Large companies’ security operations focus on more than just their own internal infrastructure. They also individually vet each supplier to ensure they don’t introduce any unnecessary risks into the picture, a historically time-consuming task that CyberGRX Inc. is looking to automate.

The startup has raised $20 million in funding today from a group of investors led by Bessemer Venture Partners to fuel its push. CyberGRX runs an exchange that offers on-demand access to security information about more than 10,000 suppliers. If a company isn’t on the list, users can commission the startup to perform an assessment that it claims costs less than an in-house audit.

The process is carried out by a dedicated team that updates supplier entries every quarter to stay on top of new security developments. For convenience’s sake, key details from the profiles that a company uses are visualized in a centralized dashboard designed to provide a high-level view of supplier-related threats.

The console displays what percentage of a firm’s suppliers run a serious risk of falling victim to hackers, breaks down the data by service and shows the affected assets. CyberGRX can even estimate what type of attack a given provider is most likely to suffer based on past breaches in its industry.

When a company’s security personnel identifies a security risk, they can consult the recommendation engine that the startup built into its exchange about how to approach the issue. CyberGRX uses machine learning algorithms to generate customized remediation suggestions based on the nature of each threat. Moreover, the platform packs a notification mechanism that can alert security teams whenever something changes.

CyberGRX claims that its approach thus eliminates much of the manual work normally involved in tackling third party risks, which allows companies to react faster and leave less time for hackers to attempt an attack. Suppliers, meanwhile, can close deals faster by making information about their security posture readily available on the startup’s platform.

CyberGRX’s pitch is endorsed by an impressive lineup of backers. Besides Bessemer, today’s funding round saw the participation of GV (formerly Google Ventures), MassMutual Ventures, Aetna Ventures about half a dozen others.

One of the fastest-rising players CyberGRX must contend with is SecurityScorecard Inc., which relies primarily on threat intelligence rather than custom assessments to grade companies’ security postures. The startup secured $20 million in funding last year from a consortium that likewise included GV.

Image: CyberGRX