Trustwave has unveiled its new Managed Vendor Risk Assessment (MVRA), a cyber supply chain risk assessment solution for enterprises and SMBs.

MVRA is now available globally. The service encompasses both an automated and specialist-led assessment. It’s built on a SaaS platform for use by organizations of all sizes.

Supply chain attacks rose by 42% in the first quarter of 2021 in the United States. That’s according to research from the Identity Theft Resource Center (ITRC).

Trustwave’s Nick Ellsmore

Nick Ellsmore is Trustwave‘s global head of strategy, consulting and professional services.

“MVRA is addressing one of the biggest issues across the cybersecurity environment right now: supply chain risk management,” he said. “MVRA is a productized, platform-based consulting offering that is perfectly suited to partners and the channel. Many consulting services are difficult to package up for the channel due to the custom nature of advice. So MVRA provides a great entry point for partners and the channel to add cybersecurity consulting services to their offerings to their clients.”

Customer Demand Fueled Service Development

MVRA has been built directly from customer demand, Ellsmore said.

“We have been delivering vendor security assessments and supply chain risk advisory services to clients through our cyber advisory practice for many years,” he said. “Working with both public-and private-sector clients from industries spanning banking, insurance, health care and research, we then took these custom assessment approaches and consolidated them into a single best-of-breed model, using the Findings.co platform for workflow automation, with Trustwave’s specialist consultants continuing to provide the analysis and expertise.”

Clients no longer have to execute dozens, sometimes hundreds, of vendor security assessments each year, Ellsmore said.

“At the moment, organizations largely have to choose between high-cost, high-touch custom assessments or low-cost, low-touch automated assessments,” he said. “The former is not scalable due to cost. And the latter has gaps in its effectiveness because of the difficulty in using technology to assess the people and process aspects of security maturity within a vendor. By using Trustwave’s expert consultants to assess client maturity, but using an efficient automated workflow and a vendor-friendly assessment approach, we increase the response rates, improve the quality of data, and ultimately reduce the risk of our clients’ exposure to vendors.”

For organizations just beginning their supply chain risk discovery process, Trustwave offers diagnostic services. The targeted assessments help organizations understand their ability to address today’s most pressing cybersecurity risks.