What's Happening?
SecurityScorecard has announced the acquisition of Driftnet, a UK-based internet scanning and search engine startup, to bolster its third-party risk management (TPRM) platform with enhanced threat intelligence capabilities. Driftnet provides real-time
threat intelligence by allowing users to search by domain, IP address, or organization to identify open ports, potential vulnerabilities, misconfigurations, or attack campaigns. This acquisition aims to address the growing complexity of third-party risks, which have become more pronounced with the increased use of automated tools and artificial intelligence (AI) across enterprise environments. SecurityScorecard's research indicates that nearly one-third of breaches are related to third-party risks, a figure that is likely underreported and increasing.
Why It's Important?
The acquisition of Driftnet by SecurityScorecard is significant as it addresses the escalating challenges in managing third-party risks, which have become a critical component of cybersecurity strategies, especially in the wake of the COVID-19 pandemic and the shift to remote work. As organizations increasingly rely on automated tools and AI, the potential for third-party risks to evolve into significant threats and breaches has grown. By enhancing its TPRM platform with Driftnet's capabilities, SecurityScorecard aims to provide more comprehensive threat intelligence, enabling organizations to better detect and mitigate these risks proactively. This move is crucial for maintaining compliance with regulatory standards and ensuring robust cybersecurity defenses.
What's Next?
Following the acquisition, SecurityScorecard plans to integrate Driftnet's threat intelligence capabilities into its existing TPRM platform, facilitating more proactive breach detection and risk mitigation. The company will continue to build on its platform with automation tools like TITAN AI, which automates vendor risk workflows. SecurityScorecard also intends to maintain Driftnet's collaborations with computer emergency response teams (CERTs) in the U.S., EU, and UK, as well as partnerships with universities that contribute to global internet health research. These efforts are expected to enhance the company's ability to address the evolving threat landscape and support organizations in managing third-party risks more effectively.
