Every vendor receives a live risk score (0–100) updated daily based on their external attack surface, breach history, dark web exposure, CVE patching behaviour, and security certifications.
Mitigata monitors dark web forums, breach databases, and threat intelligence feeds for any mention of your vendors. You're alerted within hours of a vendor breach — not when you read about it in the news.
Send and track security questionnaires (SIG Lite, CAIQ, custom) to vendors automatically. Mitigata pre-fills answers from publicly available data, reducing vendor response time significantly.
Mitigata maps your vendors' vendors — identifying concentration risk and hidden dependencies. Know when a single cloud provider failure or breach could cascade through your entire supply chain.
Generate TPRM reports pre-formatted for RBI IT Framework, SEBI CSCRF, DPDP Act, and ISO 27001 Annex A.15 — with evidence packages ready for auditors and board presentations.
Mitigata analyses vendor contracts and SLAs to flag missing security clauses — right to audit, breach notification timelines, data processing agreements, and subprocessor controls — before you sign.
Upload your vendor list via CSV, connect your procurement system, or let Gordon auto-discover vendors from your DNS, email headers, and network traffic. Onboard 500 vendors in minutes.
Gordon immediately scores every vendor across 200+ signals — attack surface exposure, breach history, dark web mentions, SSL/TLS hygiene, DNS security, and regulatory compliance status.
Scores update daily. You receive real-time alerts for score drops, breach detections, new CVEs affecting vendor infrastructure, and dark web mentions — via email, Slack, or webhook.
Send remediation requests directly to vendors from the Gordon console. Track their progress, enforce SLAs, and generate compliance reports for your board and regulators — all in one place.
A large insurance company had 340 vendors but no systematic way to assess their cyber risk for IRDAI compliance. Manual questionnaires took 3 months to complete annually.
Gordon onboarded all 340 vendors in 2 hours, scored them immediately, and identified 12 critical-risk vendors requiring immediate action. IRDAI compliance report generated in one click.
A manufacturer's logistics software vendor was breached. Without monitoring, they only found out 11 days later when their own systems showed anomalous access patterns.
After deploying Gordon, when a different vendor was breached 6 months later, they received an alert within 90 minutes — isolated the integration, rotated credentials, and avoided any data exposure.
An NBFC needed to demonstrate continuous vendor risk monitoring for RBI's outsourcing guidelines but had no tooling — relying on spreadsheets and annual reviews.
Gordon provided continuous monitoring with audit-ready logs, automated RBI-format reports, and a real-time dashboard the RBI examiner could access directly during the inspection.
Choose the plan that fits your team. Third Party Risk features are highlighted below — scroll down to see the full platform included in every plan.
| Features | Free | Startup | Enterprise | Custom |
|---|---|---|---|---|
| ▶Overview(3 features) | ||||
| Gordon AI Credits (monthly) | 50 credits | 500 credits | 2,500 credits | Custom allocation |
| Dashboard | ✓ | ✓ | ✓ | ✓ |
| Account (User) Limit | 1 account | Up to 5 | Up to 20 | Unlimited |
| ▶Assess(7 features) | ||||
| Security Checklist (60-point) | Strong & Standard only | Dynamic + Analytics | Dynamic Checklist | ✓ |
| VAPT (Vulnerability Assessment) | — | — | 5 API + 10 Dynamic Pages | Custom |
| Third Party Risk | — | — | 3 vendors | Unlimited |
| Financial Impact — Risk Quantification | — | — | ✓ | ✓ |
| Financial Impact — Security ROI | — | — | ✓ | ✓ |
| Security Awareness (Phishing Sim + Training) | 5 Campaigns | 10 Campaigns | ✓ | ✓ |
| Cyber Force | — | — | On Demand | On Demand |
All other platform modules included | ||||
| ▶Identify(8 features)Other modules | ||||
| Monitored Domains | 1 | 5 | 20 | Unlimited |
| Monitored IPs | 5 | 50 | 500 | Unlimited |
| Monitored Web Apps | 1 | 5 | 20 | Unlimited |
| Tech & Services | ✓ | ✓ | ✓ | ✓ |
| Phishing Risk (Lookalike Domain + Email Security) | — | ✓ | ✓ | ✓ |
| Code Workspace (GitHub, GitLab, Bitbucket) | — | — | 2 Workspaces | Custom |
| Cloud Security Compliance | — | — | Single Cloud (3 instances) | Multi Cloud (10+) |
| Workforce Risk Monitoring | — | ✓ | ✓ | ✓ |
| ▶Monitor (SOC & Threat)(10 features)Other modules | ||||
| SOC Overview | — | — | 5 SOC Reports | ✓ |
| Alert Triage | — | — | 5,000 alerts/mo | Unlimited |
| Investigation | — | 50 investigations | Unlimited | ✓ |
| Threat Hunting | — | 1 exercise | Custom | Custom |
| Auto Response | — | — | ✓ | ✓ |
| Risk Monitoring | — | 5 Category dashboards | ✓ | ✓ |
| Threat Intelligence (Threats, IOCs, Campaigns) | — | 10 threats, 5 IOCs, 2 campaigns | Unlimited | Custom |
| Alert Center | — | ✓ | ✓ | ✓ |
| Brand Intelligence (Monitoring + Takedown) | 50 notifications | 1 Company monitoring | Full + Takedown | Full + Custom feeds |
| Dark Web Monitoring | Credential & Org Leaks | Industry + APT + Recent leaks | ✓ | ✓ |
| ▶Risk Transfer(2 features)Other modules | ||||
| Cyber Insurance | — | ✓ | ✓ | ✓ |
| Incident Hotline (24/7) | — | — | ✓ | ✓ |
| ▶Compliance (GRC)(2 features)Other modules | ||||
| GRC Module | 1 Policy creation | 1 framework | 3 frameworks | All + Custom |
| Unlimited Policy Generation | — | ✓ | ✓ | ✓ |
| ▶Extras & Integrations(3 features)Other modules | ||||
| Integrations | ✓ | 3 active | 15 active | All 26+ & Custom API |
| Marketplace | ✓ | ✓ | ✓ | ✓ |
| Credit Add-on Packs | — | ✓ | ✓ | ✓ |
| ▶Support & SLA(4 features)Other modules | ||||
| Support Channel | Docs only | Email (48h SLA) | Hotline + CSM (8h SLA) | 24/7 Engineer (1h SLA) |
| Dedicated Security Engineer | — | — | — | ✓ |
| White-label / MSSP | — | — | — | ✓ |
| API Access | — | — | — | ✓ |
All plans include a 15-day free trial — no credit card required.
The question is whether it's Gordon watching over them — or an attacker already inside. Start monitoring your vendors today.
