Austin, TX / USA, January 14th, 2026, CyberNewsWire
New monitoring functionality delivers unprecedented visibility into vendor identification exposures, transferring enterprises and authorities companies from static threat scoring to defending towards precise identification threats.
SpyCloud, the chief in identification menace safety, at this time introduced the launch of its Provide Chain Risk Safety resolution, a complicated layer of protection that expands identification menace safety throughout the prolonged workforce, together with organizations’ total vendor ecosystems.
Not like conventional third-party threat administration platforms that depend on exterior floor indicators and static scoring, SpyCloud Provide Chain Risk Safety gives well timed entry to identification threats derived from billions of recaptured breach, malware, phished, and combolist knowledge property, empowering organizations – from enterprise safety groups to public sector companies – to behave on credible threats somewhat than merely observe and settle for threat.
Provide Chain Risk Safety addresses a important hole in enterprise safety: the lack to keep up real-time consciousness of identification exposures affecting third-party companions and distributors.
In keeping with the 2025 Verizon Information Breach Investigations Report, third-party involvement in breaches doubled year-over-year, leaping from 15% to 30% primarily resulting from software program vulnerabilities and weak safety practices.
As provide chain compromises proceed to escalate, safety groups want intelligence that goes past questionnaires and exterior scans to disclose lively threats like phishing campaigns focusing on their trusted companions, confirmed credential theft, and malware-infected units exposing important enterprise functions to criminals.
For presidency companies and significant infrastructure operators, provide chain threats current nationwide safety dangers that demand heightened vigilance.
Public sector organizations managing delicate knowledge and significant companies more and more depend on contractors and know-how distributors whose compromised credentials might present adversaries with pathways into categorised techniques or important infrastructure.
Final yr alone, the highest 98 Protection Industrial Base suppliers had over 11,000 darkish net uncovered credentials – an 81% enhance from the earlier yr.
SpyCloud Provide Chain Risk Safety permits federal, state, and native companies to establish when suppliers or contractors have been compromised – permitting them to take proactive measures earlier than an identification publicity escalates right into a matter of nationwide safety.
“Third-party threats have developed far past what conventional vendor evaluation instruments can detect,” stated Damon Fleury, Chief Product Officer at SpyCloud.
“Private and non-private sector organizations must know when their distributors’ staff are actively compromised by malware or phishes, when authentication knowledge is circulating on the darkish net, and which companions pose the best actual downstream menace to their enterprise. Our new resolution delivers these alerts by remodeling uncooked underground knowledge into clear, prioritized actions that safety groups use to guard their group.”
Provide Chain Risk Safety permits organizations and companies to repeatedly monitor 1000’s of suppliers, with every firm’s threats enumerated intimately, and likewise represented in an at-a-glance Identification Risk Index.
The Index is a complete and repeatedly up to date evaluation that quantifies vendor safety posture by the lens of identification publicity, from each lively and historic phishing, breach, and malware sources, and surfaces which companions pose probably the most vital threat based mostly on verified darkish net intelligence.
Key Capabilities Embody:
Actual Proof of Compromise: Well timed recaptured identification knowledge from breaches, malware, and profitable phishes collected repeatedly from the felony underground, with context that offers safety groups enhanced visibility into the identification threats going through suppliers at this time.
Identification Risk Index: Aggregates a number of verified knowledge sources weighted by the recency, quantity, credibility, and severity of compromise, emphasizing verified identification knowledge over static breach data for extra strong and real-time visibility into vendor threat.
Compromised Functions: Identifies the interior and third-party enterprise functions uncovered on malware-infected provider units to assist deeper investigation and threat evaluation.
Enhanced Vendor Administration and Communications: Facilitates sharing of actionable proof and detailed executive-level studies straight with distributors to collaboratively enhance safety posture, remodeling vendor relationships from adversarial scoring to collaborative safety.
Built-in Response: Leveraging SpyCloud’s console, groups now have entry to identification menace safety past the standard worker perimeter with this extension to suppliers, permitting analysts to answer workforce identification threats inside a single instrument.
SpyCloud Provide Chain Risk Safety is designed to assist a number of use circumstances throughout Safety Operations, Infosec, Vendor Threat Administration, and GRC groups.
Organizations can leverage the answer for vendor due diligence throughout procurement and onboarding, steady threat evaluations to strengthen vendor relationships, and accelerated incident response when vendor exposures threaten their very own environments.
“Safety groups and their counterparts throughout the enterprise are overwhelmed with vendor assessments, questionnaires, and threat scores that usually don’t translate to actual prevention,” stated Alex Greer, Group Product Supervisor at SpyCloud.
“Our prospects have typically reported that once they’re evaluating doing enterprise with a brand new vendor, they lack the actionable knowledge their authorized and compliance groups want for evidence-based determination making. That’s the place SpyCloud stands out. Surfacing verified identification threats tied on to vendor compromise, letting groups escalate to management when to limit knowledge entry and prioritize efforts for the best influence on lowering organizational threat.”
Not like present options that depend on exterior floor indicators and static scoring, SpyCloud gives menace knowledge derived from underground sources – the identical recaptured darknet identification knowledge that criminals actively use to focus on organizations and companies.
This basic distinction permits SpyCloud prospects to maneuver from passive threat acceptance to proactive and holistic identification menace safety.
To study extra about defending organizations from the exposures of distributors and suppliers, registration is open for SpyCloud’s upcoming Dwell Digital Occasion, Past Vendor Threat Scores: How you can Remedy the Hidden Identification Disaster in Your Provide Chain, on Thursday, January 22, 2026, at 11 am CT.
About SpyCloud
SpyCloud transforms recaptured darknet knowledge to disrupt cybercrime.
Its automated identification menace safety options leverage superior analytics and AI to proactively stop ransomware and account takeover, detect insider threats, safeguard worker and client identities, and speed up cybercrime investigations.
SpyCloud’s knowledge from breaches, malware-infected units, and profitable phishes additionally powers many fashionable darkish net monitoring and identification theft safety choices.
Clients embrace seven of the Fortune 10, together with lots of of worldwide enterprises, mid-sized corporations, and authorities companies worldwide.
Headquartered in Austin, TX, SpyCloud is house to greater than 200 cybersecurity specialists whose mission is to guard companies and customers from the stolen identification knowledge criminals are utilizing to focus on them now.
To study extra and see insights in your firm’s uncovered knowledge, customers can go to spycloud.com.
Contact
Media Specialist
Phil Tortora
REQ on behalf of SpyCloud
