Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Investment Portfolio Risk

Investment Portfolio Risk

Section titled “Investment Portfolio Risk”

5 automated security scanners

PE Fund Exposure

Section titled “PE Fund Exposure”

Purpose: The PE_Fund_Exposure Scanner is designed to identify shared vendor exposure and common investment portfolio risks by analyzing public records, OSINT sources, and financial disclosures. This tool helps organizations assess the potential impact of third-party vulnerabilities on their investment portfolios.

What It Detects:

  • Shared Vendor Exposure: Identifies instances where multiple companies share the same vendors, indicating a higher level of dependency and potential risk.
  • Third-Party Risk Factor Disclosures: Extracts risk factor disclosures from SEC EDGAR filings related to third-party dependencies, highlighting potential risks associated with these dependencies.
  • Technology Stack Disclosure: Analyzes job boards and LinkedIn profiles for technology stack information that indicates shared vendor usage, which can impact the security posture of an organization.
  • Security Incident Coverage in News: Searches news articles for security incidents involving shared vendors, identifying patterns indicating vulnerabilities or breaches affecting multiple companies due to shared vendors.
  • Breach History on HaveIBeenPwned: Checks breach history using the HaveIBeenPwned API for domains and subdomains associated with the company, detecting past data breaches that could affect shared vendor exposure.

Inputs Required:

  • domain (string): The primary domain to analyze, such as acme.com.
  • company_name (string): The company name for statement searching, such as “Acme Corporation”.

Business Impact: Assessing the potential impact of third-party vulnerabilities on an organization’s investment portfolio is crucial for maintaining a secure and resilient security posture. This scanner helps in identifying shared vendor exposure and common risks that could lead to significant financial losses or operational disruptions if not managed properly.

Risk Levels:

  • Critical: Conditions that pose the highest risk of data breaches, unauthorized access, or severe financial loss due to third-party vulnerabilities.
  • High: Conditions indicating high potential for negative impacts on operations and security from third-party dependencies.
  • Medium: Conditions suggesting moderate risks associated with third-party services but manageable within current security frameworks.
  • Low: Conditions that indicate minimal risk or are easily mitigated through existing controls.
  • Info: Informative findings that provide general insights into technology stack and vendor usage, without significant impact on the organization’s security posture.

If specific risk levels are not detailed in the README, they have been inferred based on the scanner’s purpose and potential impacts.

Example Findings:

  • “We were notified of a security incident involving our third-party vendor, indicating a critical dependency that needs immediate attention.”
  • “Experience with AWS and Azure in our cloud infrastructure suggests high exposure to cloud provider vulnerabilities that could affect service availability.”

Acquisition Security Due Diligence

Section titled “Acquisition Security Due Diligence”

Purpose: The Acquisition Security Due Diligence Scanner is designed to uncover hidden security issues and undisclosed breaches by analyzing public records and open-source intelligence (OSINT) sources. This tool assists in identifying potential vulnerabilities and past incidents that might not be publicly disclosed, ensuring comprehensive due diligence during acquisition processes.

What It Detects:

  • Breach Mentions in Public Records: Identifies mentions of data breaches, security incidents, unauthorized access, and compromised systems using specific regex patterns.
  • Technology Stack Disclosure: Detects mentions of technology stacks used by the company, which can indicate potential risks or vulnerabilities.
  • Certification Claims: Identifies claims of security certifications that may be relevant to the company’s risk profile.
  • Subdomain Discovery: Discovers subdomains associated with the company’s domain using Certificate Transparency logs to identify potential attack surfaces.
  • Security Advisories and Code Vulnerabilities: Searches GitHub repositories and code for security advisories and known vulnerabilities related to the company’s technology stack.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial during the due diligence phase of an acquisition as it helps uncover potential security vulnerabilities and past incidents that might not be publicly disclosed, ensuring a thorough assessment of the target company’s cybersecurity posture before the transaction.

Risk Levels:

  • Critical: Conditions where there are explicit mentions of severe breaches or unauthorized access in public records.
  • High: Conditions where technology stacks used by the company indicate significant risks or vulnerabilities.
  • Medium: Conditions where claims of security certifications do not fully align with the company’s operations or technologies.
  • Low: Conditions where minor discrepancies in technology stack disclosures are found, potentially indicating lesser risks.
  • Info: Conditions where inconclusive evidence is detected but does not significantly impact the acquisition decision.

Example Findings:

  • “Data breach incident reported on our security page.” - Indicates a significant risk due to public disclosure of a data breach.
  • “Experience with AWS and Kubernetes mentioned in job listing.” - Suggests potential exposure to high-risk technologies that could affect the company’s operations.

Security Driven Investment Timing

Section titled “Security Driven Investment Timing”

Purpose: The Security-Driven Investment Timing Scanner is designed to detect potential vulnerabilities and improvements in a company’s security posture by identifying mentions of data breaches, unauthorized access, compromised systems, and announcements related to security enhancements. This tool aims to assist investors in assessing the risk associated with investing in companies whose security measures may be compromised or lacking in effectiveness.

What It Detects:

  • Breach Disclosure Mentions: Identifies mentions of data breaches, security incidents, unauthorized access, and compromised systems within company documents and communications. This includes patterns such as “data breach”, “security incident”, “unauthorized access”, and “compromised”.

  • Security Enhancement Announcements: Detects announcements related to improvements in the company’s security measures or certifications like SOC 2 Type I/II, ISO 27001, PCI DSS, and HIPAA compliance.

  • Technology Stack Disclosure: Identifies mentions of specific technologies used by the company, such as AWS, Azure, GCP, Kubernetes, Terraform, Ansible, Docker, Splunk, Datadog, or Elastic.

  • Subdomain Discovery: Utilizes the crt.sh API to discover subdomains associated with the company’s domain using Certificate Transparency logs.

  • Breach History: Checks the company’s domain against breach databases to identify any historical breaches through the HaveIBeenPwned API.

Inputs Required:

  • domain (string): The primary domain of the company being analyzed, such as “acme.com”.
  • company_name (string): The name of the company, used for statement searching and to contextualize findings in reports, e.g., “Acme Corporation”.

Business Impact: This scanner is crucial for security analysts and investors who need to understand the potential risks associated with investing in companies whose cybersecurity measures may be compromised or lacking in effectiveness. By identifying vulnerabilities early on, stakeholders can make more informed decisions about investment strategies.

Risk Levels:

  • Critical: Conditions that directly lead to significant data breaches or unauthorized access are critical. This includes any breach disclosure patterns and immediate security enhancements not meeting industry standards.

  • High: Conditions that indicate potential severe vulnerabilities in the company’s security measures, such as unaddressed unauthorized accesses or high-risk technology usage without proper disclosures.

  • Medium: Conditions that suggest moderate risks, such as mentions of specific technologies without clear integration plans or incomplete security enhancement announcements.

  • Low: Informative findings related to minor vulnerabilities or missing information in the company’s disclosures, which may not significantly impact investment decisions but are still relevant for monitoring purposes.

  • Info: General informational findings about technology usage and breach history that do not directly affect risk levels but provide baseline insights into the company’s technological footprint and security posture.

If specific conditions for each risk level are not detailed in the README, these descriptions are inferred based on the purpose of the scanner to assess investment risks.

Example Findings:

  • “The company recently disclosed a data breach affecting thousands of customers.”
  • “Acme Corporation has not announced any security enhancements despite multiple incidents reported by competitors.”

Supply Chain Investment Overlap

Section titled “Supply Chain Investment Overlap”

Purpose: The Supply Chain Investment Overlap Scanner is designed to identify potential conflicts of interest and trust issues within a company’s supply chain by analyzing vendor ownership connections, investment trust indicators, subdomain discovery, news and media coverage, and SEC filings analysis. This tool helps organizations assess the security posture and manage risks associated with third-party vendors.

What It Detects:

  • Vendor Ownership Connections: Identifies shared investors or board members between a company and its vendors, which could indicate a lack of independence.
  • Investment Trust Indicators: Looks for mentions of investment partnerships, joint ventures, or equity stakes in vendor companies, as well as significant investments that may influence trust relationships.
  • Subdomain Discovery: Uses Certificate Transparency logs to discover subdomains associated with vendors, which might suggest hidden connections not immediately apparent.
  • News and Media Coverage: Searches for mentions of vendor relationships and investments within news articles, press releases, and job boards, providing context on trust and ownership ties.
  • SEC Filings Analysis: Parses SEC EDGAR filings for risk factor disclosures that mention vendor relationships or supply chain dependencies, highlighting potential financial risks.

Inputs Required:

  • domain (string): The primary domain of the company to be analyzed (e.g., acme.com).
  • company_name (string): The name of the company for which statements are being searched (e.g., “Acme Corporation”).

Business Impact: This scanner is crucial as it helps in uncovering hidden dependencies and potential conflicts within the supply chain, enabling organizations to make informed decisions about vendor relationships and potentially mitigate risks associated with third-party vendors.

Risk Levels:

  • Critical: Conditions that directly impact critical business functions or significant financial exposure due to vendor issues.
  • High: Conditions that significantly affect operational efficiency or have a substantial potential for negative impacts on the organization’s reputation, but do not meet the criteria for Critical.
  • Medium: Conditions that may lead to minor disruptions or risks that can be managed through standard procedures and controls.
  • Low: Conditions with minimal risk impact that might require attention due to their nature but generally do not pose significant threats.
  • Info: Informational findings that provide insights into the supply chain structure without immediate security implications.

If specific risk levels are not detailed in the README, they have been inferred based on the purpose and potential impacts of each detection point.

Example Findings:

  • A company might discover a significant investment by its CEO in one of their vendors, which could be flagged as High Risk due to potential conflicts of interest.
  • An unusual subdomain identified through Certificate Transparency logs might be considered Medium Risk, signaling the need for further investigation into any hidden relationships with that vendor.

Cross Portfolio Vulnerability

Section titled “Cross Portfolio Vulnerability”

Purpose: The Cross-Portfolio Vulnerability Scanner is designed to identify systemic vulnerabilities across investments and common platform risks by analyzing public records and open-source intelligence (OSINT) sources. This tool aims to detect potential security issues, breach history, technology stack disclosures, and certification claims that may indicate underlying vulnerabilities in a company’s investment portfolio.

What It Detects:

  • Breach Mentions: Identifies mentions of data breaches, security incidents, unauthorized access, and compromised systems. This includes patterns such as “data breach,” “security incident,” “unauthorized access,” and “compromised.”
  • Tech Stack Disclosure: Detects disclosures of specific technology stacks used by the company, which can indicate potential vulnerabilities in those technologies. Examples include mentions of AWS, Azure, GCP, Kubernetes, Terraform, Ansible, Docker, Splunk, Datadog, and Elastic.
  • Certification Claims: Identifies claims of certifications that may indicate compliance with security standards. This includes certifications like SOC 2 Type I/II, ISO 27001, PCI DSS, and HIPAA compliance.
  • Subdomain Discovery: Discovers subdomains associated with the company’s domain, which can help identify additional attack surfaces. The scanner utilizes Certificate Transparency logs (crt.sh) for this purpose.
  • Security Advisories and Code Vulnerabilities: Searches for security advisories and code vulnerabilities in public repositories on GitHub. This includes analyzing code search results for known vulnerabilities or risky practices.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for assessing the security posture of a company’s investment portfolio by identifying potential vulnerabilities, breach history, and compliance issues across various domains and technology stacks. Understanding these risks helps in making informed decisions about investments and managing associated security concerns.

Risk Levels:

  • Critical: Conditions that directly lead to significant data breaches or system failures are considered critical. This includes severe incidents where personal information is exposed or systems are compromised without authorization.
  • High: High-risk findings include disclosures of sensitive technologies, unaddressed vulnerabilities in known frameworks, and lack of compliance with essential security standards.
  • Medium: Medium-risk findings involve potential issues that could be exploited but do not pose an immediate threat to critical data or system integrity. This includes moderate risks such as outdated software versions or incomplete disclosure of technology stacks.
  • Low: Low-risk findings are generally informational and include minor compliance gaps, unverified certifications, or minimal exposure in public records.
  • Info: Informational findings provide context but do not directly impact security posture significantly. These include general mentions of cybersecurity practices without specific details.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  • “We were notified of a security incident on our platform.”
  • “Data breach occurred due to unauthorized access.”
  • “Our team has experience with AWS and Kubernetes.”
  • “Proficiency in Terraform and Docker is required.”
  • “SOC 2 Type II certified.”
  • “SQL Injection vulnerability in v1.2.3.”