SpyCloud, the leader in identity threat protection, announced the launch of its Supply Chain Threat Protection solution, an advanced layer of defense that expands identity threat protection across the extended workforce, including organizations’ entire vendor ecosystems. Unlike traditional third-party risk management platforms that rely on external surface indicators and static scoring, SpyCloud Supply Chain Threat Protection provides timely access to identity threats derived from billions of recaptured breach, malware, phished, and combolist data assets, empowering organizations – from enterprise security teams to public sector agencies – to act on credible threats rather than simply observe and accept risk.
Supply Chain Threat Protection addresses a critical gap in enterprise security: the inability to maintain real-time awareness of identity exposures affecting third-party partners and vendors. According to the 2025 Verizon Data Breach Investigations Report, third-party involvement in breaches doubled year-over-year, jumping from 15% to 30% primarily due to software vulnerabilities and weak security practices. As supply chain compromises continue to escalate, security teams need intelligence that goes beyond questionnaires and external scans to reveal active threats like phishing campaigns targeting their trusted partners, confirmed credential theft, and malware-infected devices exposing critical business applications to criminals.
For government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense Industrial Base suppliers had over 11,000 dark web exposed credentials – an 81% increase from the previous year. SpyCloud Supply Chain Threat Protection enables federal, state, and local agencies to identify when suppliers or contractors have been compromised – allowing them to take proactive measures before an identity exposure escalates into a matter of national security.
Also Read: STEER Tech and KINEXON Announce Strategic Partnership to Accelerate Autonomous Vehicle Innovation
“Third-party threats have evolved far beyond what traditional vendor assessment tools can detect,” said Damon Fleury, Chief Product Officer at SpyCloud. “Public and private sector organizations need to know when their vendors’ employees are actively compromised by malware or phishes, when authentication data is circulating on the dark web, and which partners pose the greatest real downstream threat to their business. Our new solution delivers those signals by transforming raw underground data into clear, prioritized actions that security teams use to protect their organization.”
Supply Chain Threat Protection enables organizations and agencies to continuously monitor thousands of suppliers, with each company’s threats enumerated in detail, and also represented in an at-a-glance Identity Threat Index. The Index is a comprehensive and continuously updated analysis that quantifies vendor security posture through the lens of identity exposure, from both active and historical phishing, breach, and malware sources, and surfaces which partners pose the most significant risk based on verified dark web intelligence.
SOURCE: PRNewswire