top of page

First-of-Its-Kind Cyber Supply Chain Risk Assessment Solution Launched by Trustwave in AU, NZ

Trustwave, who discovered multiple vulnerabilities in SolarWinds Orion back in February 2021, is a Chicago-based managed security services (MSS) and managed detection and response (MDR) provider with a global reach -- boasting 9 security operations centers (SOCs) and customers in 96 countries.

The firm has racked up the accolades in recent months:

The firm's latest announcement comes from their consulting and professional services (CPS) arm, which is built on the bones of Hivint, an award-winning cyber security consulting company. Trustwave acquired the Australian company in 2018 and has rolled out a robust CPS offering globally by leveraging their team of experts and leadership.

This week, Trustwave CPS launched a first-of-its-kind cyber supply chain risk assessment solution for enterprises and SMBs in Australia and New Zealand. The service, called Managed Vendor Risk Assessment (MVRA), gives organizations access to deep, fully scalable cybersecurity vendor assessments formerly prohibitively expensive.

“Part of the reason we built MVRA is our concern for the cyber resilience of the enterprise space. We are encountering gaps in organizations where vendors are left unassessed because of the perceived cost. MVRA gives organizations the ability to assess a large number of vendors with a consistency of measurement not possible before while still leveraging the expertise of genuine security consultants. For these organizations and the wider community, scalability brings safety,” said Nick Ellsmore, global head of strategy, consulting & professional services at Trustwave.

Ellsmore said that MVRA is a solution informed by decades of real-world consulting experience on the cybersecurity frontlines married to best-in-class risk assessment technology.

The MVRA service provides:

  • Streamlined process to onboard vendors and collect essential data, including penetration test reports, audit reports, and technical and organisational data;

  • Comprehensive security maturity questionnaire built on the NIST Cybersecurity Framework that is both reasonable and realistic for vendors to complete;

  • A further review of each vendor’s responses and data conducted by a skilled Trustwave specialist who understands possible indications and implications of vendor risk. Each answer and security asset is reviewed by our experts for completeness and accuracy;

  • For each vendor assessed, a report is delivered within eight days. The report identifies the vendor’s maturity and risk rating on a consistent scale, helping clients understand the potential risk exposure as it pertains to the nature of their business – the type of system, sensitivity and volume of data, and nature of the supply chain link;

  • Assessment reports also importantly deliver an impact analysis with recommendations for remediating gaps and issues for each vendor.

For more information about Managed Vendor Risk Assessment (MVRA) from Trustwave, please contact You can also view their offering overview here.



bottom of page