Most TPRM tools ship the questionnaire and stop there. You buy scorecards from somewhere else, on a separate contract, with a separate procurement cycle and a separate annual renewal. Verisq doesn't work that way. LiveThreat is the platform's eyes — every vendor scored, every day, no second invoice.
Most vendor risk platforms don't run their own scanners — they pay a third party for scorecard data and pass the cost on to you as a separate line item. We built LiveThreat in-house. The proprietary scanning pipeline, the rating methodology, the breach feed, the historical preservation engine — all Verisq IP. Including it costs us less than charging you for it would.
Drop a domain in. The scanning pipeline runs DNS resolution, certificate enumeration, port discovery, sub-service identification, and external attack-surface correlation. The rating engine combines those observations against the proprietary methodology and produces the 250–900 score within thirty minutes. Daily re-scans catch drift — new CVEs in discovered components, expired certificates, fresh breach disclosures matching the vendor's domain.
The historical preservation engine captures every observation immutably. Every IP discovered, every certificate seen, every CVE matched, every score change is recorded with timestamps. Live tables stay current; the history stays canonical. When a vendor's logo or address gets nulled out by a transient enrichment failure, the preservation engine refuses the destruction. Sticky-by-policy on identity facts, newer-wins-if-richer on arrays, always-overwrite on time-current data — every field classified, every change audited.
When a vendor self-attests to a control posture that contradicts what LiveThreat observes externally, you get an alert. A vendor claims encryption-at-rest in their questionnaire response; LiveThreat sees them serving traffic on an unencrypted endpoint. That gap surfaces before the auditor finds it.
The rating methodology is documented and reproducible. Every score has its constituent observations, weights, and rationale captured in the AI Generation Log. When an auditor asks why vendor X is graded B and vendor Y is graded D, the answer reconstructs from the source observations — not from a vendor-told claim.
DNBL Free includes LiveThreat scorecards on 10 vendors with no expiration. RapidRisk and Enterprise unlock continuous monitoring across your full portfolio.