SecurityScorecard has acquired Driftnet, adding another layer of threat intelligence to its third-party risk management (TPRM) platform.
Driftnet is a UK-based Internet scanning and search engine startup that provides organizations with real-time threat intelligence. Users can search by domain, IP address, or organization to uncover open ports, potential vulnerabilities, misconfigurations, or attack campaigns that may pose a risk to their networks.
Vendor risk management has emerged as a key area in cyber defenses, especially since the pivot to remote work during the COVID-19 pandemic. SecurityScorecard’s own research found almost one-third of breaches are third-party-related, and that number is probably both underreported and growing.
Organizations’ increasing use of automated tools and agentic artificial intelligence (AI) further complicates third-party risk that can turn into threats and, more concerningly, breaches, SecurityScorecard warns. As risks emerge faster than organizations can handle, security posture audits must evolve to keep pace with advanced attackers and a complex supply chain.
While automated tools and AI can help boost productivity and efficiency, third parties may be deploying them “across supplier and partner environments with weak access controls, exposed credentials, and no visibility,” according to SecurityScorecard.
“The threat landscape has fundamentally changed,” states SecurityScorecard CEO and co-founder Aleksandr Yampolskiy. “AI agentic automation and connected supply chain tools have exploded across enterprise environments — and most TPRM programs have no visibility into the risk AI poses for their vendors.”
Proactive Breach Detection
With the acquisition, SecurityScorecard aims to put threat hunters, security operations center teams, and TPRM practitioners on the same page for discovering and mitigating third-party risks. That could enable a more “proactive breach detection,” the company notes.
SecurityScorecard continues to build up its TPRM platform and respond with automation. In March, the company launched TITAN AI to automate vendor risk workflows. Last year, it bought HyperComply, which puts an automated spin on the tedious task of filling out security questionnaires and responses.
The Driftnet acquisition helps round out SecurityScorecard’s offerings with more in-depth threat intelligence. Organizations struggle with network visibility and an overwhelming number of assets as third-party infrastructure and environments are more interwoven than ever. Understanding third-party risk is not only essential to mitigate threats but to adhere to compliance regulations as well.
Financial terms of the Driftnet transaction were not disclosed. SecurityScorecard’s announcement also notes that it will maintain Driftnet’s existing collaborations with computer emergency response teams in the US, EU, and UK, as well as partnerships with several universities that have produced academic works on global Internet health.
