Supply Chain Ransomware Exposure Monitoring

even with a strong ransomware prevention posture, it’s a virtual certainty that a member of your supply chain will be a victim at some point in the future, presenting potential threat exposures that come with unique risk to your business flare supply chain ransomware exposure monitoring solves this challenge by empowering you to identify and respond to these specific threat exposures within minutes of their appearance overview supply chain ransomware exposure monitoring is a platform feature that provides users with precise and timely information about the level of exposure their business has from ransomware attacks that have affected their third parties and extended supply chain last year, flare tracked over 5500 ransomware victims who were attacked by the 50+ most active ransomware groups including lockbit, cl0p, and alphv/blackcat when a victim can’t or refuses to pay, the attacker decrypts the data and exposes it for the world to see, often implicating the victim’s customers, partners, and third parties in the process key features visibility across known and unknown supply chain entities supply chain monitoring leverages flare's entire database of threat intelligence combined with information specific to your tenant to extend visibility into threats affecting third parties and even fourth parties rapid and precise risk determination ai powered file path analysis provides the foundation for quantifying risk associated with threat exposures found in supply chain ransomware incidents near real time monitoring and alerting flare’s platform contains a dynamic and world class collection of the most active ransomware groups and their platforms for disclosing attacks this data is constantly updated in near real time, meaning customers can be notified of threat exposures minutes after they have been disclosed boost grc efforts with tangible and contextual intelligence many compliance focused data sources related to third party risk are vague and lack precision or context flare's database off threat intelligence provides added context that is extremely valuable in a changing regulatory environment where higher standards around transparency around disclosing breaches are being applied how it works setting up identifiers supply chain monitoring will begin compiling relevant results and information automatically based on the identifiers in your tenant the supply chain monitoring page will show any ransom leaks that target 3rd party organisations in your supply chain that have leaked information that target you the supply chain monitoring page will not show ransom leaks for your own organisation to review what's been identified in your tenant so far, visit the supply chain monitoring page the supply chain analysis is only run for identifiers that have the "ransom leaks" category enabled results will only be found using domain and keyword identifiers therefore to see results in the supply chain monitoring page make sure you have set up keyword or domain identifiers with the "ransom leak" category activated note if the domain identifier is not in the post content (implying that the domain is not the target/victim) but is in the file paths of the ransom leak (meaning there are some files mentioning the domain) then the event will be shown in the supply chain table ignoring and remediating events if you ignore an event in the main event feed it will also be ignored in the supply chain table if you wish to view the ignored events in your supply chain table you can toggle to view them; see item 1 and 2 in the image below if you ignore an event in the supply chain table it will ignore the event in the main event feed if you remediate an event in the main event feed it will also be remediated in the supply chain table you will still be able to see the event in the table but it will have the remediated icon selected; see item 3 in the image below if you remediate an event in the supply chain table it will remediate the event in the main event feed as well related articles