Continuous Supply Chain
Risk Scoring.
62% of breaches originate from third-party vendors. Monitor your entire vendor portfolio across 5 risk pillars - not once a year, but every day.
Five-Pillar Vendor Risk Scoring
Each vendor in your portfolio gets an independent score across five risk pillars, drawing from different intelligence sources to give you a complete risk picture.
External vulnerability scanning results
Historical breach records and data exposures
Stolen credential exposure in stealer logs
Dark web mentions, forum posts, and marketplace listings
Active threat intelligence and IOC correlation
Five-pillar weighted average with time-decay. Updated continuously as new intelligence arrives.
Smart Re-Scan Triggers
Traditional vendor assessments happen once a year. Automatic re-scans trigger whenever new threat intelligence mentions a vendor, so your risk scores stay current.
When a Vendor's Risk Score Jumps
PaymentCo Ltd had 12 employee credentials appear in a Redline stealer dump 6 days ago. Combined with a new CVE affecting their gateway software, their risk score jumped 24 points in the last 48 hours.
NIST C-SCRM Aligned Reporting
Generate compliance-ready reports mapped to NIST C-SCRM framework requirements. Reports update automatically as new intelligence arrives.
AI-Generated Vendor Summaries
Plain-language risk summaries for each vendor, generated from live intelligence data and refreshed with every score change.
Portfolio Risk Briefs
Executive-ready overviews of your entire vendor portfolio risk posture, trends, and outliers.
Incident Context Reports
When a vendor incident occurs, get an instant report with timeline, affected pillars, and recommended actions.
Other Solutions
Our Agents - JINX & BUGSY
Dual autonomous AI agents for threat triage, investigation, and CTI report generation.
Learn more →Ransomware Tracking
Real-time monitoring of ransomware groups, leak sites, and victim postings.
Learn more →Credential Intelligence
Stealer log monitoring, breach detection, and credential exposure alerts.
Learn more →Attack Surface Management
Subdomain discovery, DNS enumeration, and vulnerability scanning.
Learn more →Dark Web Monitoring
Dark web forums, Telegram channels, and IOC feed intelligence.
Learn more →MSSPs & MDR
Multi-tenant architecture purpose-built for managed security providers.
Learn more →Frequently Asked Questions
How does PurpleOps monitor supply chain risk continuously?
Your vendor portfolio is monitored around the clock across five risk pillars: vulnerability scanning, breach data, credential exposure, dark web mentions, and threat intelligence. Scores update automatically as new intelligence arrives.
What are the five risk pillars in vendor scoring?
The five pillars are Vulnerability Scan (external scanning results), Breach Data (historical breach records), Credentials (stealer log exposure), Dark Web (mentions and listings), and Threat Intel (active IOC correlation). Each pillar is scored independently and combined into a composite score.
Is PurpleOps aligned with NIST C-SCRM?
Yes. You get vendor summaries, portfolio risk briefs, and incident context reports aligned with NIST Cyber Supply Chain Risk Management (C-SCRM) framework requirements - all generated automatically.
What triggers a vendor re-scan?
Re-scans are triggered automatically when new threat intelligence mentions a vendor - such as ransomware victim listings, credential exposures in stealer logs, new CVEs affecting vendor technology, or dark web mentions of vendor data.
How does PurpleOps calculate vendor risk scores?
Each vendor gets a composite score (0-100) from a weighted average across five independent pillars with time-decay. Recent intelligence carries more weight than older data, so scores reflect current risk.
Can I set custom alert thresholds for vendor risk?
Yes. You can configure alert thresholds per vendor or per pillar. When a vendor score drops below your threshold or changes by more than a set number of points, you receive instant notifications via Slack, Teams, email, or webhooks.
Start Monitoring Your Vendors Today
Add your vendor list and start receiving continuous risk intelligence in under 5 minutes.