Vendor Threat Monitor

Your vendor scores should not be equal.

Prevalent Vendor Threat Monitor Logo

Prevalent Vendor Threat Monitor™ (VTM) recognizes that when it comes to risk scoring, one size does not fit all. As such, it is important to tier vendors based on a broader context of their engagement with an organization and the inherent risk they pose, rather than an arbitrary score. This tiered approach provides a systematic way of determining what level of oversight is appropriate for an organization, minimizing unnecessary investigations and allowing more efficient use of resources.

Download the Prevalent Vendor Threat Monitor™ Data Sheet to learn more.


NEW!  VendorThreatIQ™ is a groundbreaking scoring methodology that provides insight into the security investments vendors are making in advanced technologies designed to rapidly detect and isolate cyber attackers behind the firewall.

The VendorThreatIQ metric is a combination of two related scores:

  • Threat Investment Quotient (TIQ) – TIQ is based on several factors, including an analysis of a vendor’s investment in advanced security technologies designed to detect and isolate APTs and other modern attack vectors. TIQ is presented via a score that accounts for a vendor’s security technology investment relative to peer organizations.
  • Potential Threat Impact (PTI) – PTI combines TIQ with other factors like industry and company size, and IT budget spending to provide insight into the likelihood that a vendor will be the victim of a damaging breach.


Download the Prevalent VendorThreatIQ™ Data Sheet and Frequently Asked Questions to learn more.

  • Overview

  • Key Features

  • Vendor Risk Score

  • Aggregration

  • Analysis

  • Risk Identification

The enhancements that Prevalent has built into Prevalent Vendor Threat Monitor™ (VTM) provide for more intelligent tiering based on vendor risk criteria collected during a pre-assessment.

Prevalent VTM is an additional security layer that works with either Prevalent Vendor Risk Manager® or Prevalent Vendor Assess™. This solution allows organizations to continuously monitor key relationship risk areas, including:

Data Risk | Operational Risk | Financial Risk | Brand Risk | Regulatory Risk | Geographic Risk

Organizations using the Prevalent Vendor Risk Manager® service to assess vendors and service providers can opt to add Prevalent Vendor Threat Monitor™ to watch for potential risks that were identified. VTM will notify the risk manager associated with the relationship to determine whether the risk poses an actual threat to the organization. Data types that are part of this analysis include external data breach notification, IP reputation and malware for known domains, financial analysis, phishing attacks, regulatory issues, and other publicly available information.

  • Get real-time risk information about your third and fourth-party relationships.
  • Efficiently meet regulatory requirements for vendor monitoring.
  • Monitor technical, operational, data, regulatory and financial risks over time.
  • Identify potential risks before they become legal liabilities.
  • Continuously manage your third-party risks to compliment point-in-time assessments.
  • Receive notification of potential data breaches without being dependent on your third parties.
  • Integrates directly into Prevalent Vendor Risk Manager® (VRM) for easy use.
  • Now with Prevalent VendorThreatIQ™!

Calculating a Risk Score

Since the nature of your relationship with a vendor may differ from other organizations, the risk they pose may also differ. Without taking into account the services your vendor provides to your organization specifically, a vendor risk score may not be indicative of the risk they pose to your organization. The only way to effectively quantify vendor risk is by taking into account the unique context of your engagement with that vendor and to assign a score that is based on that specific context.

Graph: Calculating a Vendor Risk Score

Prevalent Vendor Threat Monitor™ (VTM) is a dynamic, vendor risk intelligence platform that monitors key threat events which can potentially impact your vendor, your data, or your business. VTM aggregates key threat information from multiple external sources, such as:

  • IP Reputation
  • Credit
  • Malware
  • Financial
  • Stock Market
  • Government Watch
  • Data Disclosures
  • Web Discovery

Prevalent Vendor Threat Monitor™ helps identify potential risks, scores these risks across multiple risk areas, and notifies your organization’s vendor relationship owners. VTM performs analysis of all events to determine the impact based on historical data and the significance of the outcome. For example, in a data breach, Prevalent Vendor Threat Monitor™ analyzes the number and types of records exposed, the industry, historical costs per record lost, and the current financials of the custodian organization to determine the residual risk.

As Prevalent Vendor Threat Monitor™ identifies risk events, your organization prioritizes sensitive elements of the vendor engagement which require monitoring and notification. Based on this information, VTM provides customized notifications and risk scores tailored to your specific risk requirements.

Simply put, Prevalent Vendor Threat Monitor™ adds relevance to your score.