Factor has launched its Supply Chain Detection & Response platform, which is now generally available.
The launch targets an area of cybersecurity that continues to attract significant spending but remains difficult for many organisations to manage. Suppliers and downstream partners have become a common route for attackers seeking to bypass stronger controls at larger enterprises.
Factor, which focuses on supply chain security, said its platform is designed to give organisations a single operational layer for monitoring and responding to cyber risks across networks of vendors, partners and service providers.
The company argues that the market remains fragmented, with businesses often relying on separate tools, teams and data sources to assess third-party and supply chain threats. As a result, security teams can end up working from static assessments and spreadsheets rather than continuous monitoring, particularly when incidents involve multiple organisations.
The platform draws on threat intelligence, risk intelligence, internal telemetry, supplier-provided signals and other third-party data. Factor said customers can change or add data sources without disrupting existing operations.
Supply chain focus
Factor said attackers are increasingly targeting smaller, less sophisticated suppliers as artificial intelligence expands the scale and speed of cyber attacks. Those attacks can then be used to disrupt operations, steal intellectual property and customer data, or support ransomware campaigns.
That trend has pushed supply chain security higher up the agenda for large companies, government bodies and service providers. Businesses have spent heavily on third-party risk management over the past 15 years, but the sector still lacks common standards and a shared operating model across enterprises and suppliers.
Factor is positioning its product as a way to bridge that gap. The platform is intended to help organisations move from periodic risk reviews to ongoing detection, prioritisation and response across the supply chain.
The product is aimed not only at enterprise security teams but also managed security service providers, consultancies and other service delivery partners. In that segment, Factor said automation and AI can support a more scalable operating model than traditional consulting-led approaches.
Founder's view
Jason Thompson, Founder and Chief Executive Officer of Factor, set out the company's view of the problem in a statement accompanying the launch.
"The industry has focused on generating more data and deploying more tools to address supply chain cyber risk and resilience, but that has not produced better outcomes. The telemetry needed to address critical supply chain cybersecurity issues already exists, but the industry's fragmented approach has driven costs higher while delivering poor return on investment. Factor was built to help organizations operationalize supply chain cyber risk management at scale. We are creating the connective tissue between enterprises, suppliers, service providers and intelligence sources so organizations can make better decisions faster and improve resilience across the ecosystem," Thompson said.
The launch comes as cybersecurity vendors sharpen their focus on operational problems that sit between organisations rather than solely within a company's own perimeter. Supply chain attacks have highlighted the difficulty of sharing signals, judging exposure and coordinating action when the relevant data is spread across several parties.
For buyers, one challenge has been deciding how to combine external intelligence with internal security telemetry and vendor information in a way that supports incident response. Another has been avoiding dependence on any one data provider while still maintaining a coherent view of risk.
Factor said its platform is built to serve as a central point for that process, ingesting and normalising multiple data feeds before presenting them in a single workflow for security teams. The company described this as an intermediary layer for cyber risk management across the supply chain.
While many vendors address parts of third-party risk, software supply chain security or threat intelligence, Factor is betting that customers want a broader operational system that ties those strands together. The commercial test will be whether security teams and service providers adopt that model in a market already crowded with specialised products.
The platform is available to enterprise security teams, managed security service providers and service delivery partners.