Perimeter.net’s cover photo
Perimeter.net

Perimeter.net

Computer and Network Security

Minnetonka, MN 1,758 followers

Painless VRM for small teams in regulated industries. Fast onboarding. Zero-trust assessment. Continuous monitoring.

About us

Built to Eliminate the Pain
of Vendor Risk Management. Our Mission Is Simple: deliver painless, real-time vendor risk management through one integrated platform - from onboarding to assessment to continuous monitoring. We give teams the tools they need to automate assessments, validate vendor responses, continuously monitor their attack surfaces, and respond to issues before they escalate - all without adding headcount, complexity, or overhead. We were founded to fix the inefficiencies and blind spots plaguing traditional VRM programs - programs that are too slow to scale, too manual to trust, and too fragmented to protect against real-world threats. To learn more, visit us at https://perimeter.net/

Website
https://perimeter.net/
Industry
Computer and Network Security
Company size
11-50 employees
Headquarters
Minnetonka, MN
Type
Privately Held
Founded
2017
Specialties
Third-party Risk Management, TPRM Solution, Continuous Vendor Risk Monitoring, Vendor Risk Managed Services, Cybersecurity, Painless VRM, VRM, TPRM, and Vendor Risk Management

Locations

Employees at Perimeter.net

Updates

  • The Next Wave of HIPAA Enforcement Is Coming… And Vendor Risk Will Be at the Center. As regulators increase scrutiny around HIPAA compliance, third-party vendors and business associates are becoming a critical area of focus. A single gap in your vendor ecosystem can create significant security, operational, and regulatory exposure. The next wave of HIPAA enforcement will require more than annual assessments and check-the-box questionnaires. Organizations need continuous visibility into vendor risk, stronger verification processes, and the ability to identify issues before they become incidents. We explore what’s changing and why vendor risk management will be at the center of healthcare compliance strategies moving forward. Read the full blog below. #HealthcareSecurity #HIPAA #ThirdPartyRisk #VendorRiskManagement #Cybersecurity #HealthcareIT

    • No alternative text description for this image
  • The Canvas cyberattack wasn’t just a breach, it was an operational dependency failure. When one SaaS platform went down during finals week: • Universities postponed exams • Coursework became inaccessible • Millions of students were affected • Institutions scrambled for contingency plans The real lesson: organizations need continuous visibility into how critical vendors manage cybersecurity over time, not just annual questionnaires and trust-based attestations. In our latest BreachWatch, we break down: 🔹 What happened at Canvas 🔹 Why centralized SaaS creates concentrated risk 🔹 How continuous vendor monitoring changes the equation 🔹 What institutions should demand from mission-critical vendors Read the full analysis → link in comments.

    • No alternative text description for this image
  • Risk doesn’t wait. Neither should your vendor risk program. Most “continuous monitoring” only tells you after something goes wrong. At Perimeter, we help teams identify vendor risk earlier with: • AI-powered assessments • Real-time attack surface monitoring • Continuous validation of vendor security posture #Secure360 starts today and we’re live at Booth #305. Stop by and see what proactive #TPRM looks like.

    • No alternative text description for this image
  • Risk doesn’t wait. Neither should your vendor risk program. Most organizations are still relying on static assessments and “continuous monitoring” that only surfaces issues after the damage is done. At Perimeter, we help teams identify risk earlier with: • AI-powered assessments grounded in real documentation • Real-time attack surface monitoring • Continuous validation of vendor security posture • Dynamic workflows that reduce manual effort and speed up reviews The result is a more proactive approach to TPRM, one built to identify issues before they become incidents. We’ll be at Secure360 next week at Booth #305. Stop by and see what modern vendor risk management should look like.

    • No alternative text description for this image
  • You can't audit what you don't have the contractual right to see. If audit rights aren't defined before signing, you're limited to whatever a vendor chooses to share later. Key areas to lock down early: • Scope: what systems and controls you can review • Frequency: when audits can happen • Methodology: who performs the assessment And don't overlook fourth parties. If subcontractors handling your data aren't covered, critical risk stays hidden, especially with AI vendors layered across supply chains. A weak clause is just optics. Real audit language should include enforcement mechanisms for non-compliance. Do your contracts provide real visibility, or just the appearance of it? #VendorRisk #AuditRights #ThirdPartyRisk

    You can't audit what you don't have the contractual right to see. Without audit language in your vendor contracts, you're relying entirely on what they choose to disclose. And the window to negotiate is narrow — once a contract is signed, most vendors won't expand your access at renewal. Three things to lock down before the ink dries: • Scope: What systems, controls, and documentation you can review • Frequency: How often you can audit, whether annually or triggered by an incident • Methodology: Whether your internal team or a third-party assessor conducts the review Fourth-party coverage matters too. If your rights don't extend to subcontractors handling your data, work can get pushed to providers you'll never see. This is especially relevant now, as AI tools proliferate through vendor supply chains. Also, keep in mind that a clause without teeth is just boilerplate. Build in termination rights, payment holds, and financial penalties for non-compliance. Do your audit clauses give you real visibility, or just the appearance of it? #VendorRisk #AuditRights #ThirdPartyRisk

  • We’re heading to 𝗜𝗟𝗧𝗔 𝗘𝗩𝗢𝗟𝗩𝗘 𝟮𝟬𝟮𝟲. If your firm is being asked to prove vendor risk oversight, not just talk about it, stop by 𝗕𝗼𝗼𝘁𝗵 #𝟭𝟱 and meet the Perimeter team. We help legal teams simplify vendor risk management with AI-assisted assessments, continuous monitoring, and verified vendor intelligence - so you can move faster without losing confidence in your vendor ecosystem. At EVOLVE, we’ll be highlighting 𝗔𝗜 𝗔𝘀𝘀𝗲𝘀𝘀𝗺𝗲𝗻𝘁𝘀 𝟮.𝟬 and 𝗠𝗮𝗻𝗮𝗴𝗲𝗱 𝗦𝗲𝗿𝘃𝗶𝗰𝗲𝘀 for firms that need stronger vendor risk coverage without adding more administrative burden to lean teams. Looking forward to conversations around where legal tech is headed next - especially at the intersection of 𝗔𝗜 and 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.  • Booth #15  • April 30–May 2  • Gaylord Rockies Resort & Convention Center

  • Most organizations invest heavily in vendor onboarding—due diligence, risk assessments, and security reviews. But when the relationship ends, that focus fades. Common gaps include: • Undisabled user accounts • Active API tokens and VPN credentials • Shared credentials left unrotated • Data without certified deletion With no one monitoring it, these issues persist. The solution? Apply the same rigor as onboarding: a standardized checklist, contractual data deletion requirements, and a final verification step to confirm access is revoked. If a vendor is no longer under contract, they should no longer have your data or system access. Can you confirm that today? #CyberSecurity #VendorRisk #VendorOffboarding

    Most organizations pour resources into vendor onboarding — due diligence, risk assessments, security reviews. But when the relationship ends, that rigor disappears. The gaps left behind are predictable: • User accounts that never get disabled • API tokens and VPN credentials that stay active • Shared credentials nobody rotates • Company data with no certified deletion And unlike an active vendor relationship, no one's monitoring any of it. The fix isn't complicated… it just needs the same discipline as onboarding. A standardized checklist, contractual requirements for certified data deletion defined at onboarding, and a post-offboarding verification step to confirm access is actually revoked. If a vendor is no longer under contract, they should no longer have your data or access to your systems. Can you confirm both of those things today? #CyberSecurity #VendorRisk #VendorOffboarding

  • 𝗧𝗵𝗲 "𝗾𝘂𝗮𝗻𝘁𝘂𝗺 𝗰𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗶𝘀 𝟯𝟬 𝘆𝗲𝗮𝗿𝘀 𝗮𝘄𝗮𝘆" 𝗷𝗼𝗸𝗲 𝗵𝗮𝘀 𝗮𝗻 𝗲𝘅𝗽𝗶𝗿𝗮𝘁𝗶𝗼𝗻 𝗱𝗮𝘁𝗲. The technical case for urgency is specific: Leading cryptographers are now citing 2029 as a credible migration deadline - roughly 33 months from today. The infrastructure response is clear: migrate to ML-KEM and ML-DSA, treat RSA and ECDSA as legacy, don't waste time on hybrid signature schemes that add complexity you no longer have runway for. But there's a third-party risk dimension we haven't seen discussed. "𝗦𝘁𝗼𝗿𝗲-𝗻𝗼𝘄-𝗱𝗲𝗰𝗿𝘆𝗽𝘁-𝗹𝗮𝘁𝗲𝗿" 𝗮𝘁𝘁𝗮𝗰𝗸𝘀 𝗱𝗼𝗻'𝘁 𝗰𝗮𝗿𝗲 𝘄𝗵𝗲𝘁𝗵𝗲𝗿 𝘆𝗼𝘂𝗿 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗶𝘀 𝗾𝘂𝗮𝗻𝘁𝘂𝗺-𝗿𝗲𝗮𝗱𝘆. If adversaries are already harvesting encrypted data moving through your vendor ecosystem - contracts, PHI, financial records, credentials - the exposure clock started the moment they captured it. Quantum capability is just when it becomes readable. 𝗧𝗵𝗲 𝗾𝘂𝗲𝘀𝘁𝗶𝗼𝗻 𝗶𝘀𝗻'𝘁 𝗼𝗻𝗹𝘆 "𝗮𝗿𝗲 𝘄𝗲 𝗺𝗶𝗴𝗿𝗮𝘁𝗶𝗻𝗴 𝗼𝘂𝗿 𝗰𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝗶𝗰 𝘀𝘁𝗮𝗻𝗱𝗮𝗿𝗱𝘀?" 𝗜𝘁'𝘀: 𝗱𝗼 𝘄𝗲 𝗵𝗮𝘃𝗲 𝗮𝗻𝘆 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻𝘁𝗼 𝘄𝗵𝗲𝘁𝗵𝗲𝗿 𝗼𝘂𝗿 𝗰𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝘃𝗲𝗻𝗱𝗼𝗿𝘀 𝗮𝗿𝗲? Most TPRM programs aren't asking that question in assessments yet. Most vendors aren't volunteering the answer. 𝗧𝗵𝗮𝘁'𝘀 𝗮 𝗴𝗮𝗽 𝘄𝗼𝗿𝘁𝗵 𝗺𝗮𝗽𝗽𝗶𝗻𝗴 𝗻𝗼𝘄 - 𝗻𝗼𝘁 𝗶𝗻 𝟮𝟬𝟮𝟴 𝘄𝗵𝗲𝗻 𝘁𝗵𝗲 𝘂𝗿𝗴𝗲𝗻𝗰𝘆 𝗶𝘀 𝘂𝗻𝗱𝗲𝗻𝗶𝗮𝗯𝗹𝗲. Link to cryptography engineer Filippo Valsorda's full analysis is in the comments. Worth the 10 minutes.

  • Most “continuous monitoring” in TPRM isn’t continuous. It’s breach alerts. By the time you’re notified, the damage is already done. At Perimeter, we take a different approach. We combine AI-powered assessments with true, real-time continuous attack surface monitoring, so teams can identify risk signals early and act before issues become incidents. That’s what we’ve built into Assessments 2.0: * Multi-source AI answers grounded in real documentation * Clear citations and conflict detection so you can trust the data * Smarter, dynamic assessments that adapt in real time * Recurring assessments that reuse prior answers to save time All backed by monitoring that validates vendor risk continuously, not after the fact. We’ll be at TPRA next week at Booth #24 and would love to show you what this looks like in practice.

    • No alternative text description for this image
  • Perimeter.net reposted this

    Thank you to the following organizations for becoming Level 3: Park Ranger sponsors of our 2026 Conference! • CoverbaseWhisticTenchi SecurityPanoraysPerimeter.netClarativeBlueVoyantSecureOS These organizations help us continue to bring valuable events to the TPRM community, providing a space for knowledge-sharing, benchmarking, and networking. Together with our dedicated members and attendees, we can advance the industry of third party risk as a whole. 📅 When: April 20 - 23, 2026 📍 Where: Denver, Colorado 🔗 Learn more & register: https://lnkd.in/eF2PQhfF #TPRM #TPRA2026 #ThirdPartyRisk #ConferenceSponsor #RiskManagementConference #PeaksandPitfalls

    • No alternative text description for this image

Similar pages

Browse jobs