Applications with 3rd party vendors by adding Confidence Scores to those data types. Users can focus in on the issues with data types that Riscosity had the highest confidence in determining without worrying about false positives.

If you’re a security analyst, you know the work never stops. Even after your team completes an extensive vendor risk assessment and remediation, you still need to write a report to share your findings with key stakeholders. And this work isn’t a walk in the park by any means. Writing a risk assessment report often requires hours (or even days) of summarizing information, repopulating graphs, and balancing technical details with clarity to cater to technical and non-technical stakeholders.

Organizations today move fast, but slow vendor approvals can grind everything to a halt. As companies increasingly rely on third-party vendors, slow vendor approvals create a serious security bottleneck. This slowdown costs organizations valuable time and resources—and leaves them open to security risks. It’s important to cohesively review and approve vendors to manage third-party risk, but organizations should be aware of just how long those approvals take.