Skip to main content
CybersecurityInfrastructure

SecurityScorecard Bolsters Internet Visibility with Driftnet Acquisition

Network operations center with large screen displaying internet map and analysts at workstations.

"Artificial intelligence has changed the attack surface in ways that have outpaced most security programs," Aleksandr Yampolskiy told ISMG.

Why SecurityScorecard bought Driftnet rather than licensing

SecurityScorecard, the New York–based third-party risk management vendor, has acquired Driftnet, an internet scanning startup, to gain deeper, real-time visibility into internet infrastructure and hidden exposures. Aleksandr Yampolskiy, co-founder and CEO of SecurityScorecard, said ownership lets the company "directly control data quality, attribution accuracy and future innovation." Rather than licensing reconnaissance data externally, SecurityScorecard plans to fold Driftnet into its internal intelligence pipeline to better support "evolving use cases tied to AI security, threat hunting and internet-scale visibility," he said.

Driftnet’s technical footprint: scope and claimed advantages

Driftnet, founded in 2019 and run by Ben Schofield, a former U.K. government researcher, is small — the company "employs fewer than 10 people" and has not disclosed outside funding. Yampolskiy described Driftnet as engineered to discover hidden infrastructure through highly targeted reconnaissance that maps relationships between configurations and identifies chained misconfigurations. He said Driftnet indexes about 40% more internet-exposed hosts than rival platforms and that it dynamically maps both IPv4 and IPv6 environments.

SecurityScorecard’s descriptions include specific scale figures: Driftnet monitors "more than 3 billion IP host-port combinations" and "more than 650 million domain names," data Yampolskiy said the company can now own and customize post-acquisition.

Operational examples: OpenClaw panels and an espionage campaign

SecurityScorecard highlighted concrete operational gains from Driftnet’s reconnaissance. Using Driftnet data, Yampolskiy said researchers "were able to use Driftnet technology and Driftnet data to get a live view of all the OpenClaw instances out there" and "instantly discover all the publicly accessible OpenClaw control panels" — a capability framed as closing a visibility gap where users deploy assistants but fail to secure them properly.

Yampolskiy also described how Driftnet helped SecurityScorecard respond to a Chinese espionage campaign involving "more than 1,000 infected operational relay boxes targeting U.S. infrastructure through compromised small office routers and edge devices." He said Driftnet’s visibility exposed malicious infrastructure attack patterns and uncovered activity the firm previously could not detect, enabling "much faster, smarter business decisions."

Integration strategy: Titan platform and standalone SKU

SecurityScorecard plans to integrate Driftnet tightly into its Titan platform while continuing to offer Driftnet as a separate product. Yampolskiy said customers want to consume the intelligence directly through APIs and integrate the data into "their own SOC environments, SIEMs and threat intel platforms." He added that "people love it as a standalone product, because they can put it into their SOC immediately," but emphasized the company’s preference for platform consolidation: "We're not in the business of having 10 standalone products."

The company will keep Driftnet as a distinct SKU that benefits from being part of the Titan platform, a model Yampolskiy framed as delivering platform-level benefits while preserving immediate operational utility for customers who want to ingest reconnaissance data directly.

What this means for financial services, large enterprises, and smaller organizations

SecurityScorecard positioned Driftnet as particularly attractive to large enterprises, financial institutions and public sector organizations that have the internal threat hunting teams to operationalize internet-scale reconnaissance and threat intelligence. "Those Tier Is can do more with the Driftnet data," Yampolskiy said — they can hunt, detect and protect more effectively and "see what the hacker sees."

By contrast, SecurityScorecard noted that smaller organizations "often outsource their SOC functions and may lack the internal resources necessary to fully leverage this type of intelligence." For those customers, the standalone SKU and API integrations could offer a route to ingest reconnaissance data into outsourced or third-party SOC services, but the company acknowledged that realizing Driftnet’s full value requires operational capacity.

Conclusion: targeted reconnaissance, owned data, and an eye on AI-driven risk

The acquisition signals SecurityScorecard’s bet that owning high-fidelity, internet-scale reconnaissance will matter as AI-driven tooling reshapes how assets are deployed and misconfigured. By bringing Driftnet in-house, the company aims to control attribution and data quality while feeding real-time reconnaissance into both compliance-focused TPRM teams and threat-focused SOCs. The near-term test will be whether SecurityScorecard can operationalize Driftnet’s claimed coverage — the "more than 3 billion IP host-port combinations" and "more than 650 million domain names" — in ways that measurably improve detection and response for the customers it highlighted, especially large financial institutions and public sector organizations.

Original story — GovInfoSecurity: SecurityScorecard Buys Driftnet for More Internet Visibility