Factor has launched its Supply Chain Detection & Response platform, which is now generally available.
The launch marks Factor's entry into a market that has attracted sustained corporate spending as companies try to manage cyber risks linked to suppliers, contractors and other external partners. It is positioning the platform around the view that existing approaches have created more data and more tools, but not better control over threats that move through supply chains.
Supply chain security has become a persistent concern for large organisations because attackers often target smaller partners with weaker defences as a route into bigger enterprises. That risk has grown as companies rely on increasingly complex networks of software providers, service firms and outsourced operations. The use of artificial intelligence has also increased the speed of both attacks and defensive monitoring.
Factor's platform is designed to operate across an enterprise and its supplier network, drawing on data from multiple sources, including threat intelligence feeds, internal telemetry, supplier signals and third-party information. Customers can change or add data sources without disrupting existing operations, an approach intended to avoid dependence on a single provider.
The system also aims to unify operational workflows for supply chain cyber risk management, an area that remains fragmented across specialist vendors and internal teams. Many organisations still rely on a mix of questionnaires, spreadsheets and point products to assess suppliers, track incidents and coordinate responses, making it harder to identify material risks quickly.
Factor said the product supports continuous monitoring and response rather than static assessments. It is also targeting managed security service providers, consultancies and other service delivery partners that want to offer supply chain cyber risk services at scale.
Market gap
Factor argues that years of investment in third-party risk management have not materially reduced exposure. In its view, the problem is less a shortage of telemetry than the difficulty of linking data, decision-making and cross-organisational workflows across enterprises and their suppliers.
That thesis reflects a broader challenge in cybersecurity. Businesses may have visibility into parts of their own environments, but they often have limited insight into the security posture of suppliers and downstream partners. When incidents occur, they can require coordination across legal, procurement, security and operations teams, as well as communication with outside companies that may use different systems and standards.
Jason Thompson, Founder and Chief Executive Officer at Factor, outlined the company's position.
"The industry has focused on generating more data and deploying more tools to address supply chain cyber risk and resilience, but that has not produced better outcomes. The telemetry needed to address critical supply chain cybersecurity issues already exists, but the industry's fragmented approach has driven costs higher while delivering poor return on investment. Factor was built to help organizations operationalize supply chain cyber risk management at scale. We are creating the connective tissue between enterprises, suppliers, service providers and intelligence sources so organizations can make better decisions faster and improve resilience across the ecosystem," said Jason Thompson, Founder and Chief Executive Officer at Factor.
Broader pressure
The launch comes as boards and security leaders face rising pressure to show that cyber spending is reducing business risk rather than simply adding controls. Supplier-related incidents can interrupt operations, expose customer and proprietary data, and create knock-on effects across multiple businesses, making them difficult and costly to contain.
Unlike traditional security products aimed at a single company's perimeter or internal network, supply chain security tools must manage relationships between separate organisations. That requires not only technical data collection but also a framework for deciding which risks are material, who owns the response and how action should be coordinated beyond the boundaries of one enterprise.
Factor is seeking to build its business around that operational layer. It says its platform serves as a central point for cyber risk information across enterprises and their supply chains, with the goal of helping organisations detect, prioritise and respond to threats in real time.
The launch underlines how cybersecurity suppliers are trying to move beyond isolated detection tools towards products tied more directly to business processes and third-party exposure. For large organisations with sprawling supplier networks, that remains one of the hardest parts of cyber risk management.