Continuous Security Monitoring

External scanning services usually live in a separate console, disconnected from your vendor records and risk models. In Fair TPRM, dual SRS integrations are built into the platform — scores flow directly into FAIR™ analysis, vendor profiles, and the Cyber Todo dashboard.

UpGuard API Integration

Fair TPRM connects to the UpGuard API to pull comprehensive external security ratings across four key categories, giving you a validated outside-in view of your vendors' security posture on a 0–950 scale.

  • Website security analysis
  • Email security posture (SPF, DKIM, DMARC)
  • Network security evaluation
  • Data leak exposure monitoring
  • Letter grades A through F with admin-configurable thresholds
  • Historical score tracking and trend analysis
Grade A (Excellent) 850–950
Grade B (Good) 700–849
Grade C (Average) 500–699
Grade D (Poor) 300–499
Grade F (Critical) 0–299

Shodan API Integration

Fair TPRM connects to the Shodan API to perform deep internet intelligence scanning, applying a built-in five-category scoring system that evaluates vendor infrastructure from the attacker's perspective.

  • TLS/Crypto analysis (versions, ciphers, certificates, HSTS)
  • Network security (open ports, exposed databases, attack surface)
  • Application hardening (security headers, server disclosure)
  • Vulnerability exposure (CVE detection, CVSS severity scoring)
  • Email security (SPF, DMARC, DKIM validation)
  • Subdomain discovery with up to 20 subdomains and 25 IPs
TLS/Crypto Category 1
Network Security Category 2
Application Hardening Category 3
Vulnerability Exposure Category 4
Email Security Category 5

Tier-Based Auto-Rescoring

Vendors are automatically rescored on a schedule matched to their risk tier.

Vendor Tier Risk Level Rescore Interval Typical Vendors
Tier 1 Critical Every 30 days Cloud infrastructure, payment processors, core SaaS
Tier 2 Standard Every 90 days HR platforms, CRM systems, collaboration tools
Tier 3 Low-Risk Every 365 days Marketing tools, office supplies, non-data vendors

Advanced Monitoring Capabilities

Every signal is tunable. Every threshold is configurable. The monitoring engine adapts to your risk appetite, not the other way around.

Risk Waivers

Exclude specific findings per subdomain when a risk is accepted or represents a false positive. Waivers include documented reasons and are tracked in the audit log.

Traffic Light Ratings

Green (80%+ positive), Yellow (50–80%), Red (<50%) at-a-glance ratings make it easy for non-technical stakeholders to understand vendor security posture.

On-Demand Rescans

Trigger immediate rescans via the Shodan API when you need fresh data outside the automatic schedule. Results are available within minutes with full finding detail.

Configurable Signal Weights

Admin-customizable point values per scoring category let you tune the Shodan-powered scoring engine to match your organization's risk appetite. Weight TLS compliance higher than email security, or prioritize vulnerability exposure over network hardening — it's your call.

📊

Score History & Trends

Chart.js-powered visualizations show score history over time. Identify improving or degrading vendor security postures at a glance with trend lines.

CVE & CVSS Detection

The Shodan API's vulnerability data detects known CVEs on vendor infrastructure, with scaled penalties based on CVSS severity. Maximum penalty for CVSS 9.0+.

WAF & CDN Awareness

The Shodan API integration intelligently handles vendors behind web application firewalls and content delivery networks, avoiding false positives from infrastructure that doesn't belong to the vendor.

  • Cloudflare, Imperva, Incapsula, and Fastly detection
  • Special handling for proxied infrastructure
  • Email security only flagged when SMTP ports are actually open
  • Subdomain-level granularity for accurate attribution
Cloudflare Detected
Imperva Detected
Incapsula Detected
Fastly Detected
Max Subdomains Scanned 20
Max IPs Resolved 25

Your Risk Appetite. Your Scoring Model.

Every organization has different security priorities. A financial institution may weight TLS compliance and vulnerability exposure heavily, while a healthcare provider focuses on data leak monitoring and email security. Fair TPRM lets you configure exactly which signals carry the most weight in your scoring model.

  • Per-category point values for all five Shodan API scoring dimensions
  • Configurable grade boundaries for UpGuard API ratings (A through F thresholds)
  • Adjustable traffic light rating percentages (Green/Yellow/Red cutoffs)
  • Custom tier-based rescore intervals matched to your review cadence
  • Risk waiver system for accepted findings that don't fit your risk profile
  • Scoring changes apply retroactively to recalculate existing vendor grades
TLS/Crypto Weight Admin-Defined
Network Security Weight Admin-Defined
App Hardening Weight Admin-Defined
Vulnerability Weight Admin-Defined
Email Security Weight Admin-Defined
Grade Thresholds Configurable

Monitoring Is Just One Module

In a unified platform, continuous scoring feeds directly into vendor onboarding, FAIR analysis, and annual reviews — no integrations required.

Explore Vendor Lifecycle