Name: Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies
Start: 2025-02-11T17:00:00Z
End: 2025-02-11T17:00:51.000Z
Location: BrightTALK
Rating: 4.5

A global leader in Supply Chain Detection and Response,  SecurityScorecard empowers swift management and mitigation of critical third-party risks.

Our mission is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risk to their boards, employees, and vendors. Here, you'll find content filled with experts chatting through the evolving cybersecurity threat landscape, how to monitor (and remediate) your cybersecurity posture (and that of your vendors), potential regulation around cyber risk mitigation, and more!

You can monitor your organization's risk with a free account here: https://securityscorecard.com/free-account-trial/

“If you are solving problems at human speed, you are at a huge disadvantage, because your attackers are operating at machine speed.”

As cyber risk – in both the financial services sector and more broadly – accelerates at the pace of automation and AI, securing our future requires practitioners to be more strategic than the threat actors after our assets.

Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Peter Keenan (CISO, Lazard) as they discuss:
-- The evolution of the threat landscape 
-- How organizations can go from compliance to cyber resilience
-- Best practices on managing cyber risk within the financial services ecosystem

Save your seat today!

The CISO’s Take: Navigating Cyber Risk in Financial Services

“The best way to compromise a ‘secure organization’ was to go find the things they didn’t know about.”

Vulnerability management – within both the enterprise as well as the vendor ecosystem – is largely broken. 

Join Aleksandr Yampolskiy and HD Moore for this webinar discussing:
-- HD’s career arc from offensive to defensive security
-- how to better secure the enterprise and vendor ecosystem
-- the state of vulnerability management today and the future of cybersecurity

Save your seat today!

The CEO’s Take: Blind Spots in the Enterprise & Ecosystem

Your business relies on a complex network of suppliers. This creates opportunities for attackers. New research shows that over 70% of organizations experienced a material third-party cyber incident in the past year. Your current risk management strategy may not be enough to protect you.

This webinar explores the critical findings from our 2025 Supply Chain Cybersecurity Trends report. We surveyed nearly 550 global security leaders to understand the gap between perceived security and actual resilience.

Join us to learn:

- Why visibility is a critical failure point. Fewer than half of organizations monitor the cybersecurity of even 50% of their nth-party supply chains. Most companies are blind to their most significant risks.
- How leaders assess the impact of an attack. Breaches create a chain reaction of consequences. These include financial recovery costs, production downtime, and service delivery disruption.
- Why confidence may be an illusion. 88% of executives express concern about supply chain risks. Fewer than half are "very confident" they could maintain operations after a critical vendor incident.
- How to move from passive monitoring to active response. Many security programs rely on vendor questionnaires and cyber insurance. See why leading teams are integrating rapid incident response to build true operational resilience.

Beyond Prevention: Why Your Supply Chain Requires Real-Time Incident Response

When JPMorgan Chase released its open letter to technology suppliers, it reignited a long-simmering debate in cybersecurity: who is ultimately responsible for the security of SaaS applications? Is it the supplier building the platform or the enterprise configuring and using it?

SecurityScorecard is proud to host this episode of The SaaS Security Show, where Lior Yaari (CEO, Grip Security) and Adam Bixler (CPO, SecurityScorecard) discuss where responsibility falls, unpack the shared responsibility model, and challenge where that model succeeds and where it breaks down. This isn’t a finger-pointing exercise. It’s a raw, real discussion about accountability, trust, and where the burden should lie when securing the software we all rely on.

Save your seat today!

Who’s Responsible for Securing SaaS?

Au-delà d’un simple impératif de conformité ponctuel, les directives DORA et NIS2 établissent de nouvelles références réglementaires visant à garantir une résilience cyber sur le long terme.

Les cybermenaces ne s’arrêtent plus à la frontière de votre organisation — elles s’infiltrent via vos prestataires, partenaires et fournisseurs. Au cours de cette session, nous explorerons des stratégies concrètes pour garder une longueur d’avance :

- Identifier automatiquement l’ensemble de vos fournisseurs de 3ème, 4ème et n-ième partie 
- Passer d’une évaluation ponctuelle à une surveillance en continu de votre écosystème de façon instantanée
- Anticiper les risques en identifiant, évaluant et priorisant les vulnérabilités au sein de votre supply chain
- Satisfaire les exigences de reporting tout au long du cycle de vie d’un fournisseur
- Gagner en efficacité et automatiser vos flux de travail grâce à l'IA et à des connecteurs clé-en-main

DORA, NIS2 : Maîtriser les risques cyber liés aux tiers

“... 70% of organizations will face increased scrutiny of their third-party risk programs as regulators expand enforcement of supply chain and operational resilience requirements.”
— Gartner, 2024

As third-party breaches continue to escalate, regulatory pressure continues to rise. 

Join Devaney Devoe, Perry Robinson, and Phil Marshall in this webinar, where they’ll discuss:
-- the existing cybersecurity landscape and the threats shaping it
-- themes driving regulations and frameworks so you can future-proof your compliance program
-- how MAX delivers expert-led compliance support and cyber resilience—without the operational burden on your team

From compliance to cybersecurity resilience, we’re here to help you every step of the way.

Save your seat today!

Simplify Compliance with SecurityScorecard & Take Your Cybersecurity Program to the MAX

Is your supply chain a cyber risk blind spot? Vulnerabilities within your vendor ecosystem can severely impact your organization's security and bottom line. If you're grappling with limited visibility, complex supplier networks, and the constant threat of third-party breaches, this webinar is for you.

Join us to discover how a managed Supply Chain Detection and Response (SCDR) service, like SecurityScorecard MAX, transforms your approach to vendor risk. We'll explore:

- How to move from merely identifying risks to actively remediating them and building a stronger defense.
- How proactive, expert-led vendor engagement and continuous monitoring directly translate into significant cost savings and operational efficiencies. 
- The differences between traditional third-party risk management and managed supply chain detection and response,
- Best practices and success stories from your peers who have adopted this new approach.

Fortifying Your Supply Chain: The ROI of Managed Supply Chain Detection and Response

Join this technical session to learn how to implement key NIS2 and DORA controls using SecurityScorecard. We’ll cover critical supplier discovery, continuous monitoring, fourth-party risk, and automated compliance validation—plus a live demo on integrating these capabilities into your existing security stack.
Ideal for Solutions Architects, pre-sales engineers, and technical partners focused on cyber risk and regulatory compliance.

Implementing NIS2 & DORA with SecurityScorecard: A Technical Deep Dive

Threat actors move fast. We move faster.

From supporting U.S. law enforcement in major investigations (like Qakbot) to powering organizations’ threat intelligence operations, our STRIKE team supports both public and private organizations of all sizes to make the world a safer place.

Join Ryan Sherstobitoff, Zach Brija, and Gilad Maizles for this webinar to learn about:
-- the STRIKE team and tradecraft
-- how you can use STRIKE to secure your organization
-- and a quick preview of what’s coming up for the API

Save your seat today!

Inside STRIKE: The Threat Intelligence Powerhouse Driving SecurityScorecard

“In 2024, at least 35.5% of all data breaches originated from third-party compromises.”

Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Nick Schneider (President & CEO, Arctic Wolf) for this discussion on:
-- How to start and stay scrappy, even as you scale an organization
-- Using AI to augment human talent and be more valuable to customers
-- Making security work for both the enterprise and the vendor ecosystem

Save your seat today!

The CEO’s Take: Making Security Work

As cloud adoption accelerates, managing vendor risks is more crucial than ever. Join our panel discussion webinar with Paul McKay, Principal Analyst at Forrester, and subject matter experts as we explore strategies for overseeing vendor relationships in the cloud. This session will provide practical guidance and exclusive research to strengthen your approach.

Attendees will earn CPE credit and can engage directly with the panel by submitting questions, participating in interactive polls, and accessing cutting-edge insights.

Learning Objectives:
1. Understand Key TPRM Process Areas: Identify the critical areas of Third-Party Risk Management (TPRM) needing improvement, such as vendor onboarding, continuous monitoring, risk mitigation, and offboarding, to enhance organizational processes.
2. Evaluate Vendor Risk Indicators: Assess the significance of vendor certifications, transparency in sharing artifacts, and undisclosed integrations (e.g., LLMs) to determine their impact on effective vendor risk assessments.
3. Adopt Continuous Monitoring Practices: Explore the role of continuous monitoring and controls in TPRM to move beyond periodic questionnaires, enabling consistent visibility and risk management across third- and nth-party supply chains.
4. Leverage AI and Automation in TPRM: Examine how AI and automation can reshape TPRM processes, and identify key considerations for integrating these technologies to build adaptive, future-proof programs while avoiding new risks.

Managing Vendor Risks in the Cloud: Insights for Internal Oversight

With 98% of organizations experiencing vendor breaches, preparedness is critical. This webinar equips CISOs and security leaders with strategies to effectively manage third-party cyber incidents. Learn how to leverage a robust playbook to move from reactive scrambling to proactive resilience.

Attend to learn how to:

- Stop Scrambling: Implement rapid response frameworks.
- Communicate Clearly: Develop winning crisis communication plans.
- Become Proactive: Discover preventative best practices.
- Ask the Right Questions: Vet vendor cybersecurity effectively.
- Learn from the Pros: Gain insights from real-world scenarios.

Don't let vendors be your vulnerability. Join us to streamline response, communicate effectively, and build a stronger digital ecosystem against escalating third-party threats.

A CISO's Guide to Mastering Cyber Incident Response: Are Your Vendors Your Weakest Link?

Missed us at RSAC 2025? 

Join Ryan Sherstobitoff and Dr. Jared Smith for this on-demand version of their talk. Learn a bit about:
-- the STRIKE team and some research they've done, specifically around Volt Typhoon
-- SIGINT: the history of it and how we use it to power threat intelligence and more actionable vulnerability intelligence
-- how you can use our intelligence data to improve the cybersecurity of your organization

Save your seat today!

From SIGINT to Action: Prioritizing Attack Surface Threats with Intelligence

In an era of increasing cyber threats, organizations must assess the resilience of their digital supply chain. Third-party breaches have become a significant attack vector, exposing enterprises to risks that extend beyond their immediate control. This webinar will explore the impact of supply chain vulnerabilities, recent high-profile breaches caused by third parties, and how organizations can proactively mitigate these risks using SecurityScorecard’s platform. The session will conclude with a live demo showcasing SecurityScorecard’s capabilities in monitoring and managing third-party risks effectively.

Key Discussion Points:
● The growing threat landscape: Why third-party breaches are a rising concern
● Notable recent supply chain cyber incidents and their business impact
● Key risk factors that contribute to supply chain vulnerabilities
● Best practices for assessing and managing third-party cyber risk
● How SecurityScorecard provides real-time insights and risk mitigation strategies
● Live platform demonstration: How to assess and monitor your digital supply chain

Who Should Attend:
● CISOs, CROs
● Risk and Governance Team
● Vendor Risk Management Team

How Resilient is Your Digital Supply Chain? (APAC)

The healthcare industry is under pressure—and under attack. With cyber threats on the rise and SaaS adoption exploding across every department, the 2025 HIPAA Security Rule update is reshaping how organizations secure and govern their digital footprint. What was once a gray area is now black and white.

In this timely conversation, Lior Yaari, CEO & Co-Founder of Grip Security, and Avesta Hojjati, CTO of SecurityScorecard, will explore how healthcare organizations and business associates can meet the new mandates by closing visibility gaps, managing SaaS sprawl, and securing third-party relationships before they become compliance risks.

In this webinar, you’ll learn:
-- What HIPAA’s 2025 Security Rule updates mean for SaaS applications and supplier risk management
-- Why uncovering SaaS apps and vendors that bypassed security reviews is essential to compliance
-- How Grip and SecurityScorecard help healthcare organizations meet the new HIPAA requirements and strengthen cyber and operational resilience.

Don’t wait for an audit or an incident to reveal the gaps in your cybersecurity.

Save your seat today, and take the first step toward smarter, HIPAA-ready SaaS and SaaS-supplier security!

Healthcare in the Crosshairs: HIPAA Compliance for SaaS Apps & Suppliers

Using the world’s largest proprietary risk and threat data set, SecurityScorecard’s STRIKE Threat Intelligence Unit analyzed 1,000 breaches across industries and regions to uncover key attack patterns, measure the impact of third-party security failures, and identify the most commonly exploited vendor relationships. 

Join this webinar for critical insights and actionable strategies revealed in the 2025 Global Third-Party Breach Report. You will learn:

- Key statistics on the surge of third-party related breaches, including the fact that over 35% of all breaches in 2024 originated through this vector.
- Which industries are currently facing the highest rates of third-party breaches, with a focus on Retail & Hospitality, Technology, and Energy & Utilities.
- The significant connection between ransomware attacks and third-party access, with over 41% of ransomware incidents now starting through vendors.
- Targeted recommendations to match your risk management strategies to your specific industry, geography, and technology profile.
- Practical steps to mitigate fourth-party risks and demand "Secure by Design" principles from your vendors to strengthen your overall security posture.

Turning Data into Action: Key Findings from the 2025 Global Third-Party Breach Report

Despite the connection with Robert De Niro, we won’t be spoiling Zero Day for you yet. But there is a large intersection between the future of media, cybersecurity, and AI, and we’re excited to jump into it!

Join Aleksandr Yampolskiy (CEO & Co-Founder, SecurityScorecard) and Sandy Climan (President, Entertainment Media Ventures, Inc.) in this webinar, where they chat about:
-- The evolution of media and bridging Hollywood, Silicon Valley, & cybersecurity
-- Building trust in the age of cyber threats & misinformation
-- How AI is redefining risk & opportunity in cybersecurity & entertainment

Save your seat today!

The Media Mogul’s Take: Cyber & Storytelling in the Age of AI

DORA and NIS2 reinforce best practices for managing supply chain cyber hygiene, emphasizing a structured and compliant approach to information security. Join SecurityScorecard as we explore how these frameworks guide organizations in strengthening third-party risk management, enhancing resilience, and ensuring compliance. Gain practical insights on implementing effective security measures that align with regulatory expectations while proactively safeguarding your business.

Navigating Supply Chain Cyber Hygiene: DORA & NIS2 in the Spotlight

Too often, vendor risk management operates in a silo, focused on compliance checkboxes, while the SOC team is on the frontlines of threat intelligence and response. These two groups should be allies, but instead, they’re often working in isolation. That’s a problem because cyber risk isn’t just a compliance issue… it’s a threat issue.

Join Steve Cobb for this talk on:
-- the current state of TPRM within most organizations
-- how to us SOC intelligence to address TPRM challenges
-- tools, strategies, and best practices to overcome silos and boost your organization's cyber resilience.

Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies

Cyber Security

Cyber Resilience

Vendor Resiliency

Vendor Risk Management

TPRM

Third Party Risk Management

Security Operations Center

Threat Intelligence

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Breaking Silos with SCDR: How SOCs & TPRM Teams Drive Integrated Cyber Strategies

Presented by

About this talk

SecurityScorecard