UpGuard Release Notes

Risk remediation requests now include both web and questionnaire risks

You can now send remediation requests that combine both automated web scanning and questionnaire-based risks, simplifying the process for you and your vendors. It’s also much easier to preview your vendor's projected score once the remediation request has been resolved, allowing you to consider your risk appetite for that vendor.

For help requesting remediation from a vendor, check out: ‘How to request remediation from a vendor’ 

Export Compliance reports into PDF and Excel

In October 2021 we released the compliance reporting feature which enables you to assess your vendor's risk profile against recognized security frameworks such as NIST CSF and ISO27001. You are now able to export these results into PDF or Excel formats for your auditors and other stakeholders.

Granular user permissions for Shared Profiles

You can now assign user specific permissions for your Shared Profile:

• Read access to the organization's Shared Profile
• Respond to Shared Profile access requests and invite people to view your Shared Profile
• Update Shared Profile questionnaires and documents, and set the Shared Profile to published

Check out the ‘Managing user permission for your Shared Profile’  for more information.

Other improvements

• Vendor comparison selection functionality has been restored and improved
• Control/Command clicking View questionnaires buttons will now open a new tab
• Various bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

New and improved risk assessments

Over 60% of cyber security incidents come from trusted vendors. Secure your data and prevent this from happening to your business with our new and improved risk assessments. You can now send questionnaires, request or use shared questionnaires and add additional evidence from inside a risk assessment. When the assessment is completed, set a reassessment date to make sure that you stay up to date with your vendor's risk profiles. Check out ‘How to complete a risk assessment’ for assistance in completing a risk assessment.

Apache Log4J - Critical Vulnerability Questionnaire and automated scanning

Control your Log4J critical vulnerability risk by sending your vendors our new Log4J questionnaire. We've also added an automated scan and verified vulnerability for Log4j CVE-2021-44228. This uses a basic detection mechanism as part of a GET request to a scanned domain, in order to keep our scanning as non-invasive as possible. It is important to note that the absence of this verified vulnerability does not mean that you or your vendors are 100% safe from this vulnerability, but the presence of the vulnerability means that you are likely exposed. Please see our blog post for more information on CVE-2021-44228 (Log4Shell) and how you can minimize your exposure.

Custom Domain for outbound emails

Tailor your workflow notifications to best represent your business, improving your vendors confidence and diligence at opening/fulfilling your requests. By default, notifications and invites to outside parties come from an UpGuard email address. Now customers with co-branding can set up a customized mailing address such as UpGuard@yourbusiness.com or set notifications to come directly from their own email address wherever possible. For help setting this up, check out the knowledge base article ‘Sending outbound emails from a custom address’.

Slack Integration

Get more value from UpGuard with the new Slack integration. You can create a Slack integration directly within UpGuard, enabling you to securely get the information you need from UpGuard, direct to Slack. You’ll be able to set up notifications to trigger directly into Slack, with the flexibility to display the information you need to act promptly.

Check out our ‘Setting up a Slack integration’ knowledge base article for help getting started.

VIP Identity breach list

The first question we hear our customers ask when an identity breach is reported is ‘are any of our executives exposed’? Now you’ll be able to get peace of mind by adding them to a VIP list within the identity breaches module. You can then set up a VIP identity breach notification to let you know when your VIPs are exposed in an identity breach. It might even be worth setting up a separate Slack channel for VIP identity breach notifications! For more information about the Identity Breaches module - check out this article. 

Other improvements

• Domains marked as belonging to you on the Domains screen will now be automatically set to “Owned by us” in Typosquatting
• A number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

Curated dark web incident reports 

Many organizations concerned with threat actors operating on the dark web lack visibility into actual activity on the dark web, relying on aggregated metrics of "hacker chatter" to detect and measure risk. Given that dark markets are notorious for scams, data reuse, and intentional misdirection to fool credulous observers, security analysts need visibility into raw data being published on the dark web to verify the veracity of the leak and assess any impact to their organization. UpGuard customers on the Professional tier and up will now see curated posts from ransomware leak blogs on the Incidents and News page tagged as Dark Web. 

Detection of Moodle vulnerabilities

Moodle vulnerabilities are now detected and reported in both BreachSight and Vendor Risk. Currently, it is not possible to detect software versions on many Moodle instances, so vulnerabilities from all versions of Moodle are shown. Stay tuned for further improvements to our Vulnerabilities module in the coming weeks, which should make dealing with this data easier. Learn more about how to use the vulnerabilities module in our knowledge base article “What is UpGuard BreachSight’s vulnerabilities module?”

Improvements to Shared Profiles‍

• Factor risks from shared profiles into risk profile, vendor summary, and associated exports.
• Include questionnaire scores from the vendor’s shared profile in overall vendor scores.
• Create risk waivers for shared questionnaire risks.‍
• Trigger notifications when a monitored vendor publishes or updates their Shared Profile.

Other improvements

• Ignore multiple unverified vulnerabilities at once with the select all option.
• This release includes a number of bug fixes.

IP address export now includes associated domains

When analyzing IP address information, it can be useful to see the list of domains associated with each IP address. Previously the PDF export of IP addresses showed the associated domains but the Excel version did not. 

We now include the domains associated with each IP address in both the PDF and Excel exports. For more information check out our knowledge base articles: 

• How to export your IP addresses
• How to export a vendor’s IP addresses or IP ranges

Other improvements

• This release includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

Bulk Import vendors, tiers and labels

In this release, we have added the ability to bulk import vendors to your monitored vendors list. You can do this by entering a list of domains or uploading a CSV. Using the CSV import capability also allows you to assign tiers and labels to new or existing vendors. For help using this feature, check out the ‘Importing Vendors, Tiers, and Labels in UpGuard’ knowledge base article

Custom notifications based on risk severity

You will now be able to create custom notifications that will alert you when a risk of a particular severity is identified for your company or your vendors. These notifications will also be available for integration via the webhooks functionality.

Risk framework mapping for compliance reporting

We’ve added the ability for you to assess a vendor’s risk profile by mapping risks against recognized security frameworks such as ISO 27001 or NIST CSF, making it easy to identify and remediate potential gaps. Check out ‘What is Compliance Reporting within UpGuard Vendor Risk?’ for more information.

New questionnaire UI 

You’ll also find a new UI for questionnaires, which will make it easier for your vendors to view, identify outstanding questions and ultimately complete questionnaires. Check out ‘How to send a security questionnaire in UpGuard Vendor Risk” for more information.

Other improvements 

• Ability to add custom logos to your shared profile.
• Ability to exclude specific questionnaires from a vendor's questionnaire score.
• More accurate remediation planner impact preview.
• News webhooks now include ‘source’.
• Various bug fixes.

Special thanks to our Beta customers who continue to provide valuable feedback as we continue to develop the UpGuard product to better serve your needs. 

Improved visibility of Questionnaire details within Shared Profiles

In this release we are shipping the first of many future improvements to the Shared Profiles functionality as we see this being something that can notably reduce the time it takes for you to consider, onboard, or review a vendor's security posture. First up we have improved the visibility of risks, scores and unanswered questions within Questionnaires in a vendor's shared profile.

Other improvements 

• Improvements to our web scanning services (focus on cloud service subdomains)
• Improvements to our domain scanning and verification
• Ability for customers to see UpGuard CyberResearch services.

Learn about new features, changes, and improvements to UpGuard this month:

Zapier integrations now available

We've added support for integrating with Zapier, an automation platform that connects to thousands of apps. If you have a Zapier account, you can now connect UpGuard to any other app that Zapier supports. For example, you could monitor new vendors in UpGuard when a Google Form is submitted, or get a phone call via Twilio when new data leaks are detected.

Check out our Zapier Integrations page for more workflow examples and read our guide to get started.

New page header design

In this release, we've revamped the design of our page headers to make it easier to find information relating to the page you're looking at.

Every page now has an information (i) icon that will show you a brief overview of what you can do, along with page-specific links to our Knowledge Base for further information.

When viewing pages related to vendors, the new page header also allows you to see vital information at a glance, such as vendor tiers and labels, and gives a consistent way to perform vendor-specific actions such as generating a vendor report.

We've also added breadcrumbs to help give context as to the location of the current page within our page hierarchy.

Help & Support menu

We've added a new Help & Support menu, which can always be found at the bottom left of your screen. You can use this menu for quick access to our Knowledge Base, to view our latest release notes, or to contact our sales and support teams.

Changes View export

When viewing the changes over time for your own organization, a subsidiary, or a vendor, you can now export this view to PDF. Simply click the Export button while viewing changes on the Risk Profile page.

Other fixes and improvements

• Viewing "passed checks" in the Risk Profile and Questionnaire screens now includes checks passed in in-built questionnaires
• Improve detection of wildcard subdomains