Don't assess suppliers in a vacuum. Score them against the threat actors actually targeting you — a built-in threat library and a BitSight-equivalent outside-in scanner, fused with your questionnaires.
Outside-in supplier scoring without the BitSight / SecurityScorecard bill — and fused with the inside-out evidence the scanners can't see.
| Capability | BitSight / SecurityScorecard | E2E Risk Threat Centre |
|---|---|---|
| Cost | £15k–£60k+ annual, per supplier | Included in the platform licence |
| Coverage | Outside-in score only | Inside questionnaire + outside-in scan + threat library, fused |
| Context | A letter grade, limited why | Linked to threat actors, CVEs and breach data |
| Data residency | US-tenant SaaS | UK Azure region, customer-tenant, air-gap option |
| Suppliers monitored | Pay per monitored vendor | Unlimited — no per-supplier tax |
23 pre-built scenarios mapped to MITRE ATT&CK and NCSC threat reports — ransomware crews (Qilin, Akira, BlackCat, Cl0p), state actors (APT29, APT40, Lazarus), insider and supply-chain implant.
Passive scanning of domain hygiene, certificate expiry, exposed admin panels, leaked credentials against breach corpora, and dark-web / ransomware-leak-site mentions.
Map which suppliers are exposed to which threat actors and CVEs, and which controls are insufficient against them.
Auto cross-walk to ISO 27001:2022, NCSC CAF v4, Cyber Essentials+, NIS2, NIST CSF 2.0, GovAssure, DSPT and GDPR Article 32.
Inside-out questionnaire scores and outside-in scan results combined into a single supplier risk, with drift alerts between assessments.
When a threat template changes, every dependent assessment is flagged for review. Stable hash on every config — silent regressions are impossible.
See the threats actually aimed at your supply chain — and which controls won't survive contact with them.