3party-bg.png

Under the Hood

Simplicity is name of the game.
The backend has all the bits & bytes, leaving you with a clear dashboard for full visibility.
hero-fletform.png

How it Works

The platform inherently combines a hacker’s view of the third party together with an assessment of its internal policy.
work-img1.png
Panorays imitates thousands of hackers to uncover cyber gaps at the company.
work-img2.png
Normalized smart questionnaires are tracked and processed while enforcing internal and regulatory policy such as GDPR and NY DFS.

big data

Analysis is performed through a big data layer.

Context- based Ratings

Ratings that reflect the unique business and technology relationship between the company and the third party.

Actionable Insights

Panorays pinpoints the affected asset and provides a detailed description of the cyber-gap and easy to follow “how-to fix” instructions.

Test-a-3rd-partynew.png

Transparency in Ratings

Ratings are context-based, dependent on the unique relationship between the third-party and the company.
Ratings are aggregates of further detailed ratings ultimately based on thousands of tests and inquiry results.
It is possible to view a third party’s rating in the following structured manner:

Ratings-img.png

Context-based rating

A single rating based on a 0-100 scale, reflecting an overview of the third party’s cyber-posture based on the technological and relationship level between the company and the third party.

This rating captures both the “hacker’s view” of the third party and its internal policy.

Ratings-img.png

Rating per layer

An overall rating for each layer of the third party’s digital-perimeter , as captured by mimicking thousands of hackers performing reconnaissance.

Data is analyzed from more than 1000 known data sources as well as from Panorays’ own proprietary research.

Specifically, ratings represent the cyber-resilience of these two layers:

• Network & IT – Parameters involving DNS servers, SSL-related protocols, etc.
• Application – Parameters involving Web applications, domain hijacking and more.

Ratings-img.png

Ratings per parameter

All in all there are 13 evaluated parameters which compose the layers.

The rating for each parameter is a weighted calculation based on running thousands of “hacker view” tests.

Tests are performed as the third party’s assets are unveiled one by one.

Ratings-img.png

Severity of the cyber- gap

Each test that results in a cyber-gap is presented within the Panorays platform.

The platform pinpoints the affected asset and the corresponding issue.

The cyber-gap is clearly detailed and provides a “how-to” for easy remediation.

Ratings-img.png

Security inquiry rating

A specific rating representing the internal policy at the third party.

The rating is based on the third party’s responses to a security inquiry. The inquiry is a smart and automated questionnaire that is based on the business and technology relationship between the third party and the company, and prior knowledge obtained by the Panorays platform.

The Panorays platform provides a built-in inquiry, or a company can use their own customized inquiry.

The company may also decide on various weights for certain standards and can also decide which standards to mandate.

Ratings-img.png

GDPR readiness rating

A scale representing the third party’s readiness to the GDPR regulation.

The scale ranges from no readiness to full compliance.

Disputing a Finding

Every once in a while, a third party – or even the company – may want to dispute the rating. For example, it may happen that the unveiled asset is not under the possession of the third-party. Or, it may be that a company’s risk appetite is larger, allowing a third party to knowingly inject web code as part of their marketing platform.

Whatever the case, defining what is disputable is part of the third party-company relationship. We understand that. For that reason, the Panorays platform enables the option to dispute a test within the platform. Both the third party and the company are required to validate the disputed finding and agree to reject it. There is no need for emails, phone calls or any other out-of-band methods – all communication is performed within the platform and each side is notified in real-time.

Once both parties agree, the Panorays platform will automatically reevaluate the company, removing the disputed finding from the third party’s security rating calculation.

select-inmg.jpg

NEED TO KNOW MORE?

We believe in fair and accurate security rating principles. If you have any
questions, or comments on our security rating model, feel free to share and we’ll get back to you immediately.