Supply chain, Black Hat

Meet Interos, the unicorn that wants to map your supply chain risk, from breaches to bankruptcies

Fuel holding tanks are seen at Colonial Pipeline’s Linden Junction Tank Farm on May 10, 2021 in Woodbridge, New Jersey. (Photo by Michael M. Santiago/Getty Images)

If there is any topic dominating discussions at Black Hat in Vegas, it's supply chain security. Many companies have solutions that could, potentially, close gaps among third-party suppliers and partners, but mapping a comprehensive risk profile of every company that touches a company's business remains a puzzle for many.

This explains the spotlight currently on Interos, a supply chain risk management and operational resilience technology company, which post pandemic saw inbound leads go up 500% without ever doing any outreach. The company announced earlier this month Series C financing of $100 million, led by Dave Dewalt's Night Dragon. The financing elevated Interos to official unicorn status, with a valuation of over $1 billion.

But CEO Jennifer Bisceglie is quick to point out that recent cash infusions aside, Interos has been around since 2005, bootstrapped for more than a decade. SC Media caught up with Bisceglie at Black Hat in Vegas to learn more about the technology, and the significance of the world waking up to the threat.

I know that the company describes the platform as automating the discovery and response to third-party risk in every tier of global supply chains. But can you talk to me a bit more about what that means?

Bisceglie: Whether it's COVID, which showed an over-reliance and concentration on different parts of the world to get our services and goods, or the Suez Canal, where you saw pretty much the entire world stop to watch a boat getting stuck and wondering if they needed to find alternative sources to get goods moving, or SolarWinds, where you had the CEO of FireEye literally face the nation and say it's an attack on the American supply chain, there's been a real maturity to realize it's not just the third-party that we need to care about. It’s knowing who's in your supply chain, who's behind that third-party, and then the importance of continuous monitoring. That's kind of what got us to today.

Yes, this has been a big year for you.

It was a big year and a half, but I started the company in 2005. My personal background is over 25 years. It became very clear to me back then that no one understood who had access to their stuff. And then, the internet comes along and now we're digitally connected to everyone. Interos doesn't view cyber as a destination, if you will, it's a digital supply chain versus building an airplane, which is a physical supply chain. So our platform is a very comprehensive view of both, and what we've done and why we received the evaluation we did is we built the world's largest business relationship graph. Independent of having a customer, we just ingest massive amounts of data and understand how businesses around the world are doing business with each other.

For example?

Examples of that could be buyer or seller, which is what most people think about supply chain. Those are two relationships for us. We look at investors and financiers to see who's backing who. We look at joint ventures and subsidiaries to see who might give somebody else a boom to a different market. There's about 41 different types of relationships that we've identified.

So your platform basically illustrate all of these relationships.

We do. We have the world's largest graph. Think of it like Google. When you type in a keyword in Google, it pops up with a bunch of websites. In our platform, you type in a company name, it visualizes all their global business relationships. And then, we monitor across six different risk categories.

So do you see this as a platform to supplement cyber tools in knowing what needs to be implemented and where?

It could be. We're a very good partner for the cyber companies. We partner with RiskRecon, SecurityScorecard, BitSight, CyberGRX. We provide a defense in depth. Cyber companies normally just ask for your third-party partners and they stop there. Because we're visualizing the fourth and the fifth and the sixth-party, we actually give our joint customers the ability to preempt. And that's the hope, right? That's how you do classic risk management 101, you push risk as far back as you possibly can. And that's what our platform enables you to do.

We map, and then for each of the companies, we monitor across six different risk categories. So we're saying, here's a company and they are red; but they're red, because they're having financial problems versus there's a cyber breach, versus there's a geopolitical concern. We have customers that come to us that can't have two of their critical suppliers located within 75 miles of each other. And so, [our platform] will visualize that and will monitor that for their procurement teams. And then, they'll also monitor the health of those companies. That's what we're able to do.

The last year and a half shines just a ridiculous spotlight on the supply chain. I have to imagine that contributed to the explosion of growth that you experienced. I mean, were you able to come forward and be like, "Yeah, we've been saying this for a really long time?”

We didn’t say that but…

But you could have.

So the positive for Interos as a company is we had a technology product in the market before COVID happened. And so, when COVID happened, our inbounds went up 500% without ever doing any outreach. From a company standpoint, we were able to very quickly work with customers to say, "We have a solution for you.” So remember I closed my series B the month before the United States started shutting down. We were able to take that $20 million and very quickly invest that into technology to take advantage of the biggest and the brightest, because we knew that this was the time to really move that technology to be at quick speed. That’s how things happen in the world.

The supply chain got very personal. People couldn't get paper towels and toilet paper and cleaning supplies. And when JBS got hit, Chris Krebs was on the news saying they couldn't get hot dogs. I had to stay home for two days because the pipeline got hit and I couldn't get gas. I said this back in March 2020, and I continue to say this: the companies that are going to come out strong are the ones that can stand on stage and show their shareholders, their employees, their business partners, Joe Public that, "You can trust me. I'm here to make the world a better place because I'm investing in my supply chain." And that's everything from disruption and cyber breach and ransomware situations to labor rights, ethical sourcing, and so on.

Really, this isn’t a cyber technology, but rather, contributing to a risk strategy.

Yes. Cyber is one of the six risk factors that we look at because, again, no longer can you separate the physical and the digital supply chain. Supply chains in the last year and a half operated exactly as they were built to do; they were built to be short, they were built to be just-in-time, and they were built to be very, very fragile. And Interos' belief and my personal belief is that the good news is we built them that way. So now we have the opportunity to build them more resilient. And we have a technology that leverages artificial intelligence and massive amounts of data to continuously map and monitor; and we're going to be going very quickly into modeling — not just saying, "here's an alert," but, "here's an alert, and if you take this action, this is the benefit or the risk.’

As a woman CEO in the startup community, you are a bit of a rarity. How has your experience been?

I came in as a subject matter expert; I don't know that anybody looked at my gender as much as "could I actually do what I said the company could do?" And I think that's the best any of us could ask for, to be honest with you. I will say that the last 24 months has really been about keeping our heads down and staying humble and working hard as a company. We have a lot of really good partners that really cheered us on to get to where we did and respect us a lot.

Last night I was at dinner and actually got introduced as one of the 4% of women in the world that built a company. It's funny that's how they're introducing me now. And I was like, "OK. You could just call me Jennifer."

Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.