LOADING…
E2E RiskPLATFORM
Platform  /  Datasheets  /  Supplier Security Rating
Outside-in attack surface

See every supplierthe way an attacker does.

A continuous outside-in rating across nine security surfaces, scored into one defensible A-F grade and a shareable trust page - the attacker’s-eye view that sits alongside your Supplier Assurance questionnaire, with no agent and no supplier effort.

All datasheets
9 surfaces scoredA–F letter grade0 agents to deploy
9

security surfaces, scored from the outside for every supplier - with no agent and no supplier effort. It is the other half of supplier assurance: what an attacker can already see, sitting alongside your questionnaire and turned into one defensible grade, refreshed continuously.

The challenge

Your assessment cannot see the attacker’s view.

The gap
An assessment is answered from the inside, at a point in time
No view of a supplier’s live external attack surface
New exposure or a breach appears between assessments
Premium ratings tools cost a fortune and sit in a silo
With E2E Risk
A continuous outside-in view of what an attacker sees
Nine surfaces scored into one grade, beside the assessment
Built in and fused with your questionnaire - one signal
The grade moves the day exposure changes
What it scans

Nine surfaces, one grade.

Keyless, passive checks against authoritative sources - nothing intrusive, nothing the supplier has to action.

Attack surface & exposure

Internet-facing services, open ports and forgotten infrastructure (Shodan InternetDB).

TLS & application security

Certificate and cipher strength (SSL Labs) plus headers, CSP and cookies (Mozilla Observatory).

DNS & email security

DNSSEC, resolver hygiene and SPF, DKIM and DMARC alignment.

Breach & infostealer exposure

Dark-web infostealer credentials tied to the supplier (Hudson Rock).

Reputation & compromise

Spamhaus, Barracuda and abuse.ch blocklists, plus ransomware-leak and botnet mentions.

Patching cadence

Open CVEs and time-to-patch trend - how quickly the supplier closes known holes.

At a glance

The numbers that matter.

9
surfaces in the rating
0
agents or supplier effort
A–F
shareable letter grade
24/7
continuously refreshed
How it works

From a domain to a defensible grade.

01
Discover
Domains & assets
Mapped per supplier
02
Scan
Keyless adapters
Passive, non-intrusive
03
Score
Nine surfaces
Severity-weighted
04
Grade
One A-F rating
Per surface + overall
05
Fuse
With SAQ evidence
One risk signal
06
Publish
Shareable trust page
Refreshed on change
Where it fits

A UK-public-sector answer to the ratings tools.

NCSC CAF v3.2B4 secure configuration and C1 security monitoring
ISO 27001:2022A.8 technological controls and vulnerability management
Cyber EssentialsBoundary firewalls, secure configuration and patching
NIST CSF 2.0Identify, Protect and Detect functions
NCSC Supply ChainVendor-risk principles for HMG and CNI suppliers
MITRE ATT&CKInitial-access exposure mapped to technique
What you get

Intelligence you can act on.

Portfolio rating view

Every supplier graded and ranked, with concentration of weak grades surfaced.

Per-supplier scorecard

The nine surfaces, the findings behind each and the trend over time.

Shareable trust page

A public, tokenised page a supplier can share to evidence its posture.

Next step

See your suppliers’ real grade.

A 30-minute walkthrough - we will rate your top suppliers live, no slides.

All datasheets →