Watch this special, collaborated webinar session where Sagar Shah, Senior Manager of GRC at Corvus Insurance, and Yair Solow, Founder and CEO of Centraleyes, have an intriguing discussion focused on understanding the biggest pain points of cyber risk and compliance management for insurance policyholders, and provide priceless best practices on how to relieve them.
Learn how to:
- Utilize the power of automation and orchestration to reduce manual activities such as score correlation, building out risk registers and open gaps remediation
- Leverage smart mapping of common controls between frameworks to alleviate assessment fatigue and liberate InfoSec teams to focus on proactive risk mitigation
- Generate real-time dashboards with actionable insights and reports, and benchmark your progress over time with the click of a button
About Corvus Insurance
Corvus Insurance is building a safer world through insurance products and digital tools that reduce risk, increase transparency, and improve resilience for policyholders and program partners. Our market-leading specialty insurance products are enabled by advanced data science and include Smart Cyber Insurance® and Smart Tech E+O™. Our digital platforms and tools enable efficient quoting and binding and proactive risk mitigation. Corvus Insurance was founded in 2017 and is headquartered in Boston, Massachusetts with offices across the U.S., in the UK, and Germany. Visit corvusinsurance.com for more information.
About Centraleyes
Centraleyes is a next-generation GRC platform that gives organizations an unparalleled understanding of their cyber risk and compliance. The platform addresses the main pain points of GRC by providing no-code deployment with single-day implementation and onboarding, automation and orchestration of data collection and analysis, and real-time dashboards and reports that enable its customers to make smarter strategic decisions. This is truly cyber risk management reimagined.
Webinar Transcript:
Yair Solow:
Alright. We’re ready to get started. So just, you know, just the topic of today. We’ll start with that and then go in some introductions here, and then after that, go into some exciting topics we wanna go through. But let me just kinda get started with introducing the topic how to build a successful GRC program to help reduce your risk posture, and what is GRC anyways? Now we get that question a lot, and not everybody knows about governance risk and compliances. So we’ll touch on that a little bit on the fundamentals there and then talk about some of, I guess, the pain points that way, you know, the world is solving some of those challenges today in a more modern and automated way.
But before we get started, I’m Yair Solow, CEO of Centraleyes and Co-Founder. Thank you for being with us today, and I am honored and pleased to have a single guest here. Sagar, I’ll let you introduce yourself, but Sagar and I already have gotten to know each other quite well, and you know, learn a lot about each other as a company, then I will not steal your thunder and let you go for the introduction.
Sagar Shah:
No worries. Thanks, Yair. Thanks for everyone who joined. Sagar Shah, Senior Manager GRC at Corvus Insurance. A little bit about my background. I started off in auditing, IT controls, cyber controls, moved into more implementation, and cyber advisory work, realized that, you know, I’ve been out out in consulting life and advisory life for a while, so I moved in house into GRC and have been a tech space with an as part of GRC since then I’m excited to be here to talk through GRC.
Yair Solow:
Yeah. Not everybody’s so excited sometimes to discuss GRC, but I think you and I are seeing it from a different angle and love to share more of what we’re seeing in the world today. You know, maybe before we kinda go deeper into some of the new stuff, maybe just from the fundamental side, like, what is GRC? You know, and you know, what does that work look like? You know, I’ll give my side and I’d love to hear your thoughts, Sagar, but, you know, for me, you know, government interest and compliance is obviously a wide world about, you know, operational risk is being managed by organizations that have a lot of silos and in different processes, people, and technologies, and places that all have to at the end work together in an efficient way, and without a proper system in place that’s helping create governance there and then also measuring potential risk factors as well as meeting regulatory and certified compliance you’re going to fall short somewhere and then have it a very big setback to your business that could be something you didn’t foresee, and by managing this properly, you’ll be in a place where you’re much better prepared both to avoid those situations, but also to deal with them when they happen.
You know, and just bring it kinda double clicking it into our world. We’re very focused obviously on the cyber risk and compliance element of GRC. That is a world that, you know, has become pretty much the number one operational risk across enterprises globally. You know, there are very few risks that could knock a business out in one shop. The decider is certainly one of them, and unfortunately, we see that all happening more and more, and you know, I think that, you know, what we’re working on here is something that is exciting because it’s helping, you know, not the largest organization, but also smaller, midsize organizations addressed this in a much more mature and comprehensive way, leveraging technology automation and better practices in place. But we’ll love to hear kind of, you know, what does GRC look like from you from a fundamental place in your world’s sector?
Sagar Shah:
No. Definitely. I couldn’t agree more. I think when I think of GRC at a high level, what I think about is, you know, the business has objectives, has their goal, So making sure that the security and the IT goals align with those specific objectives, so it’s working in tandem, and then that in parallel with managing the security risk that the organization basis, as well as meeting any industry and contractual or regulatory needs. At a high level, that’s what I think GRC covers, specifically governance, like, governance I think of as building and developing the programs to address those security risks, and one supporting them, through those governance structures, like procedures, policies, controls so that there is a structure around those programs, and these are enterprise wide programs.
From a risk perspective, it’s really, you know, identifying, analyzing, supporting the mitigation and management security risks that the organization faces, and every organization there can be a common risk. There are the risks that are specific based on this industry. Based on the field that it’s in, that type of data it collects, so just understanding what security risks are applicable, and then from a compliance perspective, I mean, compliance and managing regulations is an ongoing thing. I feel like every year there are more regulations that come up, but just making sure that whatever controls and processes you have are in line with the regulations that your organization needs to adhere to.
Yair Solow:
Yeah. Completely a great description there, and I think that probably my compliance is one of the biggest challenges in today’s market because you know, the regulatory landscape is continuing to evolve literally by month. You know, we just saw us open out a new release recently of their 20701 framework there, and you see that across the board with privacy laws and information security acts, even on a global level, almost every country in the world, even if they’re a world country, and you see this you know, laws going out affecting just about every business on earth. So that’s something I think that we see as impacting a lot of companies globally in the US, which sometimes lags in this, you know, in this when it comes to privacy, you know, starting to catch up now at state level, you see more and more state issuing proxy acts there and that’s starting to affect the market as well, and you know, by the end of next year, you’re gonna have probably close to 20 states already with privacy laws in place.
So another challenge is on the horizon for a lot of US-based businesses. Maybe as, you know, just asking you, Sarah, what are some of the pain points that you’re seeing in the GRC market today and the way it’s being addressed, and where do people kind of get stuck very often when they’re trying to either implement for the first time or mature their program?
Sagar Shah:
Yeah. I think I see a few areas. I’ve faced it at companies I’ve been at, especially smaller to midsize organizations. One, well as larger companies, you know, that might have a bigger team. But I think the biggest pain point that I’ve seen is where to start. There’s lots of regulations. There are lots that can be done. But you can’t take on too much. So understanding where is it that I should start? What should I focus on? What frameworks to build it around, and getting a more longer term vision of what TRC looks like and doing it step by step helps as well as making sure how to obtain executive support. How to make sure that the needs of security and the needs of secure GRC is being translated appropriately for finance for budget or to the enterprise of, like, hey, these are programs that will need to loop in HR, need to loop in procurement, need to loop in IT, etcetera. So the buy in, including engineering, will get that buy in across.
Yair Solow:
Yeah. I think that that last point about the buy-in and just the executive kind of support is a very big challenge because I think at the end of the day, very often, you know, GRC and cyber and in general also has seen as cost center that, you know, just kinda spends money. Nobody really understands how it’s protecting, and it’s only after, like, a breach or things like that that people feel the real pain of not doing those. But I think that getting that buy in and not just realizing what the potential risks are in these kinds of the scare factor or the scare tactics that are used to do that, But even seeing the enablement of business sometimes through, right, better, you know, risk management, better do better compliance certifications.
Right? You see a lot of soft for companies today, meeting SOC 2, and you know, ISO 27 I already mentioned Mist and things like that, you know, implementing those best practices certainly something that can help you win business in the market. You know, we, as a company, face it every single time, we have a new customer. Right? We have large and large banks in the world using our platform today, and you know, none of these banks are going to use your platform if you’re not properly certified by you know, well known kind of accounting firm if you are not practicing the highest level of, you know, hygiene when it comes to cyber. So I think that that part is definitely a piece that we’re seeing also.
I think another piece that we see is very often in that, you know, with that getting started stage. So not just where you can start it from, but I think there are more and more control frameworks. Definitely like the NIST or CIS or things like that are helping you build out kind of a structure to work with. But it’s also an implementation onboarding piece that becomes a very big challenge. Right? If you think, you know, and people have had an experience of this very often, you know, saw it firsthand. You know, months. It could be 6 months. It could be a year or two years sometimes to implement the proper geography platform, and that’s something that, you know, we’ve been heavily focused on as a company of how do we, like, fix that problem because that’s a big problem, especially for small and mid enterprises.
In the market. The data collection analysis is another piece that we see as a very big pain point. Right? It’s very manual today. Not just that collection piece because everybody’s traded and just plugged from the unit works. That’s not gonna happen in the near future. There’s some of that happening and you know, we can talk about that later, but beyond that. Right? There’s actually most of the work in GRC happened after you collect the data. Right? You’ve collected this assessment. You need to analyze it. You need to identify the gaps. Build a, you know, a remediation plan, prioritize that, manage that. Right, and then you know, if you’re trying to meet a risk management, use you have to go through them and go to the risk register with all links too.
Right? That’s a very, very hard thing to do on your own today. Right? So I think there’s a lot of automation we talked about that comes in that analysis and kind of orchestration stage and the whole workflow management together with also integrations into, like, security tools and things like that. So that’s just some of the people I said we’re still picking up from our side.
Sagar Shah:
Yeah. No. I think I can’t agree more. I think one thing, you know, starting at this you know, at the get go of understanding what with the framework regulations, contractual obligations, whatever it is, one thing I know that we leverage centralized for and then we really appreciate it is, you know, we have regulatory side, you know regulations that at Corvus we need to adhere to, we have our own security framework that we’re, you know, managing. So we use NIST-CSF and CIS top 18, like a combination of those. As our, you know, what we establish our security program over, but then we also have, you know, contractual obligations like what our cyber insurance providers control that they require or what our investors require, what our stakeholders, anyone that they require, and I think a lot of the times these controls or these areas are intertwined.
Like, what the CSF calls out is pretty similar to maybe what I’m not even sure what to call it. For example, MFA. I’ve seen across almost every single thing that we needed here too, and so seeing it in siloed sometimes make it’s like, oh, it’s so much. But with centralized, we were able to connect the jobs between all of them and have a higher level view of, like, okay, these are all the requirements. A lot of them are belated, and so having that connection and have a consolidated view of all that really helps, and then from that, we’re able to take that and be say, do our current state and say, hey, this is where we are right now. These are the key areas that we wanna focus on, and then that goes into, like, what is our priority?
Yair Solow:
Yeah. No. It makes perfect sense, and yeah, I’m gonna share my screen every so often as you talk about some of the things that you guys have implemented. I think it’s interesting to see, you’re actually referring to the smart mapping feature we have in our platform today, which is an automated control cross walking feature. So now, once you’ve done one assessment with this, then you can automatically have that map to tens of other frameworks that you’re managing there, and you like you said, you have a lot of overlap and redundancy happening because it’s not just MFA. It’s probably, you know, if you do an application for, you know, insurance, it’s gonna be 50 percent of your older you already have collective, not more, and the same is true when you’re doing like this, you know, ISO, SOC 2, PCI, FFIC, and so on.
Right? So different regulations are going to, you know, help you achieve different goals. But if you can create efficiency between them, That’s where I think there’s, you know, a big opportunity because you can achieve a lot more. You can see on the screen here, this is kind of the collection center in our platform. That’s what Sagar was talking about. Especially when you manage these frameworks. You have a new CSF here. You can see here that, you know, SOC 2 has already started to fill out automatically. Based on that. Only, you know, 20 percent of this was done here and already 8 percent of the stock. Two were done here without a human being actually touching anything here, and our platform didn’t suggest other frameworks here.
They are mapping in real time here and showing you what the coverage is on those frameworks. So it’s pretty cool here that, you know, you might have you might have not plan to do a certain regulation or framework, but then you see you’re so close when you’ve finished with this because there’s such great overlap there that you can leverage that and then you know, put in place much more robust kind of frameworks and coverage there. So definitely, you know, an interesting point there, I think, around the mapping functionality. Maybe just also around the automation piece, you know, thinking about, you know, areas that use I mean, have you seen the market, maybe a question for you, sir, you know, the integration security tool and how that can help leverage some of your risk assessments there. You know, what are your thoughts on kind of that direction of being able to automate is part of the control assessment here, and so we’ll have to hear your thoughts.
Sagar Shah:
Yeah. Definitely. I mean, Now, as the amount of work in GRC grows, there are amount of assessments that need to be done and grows as well, and a lot of the time, these assessments might start with security, but it’s really looping in everyone across the enterprise to get the right answers, to get the right evidence, and if, you know, fingers crossed, and luckily, right now, we’re not in the point at Corvus where we need we have honors coming in from like a SOC 2 perspective. But, you know, in my past roles, when those things come in. It’s they might come to security. They might come to GRC, be like, hey, show us evidence of this control, and then you have to manually go, reach out to someone, email, transcribe time, it’s very manual.
I think having those integrations where, a, the evidence is already documented, it’s already coming in automatically, and I Ira show that. But b, having an owner identified and knowing exactly who to go to, where to go. Makes it also easier for the stakeholders to say, okay, I already know what this is asking. I know exactly where to do it, and especially in the automated integrations, one it’s continuously also checking that our is this control being met? Outside of when the auditor comes in throughout the year, continuously. If there’s an issue, we can immediately resolve it versus having to go back at the time one, we need to make sure things are good.
Yair Solow:
Yeah, and that that’s a great point because it’s moving from, like, a, you know, static kind of point in time assessment and like, audit style approach to compliance and risk to a much more continuous ongoing, which obviously makes you more secure. You’re not waiting till the end of your audited fix up everything last sec and you’re completely managing that. When you get to that end of your audit and the auditor comes, you literally can, like, export a report for the auditor here, and this provides them with all the evidence ready to go, and you know, the collection process here, like, you were talking about combines, right, that integration piece here. Automated sources of data that are checking, you know, different IPs and different scans here, creating a control effectiveness And actually, in some cases, you can see the integration live here, they’re actually answering questions here.
Right? So like you said, you can actually reduce some of that manual work or make it more continuous. You know, you can attach evidence as well, things like that here, and then it’s very easy for an order at the end to get all the data they need, and then you know, anything else you don’t want see, obviously, you know, you keep to your internal staff, but this really helps kind of orchestrate that whole piece of the data collection and and sharing, you know, when you have that end of your audit. So definitely, you know, cool stuff there I think on the on the kind of integration piece and the, you know, leveraging that compliance automation and tools and evidence collection with your risk practices there.
Maybe talk about a little bit of the other reports, just like thinking about. Right? We do all this work. What are our desired reports? What is that outcome that we’re really trying to get? Let’s start with, like, a risk management use case because risk and compliance are a little bit different. But, you know, when you’re running a risk management framework and then program, what are you looking to achieve at the end of that?
Sagar Shah:
Yeah. I mean, I think, really, it’s taking what we have in the risk rather which is a lot of information, but into a graphic or into a format, like a dashboard format that can easily presented when we talk to senior leadership, one talk to the board of this is what our security bases at this point. These are the different focus areas of products that we’re working one, and over time, this is how our risk is being improved. This is how over time, the work that we’re doing is coming to fruition in terms of reducing the risk that our organization faces, and then a broader view, which and I’ll use your screen example, is No. There might be a lot of critical risk.
There might be high, medium, but showing that security risks are always going to be growing. There are always gonna be new threats. There’s always gonna be new vulnerabilities that need to that come into play. But so security is not A11 done thing. So I think having a visualization of that helps so that the impact or the, yeah, the impact that security has to the organization can be seen. But also, it’s not that security is letting everything stay critical. We’re addressing things and it’s a continuous thing and having that dashboard view, I think, really helps with that.
Yair Solow:
Yeah. So I’m just maybe for those who are less familiar with the risk registers. Right? Risk registers really where are you gonna document your risk scenarios of your organization? You’re gonna and this is where it’s very differently compliant. Right? This is very relevant to your organization. You’re gonna document risk scenarios, which, you know, maybe everybody faces and maybe only you face, but you’re gonna try to build out a whole, you know, register here, which really is your own risk register, and you’re gonna document both the inherent exposure across each scenario. So, you know, what’s our kind of starting point there of exposure just based on the industry, the type of business, how we operate and other factors like that.
In calculating that impact, we attack on us versus the probability that it’s had happening, and then looking at, you know, the residual exposure, which is kind of the after, right, we’ve implemented controls here we’ve measured those controls here, and then now we can see how low is our residual exposure. In this example here, you know, you can see This is ransomware, right, everybody’s familiar with that. When we open this risk up, we can see the related assets here, the impact of probability, which creates a tighter exposure. All the controls in place are linked back to the collection process. We sort of report from the tools and from the surveys are automatically going to calculate what is the effectiveness of the controls here in place, which is then gonna automatically calculate what is our residual exposure here, and at the same time, we’re also gonna give a visual and also clickable output here to the tasks that we have open on this risk scenario.
So what are those gaps that we need to mitigate now? Right, that can be seen in our remediation center here and then manage those tickets as well. Right? So the ability kind of to bring this kind of ecosystem of, you know, each risk into the platform here in a way that it is living and breathing. Because if you imagine for a can do this in the spreadsheet. It’s very difficult to keep this up to date all the time. Right? One time, you can build this, but then imagine you’ll be documenting tens of hundred of risk scenarios And then then then you’re and things are trained to be every day. Some of it’s tool based, some of its survey based, some of its remediations, things are happening.
Some of its new threats and risks that have it didn’t exist in the past and can’t care about now. So the ability here to have a platform and tool that helps you manage one scale is quite powerful. Maybe I’ll hear I’ll kind of just mention, you know, one of the unique things about the risk register. In our case here, is that our register is the only one that builds itself up. So if you run a new CSF assessment in the platform today, Right? A little bit under 70 scenarios will prepopulate themselves into the platform here, and it gives you just this great starting point in the backbone to kind of you know, document scenarios that we’ve already used our research of years, working clients as to what are the most common risk scenarios in the market.
You as a company, they can hit and change or just state your world a little bit more accurately when they’re not perfect fit. You can also loop them, but then you can also build your own automated scenarios. But the idea is that all this is living and breathing all the time. So that, like Fire said, you could just, like, literally hover over here, see what these items are. Right? Click on them, and then see what their status is. So I think with one risk register perspective, that’s one output they were looking for here. Another one that I’ll, you know, call out that maybe, you know, again, it’s already hear your thoughts on this kind of a central dashboard to give you kind of visibility into what, you know, your current workflow statuses are or your exposure levels one, maybe some, you know, thoughts on this piece here of how this has helped you kind of manage the program from a more strategic standpoint.
Sagar Shah:
No. No. Definitely. Actually, before I touch on this, you can go back to the risk register. One thing that, you know, I found unique and I really appreciate it is if you click on one of the risks, on the left hand side, just one of them where it shows the yeah. If he shows the financial impact, if that was selective, and I think one question that we frequently get is, okay, what does this mean for the business? Like, what is the loss, and sometimes it’s hard to give a number because it’s bound to change. But if we can give an estimate based on using a the same format for everything. So if we create a primary loss of, let’s say, you know, whatever examples we put in here, we see the loss is 130 k, and then we say the cost to remediate this risk is bringing on a tool in doing XYZ, and the cost of that is 100 k.
I think presenting it in that sense is like, here is a loss. Here’s a probability of the loss of this occurring. The cost to immediate is this much. This is how much money we’re proposing to either mitigate that risk, bring that risk to Azure except the level. But having a number tag to it, I think helps in our conversations, especially with finance, when we talk about the budgetary constraints to your point that security might be asking for more budget, but having numbers tied to a loss as well is helpful. Yeah.
Yair Solow:
Yep, and they’re leveraging the fair model here as this calculator that you saw here is something that makes us much more treatable. This is a very complex thing to do on your own. We used to make it as easy as possible bow. It is still it is still some data input that you have to put in. But at the end, we brought it down to the sixth primary loss kind of, you know, factors here that help calculate that one, productivity response, replacement, competitive advantage, and then find the judgment and reputation here, one, then get calculated here in this primary loss, exposure number, which, like you’ve said, gives you another data point or prioritize what we wanna focus on from a remediation standpoint.
Forward. So, yeah, definitely a great point there, then maybe coming back to to the Yeah. The upper deck screen here, is really kind of that bird type view of your organization. Right? So you kinda get real time visibility into, you know, what is our risk exposure level or compliance status is where we’re up to an assessment one, remediation. You know, for you, Saginaw, you know, kind of happen you know, how the difference, I guess, from the before and after, right, when you did or didn’t happen at the dashboard in your in your case, and how does that affect some of the things decision making processes?
Sagar Shah:
Yeah. I would say there are two main areas that we’ve seen efficiencies in. One is time, you know, when we do we to my point earlier is in the CSF and CIS top 18. We would do assessments in Excel. Like, we would do our assessment, but then figuring out what does that mean from last year? Like how much did we improve? How much are we in compliance with? How much are there gaps that we’re working on? Things like that? All the time it took to create those dashboards and create that view that we can present to senior leadership, we can present to the board to show the improvements that we’re making. It was basically it was like a full time job.
I was just continuously doing that, and it was taking a lot of time, and here, assessments got over have a manual portion or some sort to do the assessments, but at least all that data is being brought in, and I can quickly go in and you know, using this example, show that here. This is how much we are compared to the industry. This is how much compared to last year. How many improvements we’re making in the different areas, and I think there is, yeah, by function. Where if we do it by a CSF, you know, I think a lot of a lot of organizations using a CSF and the diaphragm that it represents, and this, we can easily show, like, you know, through our investments, we have increased our maturity level in respond or risk recover, and we’re good if something were to occur, but we really need to focus on identify or protect or detect or whatever the data shows in it. Having data to support it from a visualization, that geographical representation, that the board can easily understand, or senior leadership can easily understand, I think helps with the takeaways that we have.
Yair Solow:
Yeah. I think this piece here is a perfect example of that ability to track progress over time. Like, this is impossible with any GRC or obviously spreadsheet today. So being able to pick any point to the history of your GRC program and say, well, we’re worried back then Wearing today across, you know, like you said, functions or domain and another way to break this down is, you know, a huge, huge advantage of leveraging a platform that’s archiving that data giving you real time reporting also. Because, you know, very often, it’s hard, and we talked about that before. Right? You know, cyber and VRC are seen as call centers. Nobody can really quantify that progress. Right? It’s it’s quiet.
Right? If you’re doing a great job, nothing’s happening, right, to be out to the naked eye. So how do you now articulate and communicate up where to say, look where we were. Look how much stronger we are today. Here’s where we’re deficient actually need to improve further and so on. This is a playbook management piece, but then also a way to communicate that upwards. I know we’re almost out of time. So I’m gonna stop sharing the screen now. You know, I know we have submitted any Q and A that people have questions about, please feel free to submit that now. I’ll also mention that, you know, following this session, if anybody is interested in the 30 minute session with our risk team we’d be happy to facilitate that, to learn more about how we can help automate and you know, orchestrate your cyber risk and compliance program.
There’ll be a link at the end, posted here shortly. But I guess the way I have two minutes, we’ll use for some questions that have come in here. So here’s the one question here. This is to you, Sagar. The Corvus question you’re aligned with existing frameworks or regulations.
Sagar Shah:
One, it not one to one, I will one. It’s not like a direct, like, hey, we pull everything. I think, you know, from a Corvus side, we use best practices, but I think the regulations or the frameworks that centralized has or that anyone can use, you know, being agnostic, NCSF or CIS or Isosoft, whatever framework that an organization might align with, the questions that Corvus asked. Align with those. So I think you could make a one to one connection whether you go to a tool or not. But I think, obviously, with the tool, it would make it easier.
Yair Solow:
Sure. Yeah. I think that, like, you know, the platform here, obviously, would allow you to segway from, you know, the NIST controls any application that you want to manage and very easily kind of map that data. But, I mean, I think like you said, as we’ve seen across the insurance industry in general, is it this pretty strong alignment today to those different standards? It’s kinda taking the best of breed from each one of those one, you know, bringing it into a pretty robust questionnaire. Most of the time, So I think we are you’ll see a lot of that alignment not just by Corvus, but, you know, across that industry in general. I think one.
Sagar Shah:
Yeah. Go ahead. One thing a question that I came across that, I know we didn’t touch on, and it’s only a minute. But what’s around the intelligence feeds and alerts that Centraleyes has, and I think in general, I think most security people know they will sign up to a bunch of, like, platforms or forums to make sure that they’re staying on top of security changes and not across just governance or compliance, but also, you know, like security feeds, and I know I have a bunch on Slack that I look at and also on centralized. I think the fact that you guys bring on the end is something that you wanna talk more about. Yeah. That’s right. In that case.
Yair Solow:
We have a dedicated research team that’s collecting qualitative information on the industries and types of companies that are, you know, clients today. So it’s rather across all kinds of different sectors there. There’s actually a free intelligence I mean, you know, report you can sign up for on our website. But for the platform, we’re getting, you know, a more robust view of real time intelligence both on your own posture and also on the industry as well. So you’re up to speed on things like, you know, the latest threats, vulnerabilities that are spreading as well, you know, zero days obviously, but then also things like regulatory change management, which is a big area. Right? As new regulations come out, as one get updated, our platform and our team become your eyes and ears to make sure that you’re up to speed both on those changes coming and how they’re going to affect you.
So definitely, you know, something that we can help with there. Yeah. I think we’re just one a time here. Maybe just the last question here, how many third party vendors organization management platform? I guess, somebody take a look at the website and we didn’t talk about the third party piece today. But, yeah, that that we have a vendor risk solution here is the second product in our platform. There’s no real limitation. You can manage thousands of vendors in the platform today. We have, you know, from the largest organizations in the world doing so, and you know, I think that that also it’s gonna leverage what Sogren is talking about, which is that intelligence feeds together with, you know, self-attestation, workflow management, non-vendors using different control frameworks there for vendor risk management.
I’m gonna conclude here. First of all, Sagar, thank you so much for your time. Always love talking to you, you know, privately. So I’m happy that everybody got there, you know, a little piece of your wisdom today and really appreciate all the insight. For everybody who joined today, really appreciate your time, and you know, like we mentioned, feel free to hit that link if you’re interested in learning more, and we hope to see you soon. Stay safe and stay warm in the winter. Take care.
Sagar Shah:
Bye, everyone. Thanks, Yair. Have a good one, everyone.
