Full Report
Recorded Future sees its inclusion in the 2026 Forrester Wave™ for Cybersecurity Risk Ratings Platforms as a reflection of a broader truth: the era of ratings-only vendor risk management is over.
Analysis Summary
# Best Practices: Intelligence-Driven Third-Party Risk Management (TPRM)
## Overview
Traditional TPRM relies on static questionnaires and "outside-in" hygiene scores. These practices address the shift toward **Intelligence-Driven TPRM**, which combines traditional security hygiene (patching, encryption) with active threat intelligence (dark web monitoring, credential leaks) to close the gap between compliance and active defense.
## Key Recommendations
### Immediate Actions
1. **Inventory High-Value Vendors:** Identify the "Top 50" third parties that have direct access to your network or handle your most sensitive data.
2. **Enable Dark Web Alerting:** Set up real-time monitoring for your primary vendors on extortion sites and dark web forums to detect compromises before official notification.
3. **Audit Credential Leaks:** Check for leaked employee credentials from your key vendors to prevent supply-chain credential stuffing attacks.
### Short-term Improvements (1-3 months)
1. **Integrate Hygiene and Threat Signals:** Combine vendor security ratings (patching, DNS, etc.) with threat intelligence to prioritize remediation. A vendor with poor hygiene *and* active dark web chatter is a high-priority risk.
2. **Transition to Continuous Monitoring:** Replace or augment quarterly/annual questionnaires with automated monitoring tools that alert on configuration changes or new vulnerabilities in real-time.
3. **Automate Alert Workflows:** Establish automated triggers that alert the SOC or Risk team when a vendor’s security rating drops below a critical threshold or they are mentioned in a ransomware post.
### Long-term Strategy (3+ months)
1. **AI-Driven Risk Analysis:** Implement AI tools to digest vast amounts of threat data and hygiene signals to "cut through the noise" and predict which vendors are most likely to be breached.
2. **Predictive Risk Modeling:** Move beyond current state assessments to anticipate risk trends based on industry-specific threat actor behaviors.
3. **Operationalize Third-Party Intelligence:** Integrate TPRM data directly into the Security Operations Center (SOC) so analysts can see if an internal alert involves a compromised third-party link.
## Implementation Guidance
### For Small Organizations
- **Focus on the "Critical Few":** Don't try to monitor 500 vendors. Focus intelligence efforts on the 5-10 SaaS platforms or MSPs your business requires to function.
- **Use Free/Lower-Cost Intelligence Feeds:** Leverage basic CVE monitoring and news alerts for your key vendors.
### For Medium Organizations
- **Standardize Hygiene Ratings:** Implement a platform to provide transparent, evidence-backed security ratings across at least 9 security domains (e.g., DNS, exposed services, patching).
- **Establish Vendor Communication Channels:** Create a pre-defined plan for how to contact a vendor when your intelligence tools flag a potential breach.
### For Large Enterprises
- **Unified Intelligence/Risk Platform:** Consolidate vendor hygiene data and threat intelligence into a single "pane of glass" to eliminate data silos.
- **Continuous Auditing:** Transition from "point-in-time" audits to persistent evidence-based monitoring across the entire digital supply chain.
## Configuration Examples
While specific code is not provided, the following configuration strategy is recommended:
- **Alert Criteria:** Set thresholds for **Hygiene Domain Drops** (e.g., notify if "Patching Cadence" score falls below 70%).
- **Threat Triggers:** Configure immediate alerts for **Vendor Name + Keywords** (e.g., "Leaked," "Database," "Ransomware," "Breach") across dark web sources and paste sites.
## Compliance Alignment
- **NIST CSF (Supply Chain Risk Management - ID.SC):** Aligns with the requirement to identify, assess, and manage supply chain risks.
- **ISO/IEC 27001 (A.15 - Supplier Relationships):** Supports the monitoring and review of supplier services.
- **CIS Controls (Control 15):** Service Provider Management.
## Common Pitfalls to Avoid
- **Treating TPM as a Compliance Box:** Relying solely on questionnaires leads to a "false sense of security" as responses are often outdated by the time they are filed.
- **Ignoring Hygiene vs. Intelligence:** A vendor may have excellent hygiene (patching) but still be a victim of a credential-based attack that hygiene scanners cannot see.
- **Information Overload:** Collecting data without actionable remediation guidance leads to "alert fatigue" for risk teams.
## Resources
- **Recorded Future Third-Party Risk Platform:** hxxps[://]www[.]recordedfuture[.]com/products/third-party-intelligence
- **RiskRecon (Hygiene Assessments):** hxxps[://]www[.]riskrecon[.]com/
- **Forrester Wave Research:** hxxps[://]www[.]forrester[.]com/report/the-forrester-wave-cybersecurity-risk-ratings-platforms-q2-2026/RES192714