3rd Party Risk Management , Governance & Risk Management , Video

BlueVoyant CEO on How to Remediate Supply Chain Defense Bugs

Jim Rosenthal on Why Supply Chain Tools Must Go Beyond Detection and Include Fixes
Jim Rosenthal, co-founder and CEO, BlueVoyant (Image: BlueVoyant)

BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, co-founder and CEO Jim Rosenthal says.

See Also: How Enterprise Browsers Enhance Security and Efficiency

Existing supply chain security tools tend to generate lots of risk information but then put the burden on the client to interact with their suppliers about remediating that risk, Rosenthal says. Even large clients lack the internal staffing to interact with suppliers about software vulnerabilities or IT configuration issues at scale. BlueVoyant's willingness to work with suppliers on remediation sets the company apart (see: Senators Seek Clarity on DHS, DOT Cybersecurity Efforts).

"From the beginning at BlueVoyant, we've built the ability not just to detect and measure with accuracy cyber risk that an attacker would see in a supply chain, but also the ability to interact at scale with any supplier who's affected and make sure that they fix it," Rosenthal says. "So we're differentiated in that we do supply chain risk reduction and ongoing continuous protection, not just risk measurement."

In this video interview with Information Security Media Group, Rosenthal also discusses:

  • The most critical investments for building out supply chain security practice;
  • The most significant supply chain security issues for regulators and boards;
  • What sets BlueVoyant's approach to third-party risk apart from rivals.

Rosenthal, who co-founded BlueVoyant in 2017, spent the previous six years as chief operating officer of Morgan Stanley, where he reported to the CEO and the board of directors for cybersecurity. Rosenthal is the recipient of the 2017 Critical Infrastructure Protection Award from the Financial Services Information Sharing and Analysis Center. He is the co-chairman of Sheltered Harbor, a consortium of major banks, securities firms, industry associations and technology service providers with the mission of preserving systemic confidence in the event of a cyberattack. He is the past chairman of the Securities Industry and Financial Markets Association and chaired its cybersecurity committee from 2014 to 2017.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.