Back to Playbook Visit Our Blog

Capability
Dangerous Condition Hunting

Rapidly discover and act on third-party security events and material control failure conditions.

What

Rapidly detect and act on material third-party security events and dangerous control conditions.

Why

Minimize damage caused by third-party security incidents such as data loss, compromise, and system outage. Prevent dangerous control conditions from resulting in security incidents.

How

This capability is facilitated through implementation of the continuous surface risk assessment capability.

Monitor public and deep-channel sources for early insight into impactful events and initiate vendor incident response processes upon detection. Frequently analyze third-party surface security posture to identify dangerous conditions. Tactically engage third parties to address dangerous conditions, providing context to facilitate rapid remediation.

Practice Status Adoption
Define response procedures for handling third party breach events. Emerging 47%
Systematically monitor third parties for security events such as data breaches and security compromises. Emerging 30%
Formally maintain a list of ‘dangerous’ conditions that are specifically not allowed to be present in third-party environments. For example, the list might include Windows NT or WordPress 2.1. Pioneering 7%
Frequently monitor the results of continuous surface risk assessments to discover dangerous security conditions. Pioneering 13%
Tactically engage third parties to triage dangerous security conditions and pressing performance concerns. Pioneering 13%