Breach Scanner · Continuous security ratings

Watch every vendor's security from the outside. Continuously, not once a year.

Breach Scanner adds a continuous outside-in security rating to your vendor programme. It grades each supplier across nine security domains, updates as their posture changes, catalogues publicly reported breach events, and alerts you the moment something material moves, so a vendor's deterioration reaches you in a day, not at the next audit. Generated entirely from publicly observable signals: no confidential data from you or your vendors is sent to produce a rating.

Outside-in, no data upload required to produce a ratingNine security domainsContinuous monitoring with material-change alerts

What is Breach Scanner?

Breach Scanner is Acuna's continuous security-ratings module for third-party risk. It produces an outside-in cyber risk rating for each vendor, a single score with an A-to-F grade across nine security domains, generated from publicly observable internet signals without requiring access to the vendor or any upload of confidential data. It catalogues publicly reported breach events, refreshes continuously, and raises alerts on material posture changes, so vendor security stays current between assessment cycles. It works alongside Supplier Shield's built-in security grade as the deeper, always-on monitoring layer.

A questionnaire tells you how a vendor looked the day they answered it.

Point-in-time assessments age the moment they are submitted. A vendor patches late, lets a certificate lapse, gets breached, and you find out at the next review, months later, or when it is already your incident.

Breach Scanner closes that window. It watches each vendor's external security posture continuously and tells you when it changes, so you are reacting to what is true today, not what was true at the last assessment.

Relevant for:DORANIS2ISO 27001

Continuous signal. Earlier warning. Prioritised action.

VENDOR ALERT · POSTURE DROP⚠ 2h ago
BD
Financial Platform
Next questionnaire 5 months away
DNS securityBD
Email securityBC

You learn about a problem in a day, not at the next review.

Ratings update continuously as a vendor's posture changes. A material drop or a newly reported breach raises an alert, so the news reaches you while you can still act on it.

Outside-in view · HR Platform
CDNS securityHigh
BWeb encryptionMedium
ANetwork filtering
Attacker-observable surface · no access to vendor required

You see security the way an attacker would.

The rating is built from what is observable from outside, the vendor's own attack surface, so it reflects real exposure rather than self-reported answers on a form.

Findings · sorted by risk
Critical
2
High
1
Medium
3

You act on what matters first.

Findings are graded by severity and prioritised, so your team and the vendor work the issues that carry the most risk, not an undifferentiated list.

DATA TRANSFER · RATING RUN
Generated from publicly observable signals
No vendor upload required
No confidential data sent to produce a score
Light privacy footprint · by design

You add it without sending data anywhere sensitive.

Because the rating comes from publicly observable signals, turning it on does not mean uploading your vendor list's confidential data to a third party to get a score. The privacy footprint is light by design.

Nine security domains. One grade per vendor.

Each vendor receives a single score with an A-to-F grade, built from assessment across nine domains of their public-facing security posture. Each domain carries its own sub-grade, and you can open a grade to see the prioritised findings behind it. Ratings are anchored to real-world performance, so a grade means the same thing from one vendor to the next.

Software patching

Application security

Web encryption

Network filtering

System hosting

DNS security

Email security

System reputation

Breach events

AExcellent
BGood
CFair
DPoor
FCritical

Publicly reported breaches, catalogued and dated.

Breach Scanner records publicly reported breach events against a vendor, drawn from public reporting and disclosure, with the date and nature of the event. A new breach on a vendor you depend on raises an alert and shows up against their record, so whether this supplier has been breached is a field you can see, not a question you have to go research.

The built-in grade, made continuous and deeper.

Supplier Shield already gives every vendor a security grade with a breach-exposure signal built in. Breach Scanner is the deeper layer on top: more security domains, continuous updates as posture changes, material-change alerting, and prioritised remediation you can track.

Use Supplier Shield's grade as your baseline on every vendor, and Breach Scanner where you need always-on monitoring and earlier warning on the vendors that matter most.

Supplier Shield

Baseline grade on every vendor

  • Security grade on every vendor
  • Breach-exposure signal included
  • Part of the core TPRM workflow
  • Assessment history and audit trail
Breach Scanner

Always-on monitoring layer

  • Nine domains, continuous updates
  • Material-change and breach alerts
  • Prioritised findings and remediation
  • Deeper outside-in signal
Part of the Acuna platform:ComplyImplementOperateAssurePlatform overview

Built for the people watching the supply chain.

CISO / Head of Security

Keep a live, attacker's-eye view of every critical vendor.

Get told when a vendor slips, instead of discovering it at the next review.

Third-Party Risk Manager

Move from annual snapshots to continuous monitoring.

Focus on the vendors that carry the most risk, with prioritised actions you can share and track to closure.

Compliance / Audit Team

Show continuous third-party security monitoring.

When a regulator or auditor asks how you keep vendor risk current between assessments, you have an answer.

Common questions about Breach Scanner.

See it on your own vendors.

Get a demoSee Supplier Shield →