Third-Party Risk Intelligence
In the context of cybersecurity, Third-Party Risk Intelligence (TPRI) refers to the systematic collection, analysis, and interpretation of data from external sources to identify, assess, and monitor potential cyber threats and vulnerabilities associated with an organization's third-party ecosystem. This ecosystem encompasses a diverse range of external entities, including vendors, suppliers, contractors, service providers, partners, and even fourth-party (or Nth-party) entities that are indirectly connected through your direct third parties.
The core idea behind TPRI is to gain real-time or near-real-time visibility into the cybersecurity posture and potential risks posed by these external entities, recognizing that a weakness in their security can directly impact your own organization's security, data, and operations.
Here's a detailed breakdown of TPRI in cybersecurity:
Key Concepts and Objectives:
Proactive Risk Identification: Rather than waiting for a security incident to occur, TPRI aims to identify potential risks before they materialize. This involves continuously scanning for indicators of compromise, vulnerabilities, and other threat signals related to third parties.
Continuous Monitoring: Traditional periodic assessments are often insufficient. TPRI emphasizes ongoing, real-time monitoring of third-party security posture, enabling organizations to detect changes in risk profiles as they occur.
Comprehensive Threat Landscape: TPRI extends beyond just direct vulnerabilities. It considers a broad range of cyber risks, including:
Data Breaches: A third party's compromised systems could expose your sensitive data (e.g., customer PII, intellectual property).
Supply Chain Attacks: Attackers can exploit vulnerabilities in a third party's software or hardware to gain access to your systems (e.g., the SolarWinds attack).
System Vulnerabilities: Third-party software or cloud services may have unpatched vulnerabilities that attackers can use to infiltrate your network.
Misconfigurations: Errors in a third party's IT environment (e.g., exposed AWS S3 buckets) can lead to data leaks.
Operational Disruption: A cyber incident at a critical vendor could disrupt your business operations.
Reputational Damage: A security breach at a third party can negatively impact your organization's brand and customer trust, even if you weren't directly at fault.
Compliance and Regulatory Fines: If a third party mishandles your data and fails to comply with regulations (e.g., GDPR, HIPAA), your organization could face significant penalties.
Actionable Insights: TPRI provides concrete, actionable intelligence that security teams can use to prioritize risks, develop mitigation strategies, and collaborate with third parties to address identified issues.
Risk Tiering and Prioritization: Not all third parties pose the same level of risk. TPRI helps categorize vendors based on their criticality, the type of data they access, and the potential impact of a breach, allowing organizations to allocate resources effectively for risk management.
How Third-Party Risk Intelligence Works:
TPRI leverages a variety of data sources and technologies to generate insights:
External Data Collection:
Publicly Available Information (Open-Source Intelligence - OSINT): Monitoring news, social media, dark web forums, cybercrime markets, and public vulnerability databases for mentions of third parties or their security incidents.
Security Ratings Services: Using commercial platforms that provide objective, data-driven security ratings of third parties based on their externally observable security posture (e.g., patch management, security hygiene, exposed assets).
Threat Intelligence Feeds: Subscribing to feeds that provide information on emerging threats, attack campaigns, and vulnerabilities relevant to your third-party ecosystem.
Financial Health Data: Assessing a third party's financial stability is crucial, as financial distress can significantly impact their ability to invest in cybersecurity.
Compliance and Regulatory Databases: Checking for a third party's compliance with relevant industry standards and regulations.
Analysis and Correlation:
Automated Tools: Using AI and machine learning to process vast amounts of data, identify patterns, and detect anomalies that indicate potential risks.
Security Analytics Platforms: Correlating data from various sources to build a comprehensive risk profile for each third party.
Attack Surface Management: Mapping and continuously monitoring the digital assets and potential entry points of third parties that attackers could exploit.
Reporting and Remediation:
Risk Scores and Dashboards: Presenting clear, quantifiable risk scores and visual dashboards to provide an immediate understanding of third-party risk.
Alerts and Notifications: Generating real-time alerts when a significant change in a third party's risk posture is detected.
Remediation Guidance: Providing specific recommendations and action plans for third parties to improve their security posture and reduce identified risks.
Collaboration Tools: Facilitating secure communication and collaboration between your organization and your third parties to address and remediate vulnerabilities.
Importance in Cybersecurity:
The interconnected nature of modern business means that an organization's security is only as strong as its weakest link. Many high-profile data breaches and cyberattacks have originated from compromised third-party vendors. TPRI is crucial for:
Reducing the Attack Surface: By identifying and mitigating risks in the supply chain, organizations can significantly shrink their overall attack surface.
Enhancing Due Diligence: Providing a data-driven approach to vetting new vendors and continuously assessing existing ones.
Improving Incident Response: Having intelligence on potential third-party weaknesses enables quicker and more effective responses to incidents that may originate from external sources.
Ensuring Compliance: Helping organizations meet regulatory requirements for managing third-party risk.
Protecting Reputation and Financial Health: Minimizing the likelihood of costly data breaches and reputational damage.
Third-Party Risk Intelligence empowers organizations to move from a reactive to a proactive stance in managing the complex and ever-evolving cybersecurity risks introduced by their extended ecosystem.
ThreatNG, as an all-in-one external attack surface management, digital risk protection, and security ratings solution, offers comprehensive capabilities that are highly beneficial for managing Third-Party Risk Intelligence (TPRI) in cybersecurity. It focuses on an unauthenticated, outside-in perspective, mirroring how an actual attacker would view your organization and its third parties.
ThreatNG's Contribution to Third-Party Risk Intelligence
ThreatNG helps organizations proactively identify, assess, monitor, and mitigate cybersecurity risks originating from their third-party ecosystem. By focusing on externally observable data, it provides an objective and continuous view of a third party's security posture, which is crucial for effective TPRI.
External Discovery
ThreatNG's External Discovery module is foundational to TPRI because it can perform purely external, unauthenticated discovery without requiring any connectors. This means it can map the digital footprint of any third-party vendor simply by knowing their domain or organization name.
Example of ThreatNG helping: Imagine you're onboard a new critical software vendor. ThreatNG can immediately begin discovering all publicly exposed assets, such as web applications, subdomains, associated IP addresses, and registered mobile applications, without requiring any access credentials or vendor setup. This rapid discovery helps establish the initial scope of their attack surface from an attacker's perspective quickly.
External Assessment
ThreatNG's External Assessment capabilities are extensive, providing detailed insights into various risk areas without requiring internal access to the third party's systems. This is vital for understanding a third party's proper external security posture.
Here are detailed examples of how its assessments help with TPRI:
Web Application Hijack Susceptibility: This assessment analyzes the externally accessible components of a third-party's web applications to identify potential entry points for attackers.
TPRI Example: A marketing agency you use might have a web portal for campaign approvals. ThreatNG could assess this portal and flag if specific external paths or configurations make it susceptible to hijacking, indicating a potential avenue for attackers to compromise the agency and, in turn, affect your campaigns or data.
Subdomain Takeover Susceptibility: ThreatNG evaluates a third party's susceptibility to subdomain takeovers by analyzing subdomains, DNS records, and SSL certificate statuses.
TPRI Example: If your cloud service provider has dormant or misconfigured subdomains, ThreatNG would detect this. A subdomain takeover could allow an attacker to host malicious content on a domain that appears legitimate to your users or even compromise services tied to that subdomain, leading to phishing attacks against your employees or customers.
BEC & Phishing Susceptibility: Derived from factors such as domain intelligence (DNS permutations, Web3 domains, and email security presence) and dark web presence (compromised credentials), this assessment indicates how easily a third party could be impersonated or targeted by phishing.
TPRI Example: ThreatNG might reveal that a logistics partner has poor DMARC, SPF, and DKIM records, as well as numerous compromised credentials on the dark web. This intelligence suggests a high susceptibility to Business Email Compromise (BEC) attacks, meaning an attacker could impersonate your logistics partner to trick your finance department into making fraudulent payments.
Brand Damage Susceptibility: This utilizes attack surface intelligence, digital risk intelligence, ESG violations, and sentiment/financial data (including lawsuits and negative news).
TPRI Example: If a third-party payment processor faces multiple lawsuits related to data handling or has significant negative news regarding security incidents, ThreatNG would factor this into their brand damage susceptibility score. This informs you of the potential reputational risk your organization faces by association, even if the breach doesn't directly affect your systems.
Data Leak Susceptibility: Assesses risk from Cloud and SaaS Exposure, Dark Web Presence (compromised credentials), and Domain Intelligence (DNS permutations, email intelligence).
TPRI Example: ThreatNG could identify an e-commerce platform vendor with open Amazon S3 buckets or exposed API keys in their mobile app. This directly indicates a high susceptibility to data leaks, suggesting that your customer data stored with them could be at risk.
Cyber Risk Exposure: Considers parameters like certificates, subdomain headers, vulnerabilities, sensitive ports, and code secret exposure.
TPRI Example: ThreatNG might discover that a third-party software development firm has numerous unpatched vulnerabilities (CVEs) on their externally facing servers, sensitive ports exposed, or even private SSH keys found in public code repositories. This provides a direct measure of their cyber risk exposure, which could translate into a risk of supply chain attacks or intellectual property theft that impacts your organization.
ESG Exposure: Rates the organization based on discovered environmental, social, and governance (ESG) violations.
TPRI Example: If a manufacturing supplier you use has documented ESG violations related to environmental non-compliance or labor practices, ThreatNG would highlight this. While not directly a cybersecurity risk, it points to broader governance issues that could indicate a lack of robust internal controls, potentially extending to their cybersecurity practices.
Supply Chain & Third Party Exposure: Derived from domain intelligence (enumeration of vendor technologies from DNS and subdomains), technology stack, and Cloud and SaaS Exposure.
TPRI Example: For a key IT service provider, ThreatNG can enumerate the specific technologies they use, such as their CRM (e.g., Salesforce), cloud providers (e.g., AWS), and email marketing platforms. This granular view helps understand which specific software supply chain components could introduce risk if compromised.
Breach & Ransomware Susceptibility: Calculated based on domain intelligence (exposed sensitive ports, private IPs, vulnerabilities), dark web presence (compromised credentials, ransomware events), and sentiment/financials.
TPRI Example: If a managed security service provider (MSSP) you contract has numerous exposed private IPs, compromised credentials on the dark web, and mentions of their organization in ransomware gang activity forums, ThreatNG would flag a high breach and ransomware susceptibility. This is a critical indicator of direct risk to your security operations.
Mobile App Exposure: Evaluates an organization's mobile apps discovered in marketplaces for exposed access credentials, security credentials, and platform-specific identifiers.
TPRI Example: ThreatNG could identify that a third-party mobile app developer used by your company has hardcoded AWS access keys or GitHub tokens within their publicly available mobile apps. This poses a direct risk of unauthorized access to their (and potentially your) cloud resources or code repositories.
Positive Security Indicators: Identify an organization's security strengths, such as the presence of Web Application Firewalls (WAFs) or multi-factor authentication (MFA), from an external perspective.
TPRI Example: When assessing a payment gateway provider, ThreatNG might validate the presence of a strong WAF and observe configurations indicative of MFA for external login points. This provides a more balanced view, showing their proactive security measures and reducing their overall risk profile.
External GRC Assessment: Provides an outside-in evaluation of an organization's GRC posture, mapping findings to frameworks like PCI DSS and POPIA.
TPRI Example: For a vendor handling credit card data, ThreatNG could identify exposed assets or vulnerabilities that directly contradict PCI DSS requirements. This helps you assess their compliance risk from the perspective of an external attacker, which is crucial for ensuring regulatory adherence.
External Threat Alignment: Aligns the organization's security posture with external threats by identifying vulnerabilities and exposures in a manner an attacker would, mapping to MITRE ATT&CK techniques.
TPRI Example: ThreatNG might identify a specific vulnerability in a third party's public-facing VPN service and map it to a MITRE ATT&CK "Initial Access" technique like "External Remote Services (T1133)". This helps your team understand the specific adversarial tactics that could be used against your third parties and subsequently impact you.
Reporting
ThreatNG offers diverse reporting capabilities essential for communicating TPRI findings to various stakeholders.
Examples of ThreatNG helping:
Executive Reports: Provide high-level summaries of third-party risk, security ratings (A through F), and overall trends, ideal for board members or senior management to grasp the aggregated risk.
Technical Reports: Provide granular details on identified vulnerabilities, misconfigurations, and exposures, which security operations teams can use for in-depth analysis and remediation planning with third parties.
Prioritized Reports: Categorize risks by severity (High, Medium, Low, Informational), allowing your team and the third party to focus on the most critical issues first.
Security Ratings: Provide an objective, letter-grade score (A through F) for each third party, simplifying the comparison and tracking of their security posture over time.
External GRC Assessment Mappings: Reports specifically detailing a third party's alignment or non-alignment with GRC frameworks like PCI DSS and POPIA, which is critical for compliance auditors and risk managers.
Continuous Monitoring
Continuous Monitoring is a cornerstone of effective TPRI, and ThreatNG provides this for the external attack surface, digital risk, and security ratings of all organizations. This moves beyond point-in-time assessments to detect changes as they occur.
Example of ThreatNG helping: A critical software vendor might patch a vulnerability, but inadvertently open a new sensitive port or expose a new subdomain during an update. ThreatNG's continuous monitoring would automatically detect this change, flag the latest exposure, and update the vendor's risk score, alerting your team to the shift in their security posture without manual intervention. This ensures that you are always aware of their current risk level, not just their risk at the last audit.
Investigation Modules
ThreatNG's Investigation Modules provide the deep dive capabilities needed to understand the root cause and full scope of identified risks related to third parties.
Here are detailed examples of how the investigation modules help with TPRI:
Domain Intelligence: Provides comprehensive insights into a third party's domain infrastructure.
Domain Overview: Helps identify an organization's digital presence, including related SwaggerHub instances for API documentation.
TPRI Example: If a third-party API provider exposes their SwaggerHub instance, ThreatNG can identify it, allowing your team to investigate if their API documentation reveals sensitive endpoints or authentication methods that could be exploited.
DNS Intelligence: Analyzes DNS records, identifies vendors and technologies, and uncovers available/taken domain name permutations and Web3 domains.
TPRI Example: You discover a subdomain takeover risk for a third party. Using DNS Intelligence, you can see if the specific DNS records are misconfigured or if there are legacy entries that could be exploited, helping the third party understand the technical remediation required.
Email Intelligence: Provides insights into email security presence (DMARC, SPF, DKIM) and predicts email formats.
TPRI Example: If your vendor's email intelligence shows a lack of DMARC, SPF, and DKIM records, it directly indicates a higher risk of email spoofing and phishing attacks targeting anyone who interacts with that vendor. This is critical for preventing BEC and phishing scams.
WHOIS Intelligence: Offers WHOIS analysis and discovers other domains owned by the same entity.
TPRI Example: If investigating a suspicious activity originating from a vendor, WHOIS intelligence could reveal other domains registered by the same entity, potentially uncovering a broader network of associated, potentially risky, digital assets.
Subdomain Intelligence: Provides extensive analysis of subdomains, including HTTP responses, header analysis (security and deprecated), server technologies, cloud hosting, e-commerce platforms, CMS, code repositories, sensitive ports, and known vulnerabilities.
TPRI Example: For a cloud-hosted SaaS vendor, ThreatNG's subdomain intelligence could detect that one of their development environments (a subdomain) is publicly accessible, has insecure HTTP headers, and exposes sensitive ports, such as SSH or an unauthenticated database (e.g., MongoDB). This is a severe risk of direct compromise for the vendor and potentially your data.
IP Intelligence: Identifies IPs, shared IPs, ASNs, and country locations.
TPRI Example: If a third party uses shared IP space with known malicious actors or has critical infrastructure hosted in high-risk geographic locations, IP intelligence would highlight this.
Certificate Intelligence: Analyzes TLS certificates, their status, issuers, and associated organizations.
TPRI Example: A critical vendor might have an expired SSL certificate on their customer portal, or a certificate issued by a less reputable Certificate Authority. ThreatNG would flag this, indicating a potential vulnerability to man-in-the-middle attacks and a lack of proper certificate management.
Social Media: Investigates an organization's social media posts for content, hashtags, links, and tags.
TPRI Example: Identifying a third party discussing a recent security incident or a new product launch with sensitive details on social media, before official announcements, could reveal potential information leakage or communication risks.
Sensitive Code Exposure: Discovers public code repositories and investigates their content for sensitive data like access credentials, security credentials, and configuration files.
TPRI Example: ThreatNG might find a third-party software vendor's public GitHub repository containing hardcoded AWS API keys, database credentials, or SSH private keys. This immediately indicates a critical exposure that could lead to a breach of their systems (and potentially yours).
Mobile Application Discovery: Discovers mobile apps in marketplaces and inspects their contents for exposed credentials and identifiers.
TPRI Example: A third-party mobile app developer you use might have an older version of their app in an obscure marketplace that contains exposed API keys or Firebase identifiers. ThreatNG's discovery would pinpoint this, allowing you to urge the vendor to remove or update the vulnerable app.
Search Engine Exploitation: Helps investigate susceptibility to exposing sensitive information via search engines.
Website Control Files (Robots.txt, Security.txt): Identifies exposed directories, emails, or bug bounty program details.
TPRI Example: If a third party's
robots.txtfile (intended to guide search engines) inadvertently lists sensitive administrative directories or email addresses, ThreatNG would highlight this. Attackers could exploit this for reconnaissance purposes.
Search Engine Attack Surface: Identifies exposure of errors, sensitive information, public passwords, and susceptible files/servers.
TPRI Example: ThreatNG could find that a third-party support portal's error messages are indexed by search engines, revealing internal network paths or database errors that could aid an attacker.
Cloud and SaaS Exposure: Discovers sanctioned/unsanctioned cloud services, impersonations, and open exposed cloud buckets, as well as specific SaaS implementations.
TPRI Example: ThreatNG might uncover that a third-party data analytics provider is using an unsanctioned cloud service or has an open AWS S3 bucket containing your project data. This is a direct data leakage risk that bypasses your approved vendor list.
Online Sharing Exposure: Detects the presence of organizational entities on code-sharing platforms such as Pastebin, GitHub Gist, and Scribd.
TPRI Example: If a third-party developer posts code snippets containing sensitive information related to your project on Pastebin or GitHub Gist, ThreatNG would detect this, indicating potential intellectual property leakage.
Sentiment and Financials: Identifies lawsuits, layoff chatter, SEC filings, and ESG violations related to the organization.
TPRI Example: If a critical financial vendor has recent SEC Form 8-Ks detailing cybersecurity incidents or material weaknesses in internal controls, ThreatNG would highlight this. This provides non-technical risk intelligence that impacts their reliability as a partner.
Archived Web Pages: Discovers sensitive information from archived versions of web pages, including API documentation, login pages, or sensitive files.
TPRI Example: ThreatNG could find an archived version of a third-party's old login page that reveals default credentials or a vulnerability that has since been patched, but its existence in an archive could still be used for historical context by attackers.
Dark Web Presence: Detects organizational mentions, associated ransomware events, and compromised credentials on the dark web.
TPRI Example: If a third-party HR vendor has a significant number of compromised employee credentials found on the dark web, or if their name is mentioned in discussions about ransomware gang activity, ThreatNG would flag this. This indicates a high risk of account takeover and potential ransomware attacks that could disrupt their services and impact your operations.
Technology Stack: Identifies all technologies used by the organization, from web servers to CRM, databases, and security tools.
TPRI Example: Understanding a third-party's full technology stack, mainly if it includes outdated or known vulnerable components (e.g., an old version of Apache or a specific JavaScript library with critical CVEs), enables a more targeted risk assessment and a better understanding of potential attack vectors.
Intelligence Repositories (DarCache)
ThreatNG's Intelligence Repositories (DarCache) are continuously updated and provide critical context for external risks.
Dark Web (DarCache Dark Web): Stores information from dark web sources.
TPRI Example: If your third-party IT support provider is mentioned in dark web forums as a target for credential stuffing attacks, this repository provides that context, allowing you to discuss enhanced security measures with them proactively.
Compromised Credentials (DarCache Rupture): Contains a database of compromised credentials.
TPRI Example: ThreatNG can cross-reference the email domains of your third-party vendors with DarCache Rupture to see if their employee credentials have been compromised, which directly indicates an increased risk of account takeover for their systems.
Ransomware Groups and Activities (DarCache Ransomware): Tracks over 70 ransomware gangs and their activities.
TPRI Example: If a critical logistics vendor appears to be targeted by a specific ransomware gang known to be highly active (as tracked by DarCache Ransomware), your organization can anticipate potential disruptions and advise the vendor or prepare contingency plans.
Vulnerabilities (DarCache Vulnerability): Offers a holistic view of external risks and vulnerabilities, including their real-world exploitability and likelihood of exploitation. This is further broken down into:
NVD (DarCache NVD): Provides detailed technical characteristics and impact scores (CVSS) for vulnerabilities.
EPSS (DarCache EPSS): Offers a probabilistic estimate of the likelihood of a vulnerability being exploited.
KEV (DarCache KEV): Lists vulnerabilities actively being exploited in the wild.
Verified Proof-of-Concept (PoC) Exploits (DarCache eXploit): Provides direct links to PoC exploits on platforms like GitHub.
TPRI Example: ThreatNG might identify a critical vulnerability (CVE) in a third party’s web server. DarCache NVD provides its CVSS score, DarCache EPSS indicates a high likelihood of exploitation, and DarCache KEV confirms it’s actively exploited. Furthermore, DarCache eXploit offers a direct link to a verified PoC on GitHub. This comprehensive intelligence enables your security team to provide the vendor with precise, actionable information, emphasizing the urgency and helping them effectively reproduce and patch the vulnerability.
ESG Violations (DarCache ESG): Catalogs discovered ESG violations.
TPRI Example: DarCache ESG could reveal a critical supplier's history of environmental violations, which, while not a direct cyber risk, can indicate broader governance issues that might affect their overall operational stability and indirectly impact your supply chain.
SEC Form 8-Ks (DarCache 8-K): Stores SEC Form 8-Ks for publicly traded US companies.
TPRI Example: For a publicly traded third-party software provider, DarCache 8-K could immediately surface an SEC filing related to a recent cybersecurity incident or a change in their risk disclosures, providing timely insights into their security posture.
Complementary Solutions and Synergies
While ThreatNG is a comprehensive solution, it can work synergistically with other cybersecurity tools to create a more robust TPRI program.
Security Information and Event Management (SIEM) / Security Orchestration, Automation, and Response (SOAR) Platforms:
Synergy: ThreatNG's continuous monitoring and real-time alerts on third-party security posture changes can feed directly into a SIEM/SOAR platform.
Examples of ThreatNG and Complementary Solutions Helping:
ThreatNG detects a new critical vulnerability (e.g., a zero-day exploit in a widely used web server technology) affecting a key third-party vendor. This alert is automatically sent to the SIEM.
A SOAR playbook then triggers, automatically creating a ticket in your internal ticketing system (e.g., Jira, ServiceNow) for your vendor management team, initiating a communication workflow with the affected third party, and perhaps even triggering an internal assessment of your exposure to that vendor's vulnerability.
Vendor Risk Management (VRM) Platforms:
Synergy: VRM platforms typically manage the entire lifecycle of vendor relationships, including contract management, questionnaires, and internal assessments. ThreatNG provides objective, external security ratings and continuous monitoring data that can enrich these platforms.
Examples of ThreatNG and Complementary Solutions Helping:
Your VRM platform stores the results of annual security questionnaires from your third parties. ThreatNG's continuous security ratings (A-F) can be integrated into the VRM platform, providing real-time, objective data that validates or contradicts the self-reported security posture. If a vendor's ThreatNG rating drops significantly, it could automatically flag them for a more in-depth review, overriding their questionnaire answers.
ThreatNG identifies a data leak susceptibility for a vendor that handles sensitive data, based on exposed S3 buckets. This finding is pushed to the VRM platform, which then automatically triggers a custom evidence questionnaire (similar to ThreatNG's Correlation Evidence Questionnaires ) specifically asking the vendor about their cloud storage configurations and data handling policies.
Governance, Risk, and Compliance (GRC) Tools:
Synergy: GRC tools enable organizations to manage their overall compliance with regulations and internal policies effectively. ThreatNG's External GRC Assessment and detailed findings can provide critical, real-time external compliance data.
Examples of ThreatNG and Complementary Solutions Helping:
Your GRC tool helps manage compliance with the PCI DSS. ThreatNG's External GRC Assessment for a payment gateway provider identifies specific exposed assets or vulnerabilities that constitute non-compliance with PCI DSS requirements. This data is pushed to the GRC tool, automatically updating the compliance status for that vendor and triggering tasks for remediation and reporting.
Endpoint Detection and Response (EDR) / Extended Detection and Response (XDR) Solutions:
Synergy: While EDR/XDR focuses on internal endpoints and networks, intelligence from ThreatNG about compromised third parties can help prioritize internal investigations.
Examples of ThreatNG and Complementary Solutions Helping:
ThreatNG identifies that a critical software vendor has suffered a significant breach, and their compromised credentials are now on the dark web. This intelligence is shared with your internal EDR/XDR solution, which then automatically escalates the monitoring priority for any internal systems that frequently interact with that vendor's services, looking for indicators of compromise related to the breached credentials.
Vulnerability Management Platforms:
Synergy: ThreatNG identifies externally observable vulnerabilities. This external perspective can augment internal vulnerability scanning efforts.
Examples of ThreatNG and Complementary Solutions Helping:
ThreatNG's external assessment identifies a zero-day vulnerability in a standard web server technology used by a third-party hosted service. This information, especially the KEV and EPSS data, is fed into your internal vulnerability management platform. This allows your team to understand the external risk posed by this third party and potentially prioritize internal scans or mitigations if your systems share similar vulnerabilities or exposures.
By combining ThreatNG's powerful external discovery and assessment capabilities with the broader management, orchestration, and internal visibility provided by complementary solutions, organizations can build a truly robust and proactive Third-Party Risk Intelligence program.
