BlueVoyant CEO on How to Remediate Supply Chain Defense BugsJim Rosenthal on Why Supply Chain Tools Must Go Beyond Detection and Include Fixes
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, co-founder and CEO Jim Rosenthal says.
Existing supply chain security tools tend to generate lots of risk information but then put the burden on the client to interact with their suppliers about remediating that risk, Rosenthal says. Even large clients lack the internal staffing to interact with suppliers about software vulnerabilities or IT configuration issues at scale. BlueVoyant's willingness to work with suppliers on remediation sets the company apart (see: Senators Seek Clarity on DHS, DOT Cybersecurity Efforts).
"From the beginning at BlueVoyant, we've built the ability not just to detect and measure with accuracy cyber risk that an attacker would see in a supply chain, but also the ability to interact at scale with any supplier who's affected and make sure that they fix it," Rosenthal says. "So we're differentiated in that we do supply chain risk reduction and ongoing continuous protection, not just risk measurement."
In this video interview with Information Security Media Group, Rosenthal also discusses:
- The most critical investments for building out supply chain security practice;
- The most significant supply chain security issues for regulators and boards;
- What sets BlueVoyant's approach to third-party risk apart from rivals.
Rosenthal, who co-founded BlueVoyant in 2017, spent the previous six years as chief operating officer of Morgan Stanley, where he reported to the CEO and the board of directors for cybersecurity. Rosenthal is the recipient of the 2017 Critical Infrastructure Protection Award from the Financial Services Information Sharing and Analysis Center. He is the co-chairman of Sheltered Harbor, a consortium of major banks, securities firms, industry associations and technology service providers with the mission of preserving systemic confidence in the event of a cyberattack. He is the past chairman of the Securities Industry and Financial Markets Association and chaired its cybersecurity committee from 2014 to 2017.