• United States




Stop missing the vendor alerts you need

Sep 02, 20164 mins
AnalyticsCloud SecuritySecurity

How to better monitor your downstream vendors

The digital age has given birth to an abundance of news sources, some reporting quality journalism and others delivering only half truths, or worse. It’s a challenge to find the best source of information in our every day lives, and it’s an even greater challenge to find the most reliable technology to help security professionals do their jobs.

No doubt that third-party vendors (and every vendor in the expansive supply chain) pose risks to the enterprise, and experts advise security practitioners to use some solution that helps monitor their downstream vendors.

Lots of organizations rely on Google Alerts, but as more advanced AI technologies are developed, will there be newer more advanced solutions that can provide more accurate alerts?

Vikram Mahidhar, senior vice president for AI solutions at Rage Frameworks, said, “Major enterprises are literally using Google Alerts to monitor their downstream vendors. It’s somewhat well-known Google Alerts both A) misses large amounts of unstructured content, and B) forces companies to rely on workers to manually churn through results.”

In that churning process, there is a great likelihood that you are missing key signals about potential risk in your vendor chain, not to mention the resources that could otherwise be better used for more pressing assignments.

“They’re not able to capture the local town newspaper report that a mill in Wisconsin just laid off half its workforce, and they happen to be the manufacturer one of your key vendors relies on,” said Mahidhar.

Rage Frameworks is one of many AI solutions companies (because AI is all the rage these days). They have been working with companies around the globe using AI to monitor stock performance, evaluate contract agreements, spot revenue leakage and more. But lately, many enterprises have started to realize that with the increasing scale of their vendor network, there is no way they can monitor every digital news source across the globe.

“We can use AI to see if a supplier just laid off half their workforce, or if their downstream vendor is embroiled in a costly legal battle. These are the signals that – if detected early enough – could help a company address a threat in their network before it takes them out with it,” Mahidhar said.

Sifting through hundreds of thousands of sources and processing about a million pieces of information every day would be an impossible task for even an enormous team of human beings. “We are able to analyze all of this information at two levels–context and interpretation. We ask, What does it mean for supplier A and supplier B? Then we teach the machines how to read and interpret impact analysis,” Mahidhar said.

The machines work line item by line item and understands, then derives a conclusion based on all the facts to determine whether that set of events is negative or positive. For instance, said Mahidhar, “If there is a supplier of a software, and somewhere there is an article that mentioned a lawsuit was filed. The machine would read all that and understand the magnitude of the lawsuit. That is aggregated and transmitted into a signal.”

In the supplier risk market, there are lots of alerts that current technology doesn’t analyze using context and interpretation, so news about law suits and litigation, product recall, natural calamities, and other things that are going on, can go missing.

“The bigger thing is context and interpretation. AI solutions are performing a task that has never been performed before,” said Mahidhar.

If AI is able to put more scrutiny on the suppliers, the technology might be a better way for enterprises to monitor their vendor supply chain without having to rely on the use of critical resources. 


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author