RiskXchange
Platform · Supply chain detection & response

Detection and response, extended into the supply chain.

EDR watches the endpoint. XDR widens the lens to the network. SCDR pushes it past the perimeter — into the vendors, sub-processors and fourth-party hops where most modern breaches actually start.

The reality

The numbers your team already knows.

Endpoint and network detection close two of the three doors. The third — your supply chain — is where ransomware operators and nation-state actors increasingly live, because nobody else is looking.

60%+
Of major breaches now involve a third or fourth party
Industry estimate
11 days
Average time to act on a vendor-side breach signal
Industry average
24/7
How often The Agency watches the supply chain on your behalf
The agents that drive this

REX detects. TARA tiers. NOVA closes the loop.

SCDR is a three-stage workflow: detect the supply-chain event, decide what it means, and act on it without waiting for someone to draft an email. The Agency runs all three.

REX avatar
REX
Risk & Breach Intelligence

The detection layer for everything outside your perimeter. REX continuously watches your vendors and their vendors — attack surface, breach signal, dark-web mentions, fourth-party exposure — and ranks every event by impact before it lands in your queue.

What you get
  • Continuous outside-in scanning across 5M+ companies
  • BreachWatch + dark-web correlation, ranked by vendor impact
  • Fourth-party discovery — the chain hop you didn't know existed
TARA avatar
TARA
Tiering & Remediation

Decision logic on top of the detection feed. TARA decides what each event means for that vendor's tier and your regulatory posture, then opens an SLA-bound remediation track in your ITSM — so a critical-tier breach doesn't queue behind a low-tier banner grab.

What you get
  • Smart tiering weighted by inherent risk
  • SLA-driven remediation in ServiceNow, Jira, Asana
  • Regulatory-aware response — DORA, NIS2, ISO 27001 framings included
NOVA avatar
NOVA
Vendor Relationship Manager

Vendor-side action, on the channel they actually use. When the issue belongs to a vendor, NOVA reaches out across email, WhatsApp or in-app chat — subject to your autonomy mode — and tracks the response back into the same workflow.

What you get
  • Three-channel vendor outreach when the issue is theirs
  • Customer can join any conversation NOVA opens
  • Action loop closes inside your ITSM, evidence linked back
What changes

From alerts firehose to closed loop.

SCDR turns the supply chain from the part of TPRM that gets reviewed quarterly into the part that's monitored continuously and actioned automatically.

Detection happens twenty-four-seven

REX watches every vendor in the portfolio (and their vendors) without a duty rota. Material events surface in real time, not at the next review window.

Triage stops being a meeting

TARA decides what the event means against tier and regulatory framework, and opens the right ticket in the right place automatically.

Vendor outreach happens

NOVA tells the vendor on the channel they read. Your team stops drafting incident emails and starts reviewing the response.

Audit trail composes itself

Every detection-to-resolution loop links back to the originating signal. When the regulator or board asks "how did we respond to X?" the answer is already structured.

We had a leaked-credential dump matched to a Critical-tier vendor inside two hours of REX seeing it — and NOVA had the vendor's CISO on a call before our team had finished triaging it.

AH
Group CISO
Multinational logistics

See it on your vendors.

Book a 30-minute call and we'll have NOVA, ARIA and REX produce a complete posture report on one of your live vendors inside 24 hours.