The blind faith required to purchase equipment from vendors who receive their parts from all over the world, including from countries that may have malicious intent directed at the United States, has now become a supply chain risk that’s evolving at a rapid pace. Due Diligence X© (DDX) was created with this in mind.


DDX performs both static and dynamic analysis where the threats are often lurking and could be activated at the time of installation or pre-programmed to activate at a specific date and time.

What's the problem?

Supply chain security has been overlooked for years and now at last, U.S. regulations are going into place to safeguard this massively overlooked vulnerability. For those who have recognized the vulnerability, there has been frustration over how to tackle such a huge undertaking.

Our Service

Due Diligence X as a service, does tens of thousands of security checks on your devices, software, firmware and hardware. The checks can include billions of indicators of compromises to x-ray analysis. This is the most comprehensive service on the market for verifying your third party vendors.

how does it work?

DDX as service involves you sending us your devices or your vendors can send them directly to Tophat Security’s laboratories.

Due to the flexibility of the DDX service, customization is available to fit into your process. Please reach out to us for more details.



How Long Have We Been Doing Cyber Supply Chain Security?

Great Question! We saw the cyber threat involving supply chain security first hand 6 years ago and started right then and there to develop and implement a model and platform to handle the risk associated with these vulnerabilities and threats.

DDX is a straightforward and tested product that does NOT involve a massive change to internal procedures. It is designed to help you protect your assets including appliances, servers, IoT (Internet of Things) and commodity IT hardware.

Tophat Security’s DDX product goes above and beyond standard static analysis by performing dynamic analysis as well.


Whether or not your organization is required to follow NERC regulations, there is no denying they were designed to safeguard and protect vital components. Due Diligence X addresses one of the most important North American Reliability Corporation requirements, NERC’s Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management.

Viewed from a wider perspective, Due Diligence X is changing the game in cyber supply chain security. Join us as we change the Future of Cyber Supply Chain Security!