SecurityScorecard has announced the acquisition of Driftnet, a threat intelligence firm specializing in third-party ecosystem visibility, in a move designed to address the expanding attack surface created by interconnected vendor relationships.
The deal reflects the cybersecurity industry's growing recognition that traditional perimeter defenses are insufficient when adversaries can breach an organization through its suppliers, partners, and service providers — a threat vector that has become one of the most exploited in recent years.
What Driftnet Brings
Driftnet focuses on mapping and monitoring third-party digital ecosystems, providing organizations with real-time visibility into the security posture of their vendors and supply chain partners. Key capabilities include:
- Continuous third-party monitoring across vendor networks
- Attack surface discovery for unknown or shadow vendor relationships
- Supply chain risk scoring integrated into existing security workflows
- Threat correlation linking external breach data to specific third-party exposures
By absorbing Driftnet's technology, SecurityScorecard aims to close a visibility gap that has enabled many high-profile supply chain compromises in recent years.
The Supply Chain Threat Landscape
Supply chain attacks have surged dramatically. The SolarWinds compromise, 3CX trojanization, XZ Utils backdoor, and more recent campaigns like the npm-based Mini Shai Hulud worm demonstrate that attackers increasingly target trusted software and service providers rather than hardened enterprise targets directly.
According to industry data, over 60% of significant data breaches now involve a third-party component. Yet most organizations have limited visibility beyond their immediate tier-1 vendors — let alone the extended web of subprocessors and software dependencies those vendors rely on.
SecurityScorecard's Strategic Play
SecurityScorecard has built its business on cybersecurity ratings — assigning grades to organizations based on externally observable security signals. Adding Driftnet's ecosystem mapping capabilities extends that model deeper into supply chains, allowing customers to:
- Identify risky vendor relationships before a breach occurs
- Receive alerts when a supplier's security posture degrades
- Map transitive risk through multiple supply chain tiers
The acquisition also positions SecurityScorecard competitively against risk management platforms that have been building similar capabilities, including BitSight, Prevalent, and ProcessUnity.
Industry Implications
The deal is part of a broader consolidation wave in the third-party risk management space. As regulatory frameworks like DORA (Digital Operational Resilience Act) in the EU impose new requirements for supply chain due diligence, demand for automated vendor risk tools is accelerating.
For security teams, the message is clear: understanding your own attack surface is no longer sufficient. You need visibility into the attack surfaces of everyone you do business with.