Managing cyber risk has become a strategic imperative, especially as supply chain threats grow more complex and interconnected.

SecurityScorecard Inc. is addressing the issue with a more transparent, continuous and data-driven approach to third-party security, according to Jason Thompson (pictured), chief operating officer of SecurityScorecard. 

SecurityScorecard’s Jason Thompson talks with theCUBE about the need for managing cyber risk in an innovative way.

“Companies right now are getting stuck at, ‘Hey, I see there’s something bad happening in my supply chain, but now what do I do with it?’” Thompson said. “From our perspective, if we can facilitate that and eliminate that friction, that becomes highly beneficial for organizations. By applying both of those things through a single platform or a single approach, we both have the third-party risk management and vendor risk management more and more focusing on the [security operations center] and security operations.”

Thompson spoke with theCUBE’s Dave Vellante at the RSAC 2025 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how SecurityScorecard helps in managing cyber risk. (* Disclosure below.)

Managing cyber risk with MAX

MAX, SecurityScorecard’s supply chain detection and response solution, helps organizations assess the likelihood of a breach. With real-time, actionable insights, companies can better prioritize remediation efforts, according to Thompson.

“The MAX product is more of a … very similar model to CrowdStrike [Falcon] Complete, where you’ve got something at the very top where you’d want a managed service to run that for you,” he said. “We find that a lot of organizations now are looking for something around a co-managed solution. The MAX product is our fastest-growing product right now. It takes the same data and telemetry we have in the security ratings platform, the scorecard platform, and we actually put a managed service on top of that.”

SecurityScorecard provides real-time, objective ratings — graded A to F — on an organization’s cybersecurity posture using data gathered from external sources. These ratings give companies a clearer picture of their external risk exposure, raising the bar for how cyber risk is managed, according to Thompson.

“When you think of ratings, that is really more of a risk management approach of saying, ‘I’m going to put something in a bucket of A, B, C, D [and]  F; I’m going to try to reduce my risk,”’ he said. “From our core of the ratings, we basically are looking at the issue, specific type issues, findings that you have in your supply chain, and then we take a detection response approach to that, much like [extended detection and response] and [managed detection and response] and apply response actions to those detection.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2025 Conference event: 

(* Disclosure: SecurityScorecard Inc. sponsored this segment of theCUBE. Neither SecurityScorecard nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE