Black Kite is the only open standards-based cyber risk assessment tool that analyzes your entire supply chain’s security posture across technical, financial, and compliance dimensions. Black Kite utilizes MITRE’s Cyber Threat Susceptibility Assessment (CTSA) methodology along with Passive DNs service, web search engines, Internet-wide scanners to gather, and a wide array of Open Source Intelligence sources to build a comprehensive understanding of a third party’s cyber risk posture. All you need to provide is the email domain of your third party.
With a deep understanding of the cyber risk posture of an organization, Black Kite provides a set of high level ratings, such as a Technical Cyber Rating, susceptibility to ransomware (RSI™), & previous data breaches (DBI). Combined with a continuous monitoring approach, which surfaces critical vulnerabilities or leaked credentials, these indicators represent the past, present and future cyber security risk a third party organization poses. Organizations can also take a proactive approach to third party risk management by kicking off response workflows to spikes in RSI™ or new FocusTags™ for exploitable vulnerabilities found on a third party’s attack surface.
Black Kite additionally provides an AI cyber assessment capability that can parse dozens of documents in just a few minutes, mapping them to thousands of controls across standard and custom frameworks. Organizations are able to cut weeks from their third party cyber assessment process and focus on just a few gaps instead of questionnaires with hundreds of questions. Black Kite’s cyber intelligence is also used to verify that controls within the documentation are correctly implemented and identifies them as gaps using cyber intelligence. The compliance information and cyber intelligence are combined for Cyber Risk Quantification, using the Open FAIR™ model, to give an accurate vendor risk tier to the organization.
Black Kite’s Third Party Risk Management (TPRM) integration with ServiceNow infuses all of these capabilities directly in the TPRM module’s workflow. Without leaving ServiceNow, users can view the high-level cyber ratings to quickly evaluate the cyber risk of a vendor, accurately tier vendors with the Open FAIR™ model, and accelerate cyber compliance assessments using Black Kite’s AI capabilities.
The integrated solution enables organizations to conduct cyber assessments in hours, not months, and scale their TPRM programs to thousands of assessments a year.
The Black Kite TPRM Application enables the power of Black Kite Multi-dimensional view of Third Party Cyber Risk & Assessment AI Agent to accelerate Third Party Cyber Assessments and Continuous Monitoring.
-
Quickly understand the cyber hygiene of any third party within minutes, enabling organizations to automate cyber assessment onboarding for low and medium tier vendors
-
Utilize multiple dimensions of cyber risk to better assess a third party and what risk they pose to your organization
-
Appropriately tier vendors with cyber risk quantification based on the Open FAIR methodology
-
Accelerate your Third Party Assessments by collecting, uploading, parsing, and mapping multiple compliance documents simultaneously to dozens of compliance frameworks and instantly identify compliance gaps in minutes
-
Continuously monitor your third party ecosystem for current and emerging cyber risk and build extensive multi-team response workflow
-
Enable the Enterprise to solve the Third Party Risk challenge with the power of actionable & high fidelity third party intelligence in Black Kite and the power of ServiceNow’s workflow and collaboration platform
Ability to drive the following actions from the ServiceNow TPRM workflow through Due Diligence Requests or Engagements:
-
Ability to Start & Stop Monitoring a Vendor from ServiceNow
-
Vendor Risk Rating Visualizations Embedded in the Vendor, DDR, & Engagement view
-
Interactive FAIR risk quantification for third parties
-
Ability to use AI to parse multiple documents
-
Pull Compliance gap analysis for into DDRs & Engagements
-
Pull Black Kite reports into DDRs & Engagements
-
A Black Kite Rating dashboard across all monitored vendors
-
All Ratings & Trends Tables for Continuous Monitoring
-
Application logs to debug any possible issues
-
The application registers Black Kite as a TPS provider.
-
Ability to configure Black Kite API settings for connectivity
-
Synchronize Black Kite security scores for ServiceNow Vendors
-
Synchronized ratings include; technical security score, compliance score, detailed financial score, data breach index, ransomware susceptibility index, and FocusTag™ for continuous monitoring use cases
-
Synchronized financial and technical trend data to under the historical cyber performance of a vendor
-
An out of the box Third Party Ecosystem Dashboard to quickly assess the state of third parties
Requires Plugin: Third-party Risk Due Diligence 20.0.0
-
Third-party Risk Due Diligence 20.0.0