SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyber RiskNews, news analysis, and commentary on the latest trends in cybersecurity technology.SecurityScorecard Snags Driftnet to Level Up Threat IntelligenceThe acquisition looks to boost visibility into third-party ecosystems, which are becoming a bigger concern as vectors for supply chain attacks.Arielle Waldman,Features Writer,Dark ReadingMay 14, 20262 Min ReadSecurityScorecard has acquired Driftnet, adding another layer of threat intelligence to its third-party risk management (TPRM) platform. Driftnet is a UK-based Internet scanning and search engine startup that provides organizations with real-time threat intelligence. Users can search by domain, IP address, or organization to uncover open ports, potential vulnerabilities, misconfigurations, or attack campaigns that may pose a risk to their networks.  Vendor risk management has emerged as a key area in cyber defenses, especially since the pivot to remote work during the COVID-19 pandemic. SecurityScorecard's own research found almost one-third of breaches are third-party-related, and that number is probably both underreported and growing.  Organizations' increasing use of automated tools and agentic artificial intelligence (AI) further complicates third-party risk that can turn into threats and, more concerningly, breaches, SecurityScorecard warns. As risks emerge faster than organizations can handle, security posture audits must evolve to keep pace with advanced attackers and a complex supply chain.Related:What It'll Take to Make AI BOMs Usable in a Modern Security ProgramWhile automated tools and AI can help boost productivity and efficiency, third parties may be deploying them "across supplier and partner environments with weak access controls, exposed credentials, and no visibility," according to SecurityScorecard. "The threat landscape has fundamentally changed," states SecurityScorecard CEO and co-founder Aleksandr Yampolskiy. "AI agentic automation and connected supply chain tools have exploded across enterprise environments — and most TPRM programs have no visibility into the risk AI poses for their vendors." Proactive Breach DetectionWith the acquisition, SecurityScorecard aims to put threat hunters, security operations center teams, and TPRM practitioners on the same page for discovering and mitigating third-party risks. That could enable a more "proactive breach detection," the company notes. SecurityScorecard continues to build up its TPRM platform and respond with automation. In March, the company launched TITAN AI to automate vendor risk workflows. Last year, it bought HyperComply, which puts an automated spin on the tedious task of filling out security questionnaires and responses. The Driftnet acquisition helps round out SecurityScorecard's offerings with more in-depth threat intelligence. Organizations struggle with network visibility and an overwhelming number of assets as third-party infrastructure and environments are more interwoven than ever. Understanding third-party risk is not only essential to mitigate threats but to adhere to compliance regulations as well.Related:Is 2026 the Year AI Bills of Materials Get Real?Financial terms of the Driftnet transaction were not disclosed. SecurityScorecard's announcement also notes that it will maintain Driftnet's existing collaborations with computer emergency response teams in the US, EU, and UK, as well as partnerships with several universities that have produced academic works on global Internet health.About the AuthorArielle WaldmanFeatures Writer, Dark ReadingArielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.    She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.   See more from Arielle WaldmanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security ManagementAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsLatest Articles in DR TechnologyRemote WorkforceAkamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise BrowsersMay 22, 2026|4 Min ReadCyber RiskWhat It'll Take to Make AI BOMs Usable in a Modern Security ProgramMay 20, 2026|9 Min ReadCyber RiskIs 2026 the Year AI Bills of Materials Get Real?May 18, 2026|6 Min ReadVulnerabilities & ThreatsWhy Security Leadership Makes or Breaks a Pen TestMay 5, 2026|5 Min ReadRead More DR Technology