Security Scorecard

Security Ratings From SecurityScorecard

SecurityScorecard is the world’s most comprehensive platform for quantifying and reducing security risk.

Take Control Of Your Cyber Risk.

SecurityScorecard from Silicon  gives you an outside-in view of your security posture so you can take action to improve or maintain it. The SecurityScorecard score is created by analysing across a wide range of risk factors, to give you an easy-to-understand rating, with actionable recommendations to mitigate risk and improve your score.

SECURITY RATINGS<br />
Consistent, data-driven ratings

CONSISTENT DATA-DRIVEN SECURITY RATINGS

Gain an outside-in view of your security posture so you can take preventative action. Scoring is based on a trusted, transparent ratings methodology and data collected on millions of organizations.

Instantly evaluate and validate the security posture of your own organization and your third parties. SecurityScorecard Ratings help security teams measure and report on the effectiveness of their risk mitigation strategy.

Easy-to-read A-F ratings across ten groups of risk factors.

SecurityScorecard calculates and offers detailed reports on 10 factor scores, which group and describe different cyber risk aspects. These scores help security teams identify vulnerable areas and prioritize their remediation efforts effectively.

NETWORK SECURITY

The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network.

DNS HEALTH

The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.

PATCHING CADENCE

The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.

ENDPOINT SECURITY

The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.

IP REPUTATION

The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.

APPLICATION SECURITY

The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.

CUBIT SCORE

The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.

HACKER CHATTER

The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.

INFORMATION LEAK

This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.

SOCIAL ENGINEERING

The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.

Measure Your Risk Profile.

Security Scorecard Breach Likelihood

MACHINE LEARNING TUNED RISK FACTORS

By utilizing a data-driven approach, SecurityScorecard is able to optimize the correlation between our security ratings and the relative likelihood of a data breach. This provides scores with more meaningful risk insights so that our users can make smarter business and security decisions.

After an extensive study, SecurityScorecard found that companies with an F SecurityScorecard rating are 7.7x more likely to incur a breach when compared to companies with an A.

What Can Security Scorecard Do For Your Business?

SCAN YOUR ATTACK SURFACE

Integrate attack surface, attribution, and deep threat intelligence into one unified platform for enhanced insights and quicker analysis of threat attacks.

INCIDENT RESPONSE

In times of crisis, having immediate access to intelligence, forensic, and response experts is vital

STRENGTHEN SECURITY POSTURE

Gain an outside-in view of your security posture so you can take preventative action.

GOVERNANCE REPORTING

Reports on security posture using metrics that tie the impact of cyber risk to business goals.

MONITOR SUPPLY-CHAIN RISK

Gain a ubiquitous view of cyber risk with unparalleled graphics giving you a full view of your ecosystem risk.

REDUCE CYBER INSURANCE COSTS

Determine the necessary amount of insurance required to sufficiently cover cyber risk

STAY IN COMPLIANCE

Continuously track adherence to current public and private sector security mandates, and detect potential compliance

THREAT INTELLIGENCE

Detect more unknowns, including those of your third-party vendors and how they pose a risk to your business with our cyber security threat intelligence solutions.

Scorecard-as-a Service Monthly Pricing.

Summary Report is a 1-page PDF with the following information:

  • Scorecard overview
  • Industry comparison chart
  • Vulnerabilities overview

Issues Report is a multi-page PDF with the following information:

  • Scorecard overview
  • 30-day score history
  • Issues overview (“Action Items”)
  • Issue descriptions

Detailed Report is a multi-page PDF with the following information:

  • Introduction to SecurityScorecard
  • Scorecard overview
  • 30-day score history
  • Issues overview (“Action Items”)
  • Issue descriptions
  • Issue findings & details

SecurityScorecard FAQ’s

What Are Security ScoreCard Ratings?

SecurityScorecard Ratings provide straightforward A-F ratings across ten risk factor categories. Built on a Software as a Service (SaaS) model, it offers visibility into your ongoing and evolving security vulnerabilities. Through an easily comprehensible scorecard, this risk management platform empowers your organization to continually monitor and evaluate the cyberhealth of your external online presence.

Leveraging proprietary techniques and a globally distributed network of both active and passive scanners, SecurityScorecard Ratings pinpoint the digital assets publicly associated with your organization. These assets are meticulously monitored for security issues in line with cybersecurity frameworks such as NIST and other widely accepted frameworks.

SecurityScorecard’s user-friendly A-F grading scale that is displayed on the scorecard equips you to not only curb the risk of breaches but also access and provide actionable insights for each surfaced issue. Not only does the solution facilitate streamlined monitoring of your organization, but also third parties (such as vendors, suppliers, peers, and competitors), granting you control over cyber risks within both you internal and external environments.

How Does Security Scorecard Calculate The Ratings?

SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Cloud-based assets are scanned every two hours. Other assets are scanned at a lower pace. In addition, we use domain name system (DNS) records, domain registration information, transport
layer security (TLS) certificates, and other data sources to find related domains and subdomains belonging to an organization. Notably, the attribution process identifies and removes from the scoring pipeline shared and low-risk assets, such as content delivery networks (CDNs) and
parked domains.
The scans reveal the possible presence of more than 40,000 different common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers, and more than 100 other types of cybersecurity flaws of varying severity. In addition, SecurityScorecard operates one of the largest
networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.

Leveling the playing field -size matters!

The organizations we scan have an enormous range in size, from a handful of web pages to a network of millions of IPs. A company with a large digital footprint (DF) has more ways of being attacked than a company with a small one. Therefore, if left alone, large organizations would have poorer scores than small ones. Meaningful comparisons would be difficult.

To level the playing field, SecurityScorecard developed a statistically robust method to adjust and compare scores for large and small organizations.

Where Does Security Scorecard Get Their Data ?

SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Cloud-based assets are scanned every two hours. Other assets are scanned at a slower pace. In addition, we use domain name system (DNS) records, domain registration information, transport layer security (TLS) certificates, and other data sources to find related domains and subdomains belonging to an organization. Notably, the attribution process identifies and removes from the scoring pipeline shared and low-risk assets, such as content delivery networks (CDNs) and
parked domains.

The scans reveal the possible presence of more than 40,000 different common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers, and more than 100 other types of cybersecurity flaws of varying severity. In addition, SecurityScorecard operates one of the largest
networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.

Leveling the playing field – size matters!

The organizations SecurityScorecard scan’s have an enormous range in size, from a handful of web pages to a network of millions of IPs. A company with a large digital footprint (DF) has more ways of being attacked than a company with a small one. Therefore, if left alone, large organizations would have poorer scores than small ones. Meaningful comparisons would be difficult.

Who Is SecurityScorecard ?

Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting.

SecurityScorecard continues to make the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com.

SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated. Thousands of organizations leverage our patented rating technology for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. But we don’t stop there. Through a customer-centric, solution-based commitment to our partners, we are transforming the digital landscape building a path toward resilience.

What Is Included In The Subscription ?

Silicon has partnered with SecurityScorcard to provide an affordable, cybersecurity scorecard as a service. The service aims to provide organisations with a detailed, monthly snapshot of their security rating and how it relates to their security posture. Here is what is included:

Reports. The subscription consists of 3 monthly reports:

  • The Summary Report. This is a 1-page PDF with security risk information that is ideal to present to a board or executive team to illustrate a snapshot of your organisation’s risk profile. The report consists of a Scorecard overview, industry comparison chart, and vulnerabilities overview
  • The Issues Report. This is a multi-page PDF with the Scorecard overview, a 30-day score history, Issues overview (“Action Items”), and Issue descriptions.
  • The Detailed Report. This is a multi-page PDF with the Scorecard overview, a 30-day score history, Issues overview (“Action Items”), Issue descriptions, and Issue findings & details.

Improve Score Plan. A detailed plan of steps that are required to improve your security score and risk profile.

Alerts. We will set up rule-based alerts to notify your organisation when it’s score changes.

 

To find out more about how SecurityScorecard can help you understand your organisations risk profile, call us today on 04 499 4999.