SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

SecurityScorecard acquired Driftnet, LTD., adding another layer of threat intelligence to its third-party risk management (TPRM) platform.

Driftnet is a U.K.-based internet scanning and search engine startup that aims to provide organizations with real time threat intelligence. Users can search by domain, IP address, or organization to uncover any open ports, potential vulnerabilities, misconfigurations, or attack campaigns that may pose a risk to their network.

Vendor risk management has emerged as a key area in cyber defenses, especially since the pivot to remote work during the COVID pandemic. SecurityScorecard’s own research has found almost one-third of breaches are third party-related, and that number is probably both underreported and growing.

SecurityScorecard warned that organizations increasing use of automated tools and agentic artificial intelligence (AI) further complicates third-party risk that can turn into threats, and more concerningly breaches. As risks emerge faster than organizations can handle, security posture audits must evolve to keep pace with advanced attackers and a complex supply chain.

Related:Emerging Chiplet Designs Spark Fresh Cybersecurity Challenges

While automated tools and AI can help to boost productivity and efficiency, third parties may be deploying them “across supplier and partner environments with weak access controls, exposed credentials, and no visibility,” according to a SecurityScorecard press release.

“The threat landscape has fundamentally changed,” Dr. Aleksandr Yampolskiy, SecurityScorecard CEO and co-founder said in a press release on the acquisition. “AI agentic automation and connected supply chain tools have exploded across enterprise environments — and most TPRM programs have no visibility into the risk AI poses for their vendors.”

Proactive Breach Detection

With the acquisition, SecurityScorecard aims to put threat hunters, security operations center teams, and TPRM practitioners on the same page when it comes to discovering and mitigating third-party risks. That could enable a more “proactive breach detection,” noted the press release.

SecurityScorecard continues to build up its TPRM platform and respond with automation as supply chain risks vastly expand. In March, the company launched TITAN AI to automate vendor risk workflows. Last year, the company bought HyperComply which puts an automated spin on the tedious task of filling out security questionnaires and responses.

The Driftnet acquisition could round out SecurityScorecard’s offerings with more in-depth threat intelligence that’s required nowadays. Organizations struggle with network visibility and an overwhelming number of assets as third-party infrastructure and environment are more interwoven than ever. Understanding third-party risk is not only essential to mitigate threats, but to adhere to compliance regulations as well.

Related:TransUnion’s Real Networks Deal Focuses on Robocall Blocking

Financial terms of the Driftnet transaction were not disclosed. SecurityScorecard’s announcement also noted that it will maintain Driftnet’s existing collaborations with computer emergency response teams (CERTs) in the U.S., EU, and UK as well as partnerships with several universities which have produced academic works on global internet health.