Every vendor receives a live risk score (0–100) updated daily based on their external attack surface, breach history, dark web exposure, CVE patching behaviour, and security certifications.
Mitigata monitors dark web forums, breach databases, and threat intelligence feeds for any mention of your vendors. You're alerted within hours of a vendor breach — not when you read about it in the news.
Send and track security questionnaires (SIG Lite, CAIQ, custom) to vendors automatically. Mitigata pre-fills answers from publicly available data, reducing vendor response time significantly.
Mitigata maps your vendors' vendors — identifying concentration risk and hidden dependencies. Know when a single cloud provider failure or breach could cascade through your entire supply chain.
Generate TPRM reports pre-formatted for RBI IT Framework, SEBI CSCRF, DPDP Act, and ISO 27001 Annex A.15 — with evidence packages ready for auditors and board presentations.
Mitigata analyses vendor contracts and SLAs to flag missing security clauses — right to audit, breach notification timelines, data processing agreements, and subprocessor controls — before you sign.
Upload your vendor list via CSV, connect your procurement system, or let Gordon auto-discover vendors from your DNS, email headers, and network traffic. Onboard 500 vendors in minutes.
Gordon immediately scores every vendor across 200+ signals — attack surface exposure, breach history, dark web mentions, SSL/TLS hygiene, DNS security, and regulatory compliance status.
Scores update daily. You receive real-time alerts for score drops, breach detections, new CVEs affecting vendor infrastructure, and dark web mentions — via email, Slack, or webhook.
Send remediation requests directly to vendors from the Gordon console. Track their progress, enforce SLAs, and generate compliance reports for your board and regulators — all in one place.
A large insurance company had 340 vendors but no systematic way to assess their cyber risk for IRDAI compliance. Manual questionnaires took 3 months to complete annually.
Gordon onboarded all 340 vendors in 2 hours, scored them immediately, and identified 12 critical-risk vendors requiring immediate action. IRDAI compliance report generated in one click.
A manufacturer's logistics software vendor was breached. Without monitoring, they only found out 11 days later when their own systems showed anomalous access patterns.
After deploying Gordon, when a different vendor was breached 6 months later, they received an alert within 90 minutes — isolated the integration, rotated credentials, and avoided any data exposure.
An NBFC needed to demonstrate continuous vendor risk monitoring for RBI's outsourcing guidelines but had no tooling — relying on spreadsheets and annual reviews.
Gordon provided continuous monitoring with audit-ready logs, automated RBI-format reports, and a real-time dashboard the RBI examiner could access directly during the inspection.
Choose the plan that fits your team. Upgrade or cancel anytime.
For growing companies up to 100 employees. Core security, GRC, and insurance in one platform.
Start Free TrialFor companies with 100–500 employees. Expanded limits across all modules.
Start Free TrialFor large enterprises 500+ employees. Unlimited scale, dedicated support, and custom SLAs.
Talk to Sales| Features | Free | Startup $1,787/mo |
Mid-Market $3,382/mo |
Enterprise $6,607/mo |
|---|---|---|---|---|
| ▶Attack Surface Monitoring12 scans/year | ||||
| Monitored Assets (Domains, IPs, Mobile Apps) | — | 1 asset | 3 assets | 10 assets |
| Exposed subdomains & open ports | — | ✓ | ✓ | ✓ |
| SSL/TLS certificate health | — | ✓ | ✓ | ✓ |
| DNS anomalies & misconfigurations | — | ✓ | ✓ | ✓ |
| Web technology fingerprinting | — | ✓ | ✓ | ✓ |
| CVE & vulnerability scoring | — | ✓ | ✓ | ✓ |
| Continuous monitoring & alerts | — | ✓ | ✓ | ✓ |
| ▶SOC Monitoring24/7 | ||||
| Monitored Endpoints | — | Upto 100 | Upto 500 | Upto 2,000 |
| AI-powered alert triage | — | ✓ | ✓ | ✓ |
| Kill-chain reconstruction (MITRE ATT&CK) | — | ✓ | ✓ | ✓ |
| Automated response playbooks | — | ✓ | ✓ | ✓ |
| CERT-In 6-hour incident reporting | — | ✓ | ✓ | ✓ |
| Threat intelligence (IOCs, Campaigns) | — | 10 threats, 5 IOCs | 50 threats, 20 IOCs | Unlimited |
| ▶Workforce Risk & Security Awareness | ||||
| Monitored Employees | — | Upto 100 | Upto 500 | Upto 2,000 |
| Email phishing simulation | — | ✓ | ✓ | ✓ |
| Custom phishing templates | — | ✓ | ✓ | ✓ |
| Security awareness training + LMS | — | ✓ | ✓ | ✓ |
| ▶Dark Web Monitoring | ||||
| Monitored Keywords (brand, legal name, vendors) | — | 1 keyword | 1 keyword | 5 keywords |
| Tor forums, paste sites, Telegram channels | — | ✓ | ✓ | ✓ |
| Breach databases & data dumps | — | ✓ | ✓ | ✓ |
| Ransomware & APT group monitoring | — | ✓ | ✓ | ✓ |
| ▶Cloud Security & Billing Monitoring | ||||
| Cloud Instances Monitored | — | 1 instance | 2 instances | 5 instances |
| Misconfiguration detection (CIS 572 benchmark) | — | ✓ | ✓ | ✓ |
| IAM & privilege escalation checks | — | ✓ | ✓ | ✓ |
| S3 / Blob public exposure alerts | — | ✓ | ✓ | ✓ |
| Cloud billing tracking & optimisation | — | ✓ | ✓ | ✓ |
| ▶GRC & ComplianceAudit charges extra | ||||
| Compliance Frameworks | — | 2 frameworks | 4 frameworks | 5 frameworks |
| Automated control mapping | — | ✓ | ✓ | ✓ |
| AI gap assessment & remediation tasks | — | ✓ | ✓ | ✓ |
| Policy & procedure auto-generation | — | ✓ | ✓ | ✓ |
| Risk register automation | — | ✓ | ✓ | ✓ |
| AI-based internal audit & audit-ready reports | — | ✓ | ✓ | ✓ |
| Trust center | — | ✓ | ✓ | ✓ |
| ▶Third Party Risk Management (TPRM) | ||||
| Vendors Monitored | — | 100 vendors | 250 vendors | 1,000 vendors |
| AI security questionnaire dispatch & scoring | — | ✓ | ✓ | ✓ |
| Continuous external surface scan | — | ✓ | ✓ | ✓ |
| Breach & dark web alerts for vendor | — | ✓ | ✓ | ✓ |
| Risk rating (A–F) with trend | — | ✓ | ✓ | ✓ |
| ▶Gordon AI | ||||
| AI Credits / Tokens | — | 500 credits | 1,000 credits | 1,000 credits |
| Auto-generated risk narratives | — | ✓ | ✓ | ✓ |
| One-click remediation playbooks | — | ✓ | ✓ | ✓ |
| Executive summary generation | — | ✓ | ✓ | ✓ |
| AI-assisted questionnaire filling (CRQ) | — | ✓ | ✓ | ✓ |
| Threat intelligence summaries | — | ✓ | ✓ | ✓ |
| ▶Brand Intelligence & Takedowns | ||||
| Brand Assets Monitored | — | 1 asset, 20 keywords | 3 assets, 60 keywords | 5 assets, 100 keywords |
| Fake domain / phishing page / typosquat monitoring | — | ✓ | ✓ | ✓ |
| Reverse imaging / logo detection | — | ✓ | ✓ | ✓ |
| Social media & counterfeit listing monitoring | — | ✓ | ✓ | ✓ |
| Takedowns (Rogue app, DMCA, Phishing pages) | — | 25 takedowns | 100 takedowns | 125 takedowns |
| ▶Consent Manager (DPDPA) | ||||
| Unique Consents (website / mobile app users) | — | 25K consents | 100K consents | 500K consents |
| Granular consent collection & withdrawal | — | ✓ | ✓ | ✓ |
| 15+ platform integrations | — | ✓ | ✓ | ✓ |
| 22 Indian language translation (DPDPA Art. 18) | — | ✓ | ✓ | ✓ |
| Cookie scanner, data deletion & grievance requests | — | ✓ | ✓ | ✓ |
| Google Consent Mode V2 support | — | ✓ | ✓ | ✓ |
All plans include a 15-day free trial — no credit card required.
The question is whether it's Gordon watching over them — or an attacker already inside. Start monitoring your vendors today.
