Defensible edge · Posture Divergence Detection

When the questionnaire and live exposure disagree, you find out first.

Three-layer vendor scoring on every record — Business Criticality, Assessed Posture, Live External Exposure — with an explicit flag the moment they stop agreeing. No other platform in the market does this today.

See it on a live vendor
The three layers

One vendor. Three independent signals.

Most platforms collapse vendor risk into a single number. We keep three because they tell different stories.

01

Business Criticality

Set at onboarding. How critical is this vendor to your business processes? What data do they touch? What's the blast radius if they fail?

From your business context
02

Assessed Posture

From completed security questionnaires + supporting evidence + reviewer validation. What the vendor claims about their security.

From the vendor's own answers
03

Live External Exposure

From continuous external monitoring — exposed services, certificate health, patch hygiene, known incidents. What's actually true today.

From real-time observation
The divergence event

When assessed and live stop agreeing, the platform acts.

  1. 1

    Continuous comparison

    On every external scan tick, we compute the gap between assessed posture and live exposure. Vendors with stable posture stay quiet.

  2. 2

    Severity tiering

    Gaps above threshold are tiered Minor (informational), Moderate (review recommended), or Severe (immediate action).

  3. 3

    Auto-update + auto-task

    Severe events update the parent risk record (status, score, treatment plan) and auto-generate a remediation task assigned to the vendor owner.

  4. 4

    Reviewer validates

    Owner sees the divergence, the data behind it, and Effy's recommended action. They approve, override, or escalate. AuditLog captures every step.

Why no one else does this

The intersection no other platform sits at.

Some platforms have assessed posture. Others have live exposure. None have both on a unified data model with an explicit divergence flag.

CapabilityThirdsentryDrataVantaBlack Kite
Assessed posture (questionnaire-based)
Live external exposure (continuous monitoring)
Business criticality scoring
Explicit divergence flag
Auto-update parent risk record on divergence
Auto-generate remediation task on divergence
Severity tiering (Minor / Moderate / Severe)

Comparison reflects publicly available product information as of May 2026. Drata, Vanta, and Black Kite are registered trademarks of their respective owners. We've kept this table conservative — feature availability changes; the architectural pattern of running assessed and live signals on a unified data model is the moat.

Why this is a 12–18 month moat

The architecture has to come first.

Posture Divergence Detection isn't a feature you add — it's a consequence of running internal posture, vendor posture, and live external signals on a single data model. Most platforms in this space were built before AI mattered, with vendor risk bolted on after a SOC 2 product. Their architecture treats vendor risk as a separate module, with separate data, separate scoring, separate workflows.

Catching up means rebuilding the data model. That's not a quarterly roadmap item — it's a 12–18 month rewrite, while continuing to ship for existing customers. By the time competitors get there, divergence detection will be a year of refinement, design partner cycles, and audit-room reps ahead.

We're publishing this openly because the moat isn't the idea — the moat is the architecture. Anyone can copy the term. Replicating the workflow takes the unified data model that started on day one.

See it fire on a real vendor.

30-minute walkthrough. We'll pull a live external scan on a sample vendor and show you what divergence looks like in context.

Book a demo