SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
International Women’s Day
392 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Cinematic glowing network compromised node third party threats
#
Firewalls
#
Network Security
#
Advanced Persistent Threat Protection

Black Kite unveils ThreatTrace to bolster third-party risk

Fri, 30th Jan 2026
Author image
By Catherine Knowles, News Editor

Black Kite has launched ThreatTrace, a new feature that uses NetFlow and DNS telemetry to identify indicators of compromise in third-party environments and feed the findings into its cyber risk monitoring and ratings.

The company said the release expands its dataset with more than 1 trillion internet traffic flows. It said the additional telemetry gives risk teams more visibility into vendor-related threats and anomalies.

"The release of ThreatTrace reflects our continued commitment to building the most comprehensive and trusted data foundation for third-party risk intelligence," said Candan Bolukbas, CTO & Founder, Black Kite. "Internet traffic flows provide powerful signals of potential compromise. When an organization's digital assets repeatedly connect to known malicious infrastructure, high-risk regions, or unusual services, it's a strong indicator that something may be wrong - and teams need to act quickly."

NetFlow signals

NetFlow and DNS telemetry have long served as data sources for security operations teams. Organisations use them for investigation and to spot suspicious activity. Black Kite said ThreatTrace applies these sources to third-party cyber risk management.

Black Kite positioned the release as a first for the third-party cyber risk management segment. The company said other vendors in the category have not integrated this level of internet traffic flow visibility into ongoing third-party monitoring and cyber ratings.

New controls

Black Kite said ThreatTrace adds a new set of controls under its IP Reputation risk category. It said those controls draw on NetFlow and DNS telemetry.

The company also said ThreatTrace broadens the range of indicators of compromise and anomalies it can detect. It listed botnet-related activity, reconnaissance and command-and-control communication, and potential data exfiltration.

Supply chain view

Black Kite said ThreatTrace extends supply chain visibility by identifying new subdomains and connected third-party service providers. The company framed this as a way to expose previously unseen relationships in extended ecosystems.

The product announcement also included a set of detection types that Black Kite said ThreatTrace can surface for third-party risk teams.

For botnet infection, Black Kite said ThreatTrace identifies IP addresses that multiple threat intelligence sources have blacklisted. The company said such a pattern can suggest an internal asset has been compromised and is participating in malicious activity. It cited spamming, distributed denial-of-service attacks, and command-and-control operations as examples.

For suspicious outbound activity, Black Kite said the system correlates DNS queries to high-risk domains with network traffic from a company's IP addresses. It cited Tor sites, hacker forums, and command-and-control servers as examples of domains that may signal a compromise.

For active threat actor targeting, the company said ThreatTrace detects interactions between known malicious IP addresses and a company's digital assets. It said this could indicate reconnaissance or an attempt to attack.

The company also described a traffic baseline deviation category. It said ThreatTrace flags significant deviations from established traffic patterns. It cited unusual data volume spikes, connections to previously unseen high-risk IP addresses, and use of abnormal ports. Black Kite said these markers can indicate data exfiltration.

Black Kite also highlighted geopolitical and service risks. It said ThreatTrace identifies unauthorised services and suspicious data flows directed towards high-risk or sanctioned countries. The company said this can point to data leakage and compliance violations.

Ratings impact

Black Kite said the ThreatTrace detections feed into monitoring and ratings. The company framed this as a way for risk teams to take targeted action with vendors based on observed signals from internet traffic flows.

The launch comes amid a wider push by many organisations to tighten oversight of suppliers, cloud service providers and other external partners. Security teams often cite third-party access and supplier software as a common pathway for compromise.

Black Kite said ThreatTrace uses NetFlow and DNS telemetry as the basis for detecting new indicators of compromise and anomalies across third-party environments, and expects the expanded data foundation to inform deeper third-party risk insights and stronger cyber ratings.

Related stories
Sweep wins cybersecurity firms for Salesforce control
Xiid secures EV charging, healthcare AI & multi-cloud
AI-fuelled crime drives illicit funds to $4.4 trillion
AI agents drive surge in cyber threats & extortion
Zero Networks unveils real-time Network Map 2.0 tool

Top stories

Manifest tool boosts SBOMs for critical C & C++ code
Stryker probes global cyber attack via MDM systems
Global CISO Council launched to steer AI governance
MIND unveils Autonomous DLP Analyst to cut alert noise
DNSFilter adds DNS PreCheck to protect roaming staff