Security Ratings From SecurityScorecard
SecurityScorecard is the world’s most comprehensive platform for quantifying and reducing security risk.
Take Control Of Your Cyber Risk.
SecurityScorecard from Silicon gives you an outside-in view of your security posture so you can take action to improve or maintain it. The SecurityScorecard score is created by analysing across a wide range of risk factors, to give you an easy-to-understand rating, with actionable recommendations to mitigate risk and improve your score.
CONSISTENT DATA-DRIVEN SECURITY RATINGS
Gain an outside-in view of your security posture so you can take preventative action. Scoring is based on a trusted, transparent ratings methodology and data collected on millions of organizations.
Instantly evaluate and validate the security posture of your own organization and your third parties. SecurityScorecard Ratings help security teams measure and report on the effectiveness of their risk mitigation strategy.
Easy-to-read A-F ratings across ten groups of risk factors.
SecurityScorecard calculates and offers detailed reports on 10 factor scores, which group and describe different cyber risk aspects. These scores help security teams identify vulnerable areas and prioritize their remediation efforts effectively.
NETWORK SECURITY
The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network.
DNS HEALTH
The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.
PATCHING CADENCE
The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
ENDPOINT SECURITY
The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
IP REPUTATION
The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
APPLICATION SECURITY
The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.
CUBIT SCORE
The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.
HACKER CHATTER
The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.
INFORMATION LEAK
This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.
SOCIAL ENGINEERING
The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.
Measure Your Risk Profile.
MACHINE LEARNING TUNED RISK FACTORS
By utilizing a data-driven approach, SecurityScorecard is able to optimize the correlation between our security ratings and the relative likelihood of a data breach. This provides scores with more meaningful risk insights so that our users can make smarter business and security decisions.
After an extensive study, SecurityScorecard found that companies with an F SecurityScorecard rating are 7.7x more likely to incur a breach when compared to companies with an A.
What Can Security Scorecard Do For Your Business?
SCAN YOUR ATTACK SURFACE
Integrate attack surface, attribution, and deep threat intelligence into one unified platform for enhanced insights and quicker analysis of threat attacks.
INCIDENT RESPONSE
In times of crisis, having immediate access to intelligence, forensic, and response experts is vital
STRENGTHEN SECURITY POSTURE
Gain an outside-in view of your security posture so you can take preventative action.
GOVERNANCE REPORTING
Reports on security posture using metrics that tie the impact of cyber risk to business goals.
MONITOR SUPPLY-CHAIN RISK
Gain a ubiquitous view of cyber risk with unparalleled graphics giving you a full view of your ecosystem risk.
REDUCE CYBER INSURANCE COSTS
Determine the necessary amount of insurance required to sufficiently cover cyber risk
STAY IN COMPLIANCE
Continuously track adherence to current public and private sector security mandates, and detect potential compliance
THREAT INTELLIGENCE
Detect more unknowns, including those of your third-party vendors and how they pose a risk to your business with our cyber security threat intelligence solutions.
Scorecard-as-a Service Monthly Pricing.
MONTHLY SUBSCRIPTION
- Summary Report
- Issues Report
- Detailed Report
- Recommendations To Improve Score
- Email Alert When Score Changes
Summary Report is a 1-page PDF with the following information:
- Scorecard overview
- Industry comparison chart
- Vulnerabilities overview
Issues Report is a multi-page PDF with the following information:
- Scorecard overview
- 30-day score history
- Issues overview (“Action Items”)
- Issue descriptions
Detailed Report is a multi-page PDF with the following information:
- Introduction to SecurityScorecard
- Scorecard overview
- 30-day score history
- Issues overview (“Action Items”)
- Issue descriptions
- Issue findings & details
SecurityScorecard FAQ’s
What Are Security ScoreCard Ratings?
SecurityScorecard Ratings provide straightforward A-F ratings across ten risk factor categories. Built on a Software as a Service (SaaS) model, it offers visibility into your ongoing and evolving security vulnerabilities. Through an easily comprehensible scorecard, this risk management platform empowers your organization to continually monitor and evaluate the cyberhealth of your external online presence.
Leveraging proprietary techniques and a globally distributed network of both active and passive scanners, SecurityScorecard Ratings pinpoint the digital assets publicly associated with your organization. These assets are meticulously monitored for security issues in line with cybersecurity frameworks such as NIST and other widely accepted frameworks.
SecurityScorecard’s user-friendly A-F grading scale that is displayed on the scorecard equips you to not only curb the risk of breaches but also access and provide actionable insights for each surfaced issue. Not only does the solution facilitate streamlined monitoring of your organization, but also third parties (such as vendors, suppliers, peers, and competitors), granting you control over cyber risks within both you internal and external environments.
How Does Security Scorecard Calculate The Ratings?
SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Cloud-based assets are scanned every two hours. Other assets are scanned at a lower pace. In addition, we use domain name system (DNS) records, domain registration information, transport
layer security (TLS) certificates, and other data sources to find related domains and subdomains belonging to an organization. Notably, the attribution process identifies and removes from the scoring pipeline shared and low-risk assets, such as content delivery networks (CDNs) and
parked domains.
The scans reveal the possible presence of more than 40,000 different common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers, and more than 100 other types of cybersecurity flaws of varying severity. In addition, SecurityScorecard operates one of the largest
networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.
Leveling the playing field -size matters!
The organizations we scan have an enormous range in size, from a handful of web pages to a network of millions of IPs. A company with a large digital footprint (DF) has more ways of being attacked than a company with a small one. Therefore, if left alone, large organizations would have poorer scores than small ones. Meaningful comparisons would be difficult.
To level the playing field, SecurityScorecard developed a statistically robust method to adjust and compare scores for large and small organizations.
Where Does Security Scorecard Get Their Data ?
SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Cloud-based assets are scanned every two hours. Other assets are scanned at a slower pace. In addition, we use domain name system (DNS) records, domain registration information, transport layer security (TLS) certificates, and other data sources to find related domains and subdomains belonging to an organization. Notably, the attribution process identifies and removes from the scoring pipeline shared and low-risk assets, such as content delivery networks (CDNs) and
parked domains.
The scans reveal the possible presence of more than 40,000 different common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers, and more than 100 other types of cybersecurity flaws of varying severity. In addition, SecurityScorecard operates one of the largest
networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.
Leveling the playing field – size matters!
The organizations SecurityScorecard scan’s have an enormous range in size, from a handful of web pages to a network of millions of IPs. A company with a large digital footprint (DF) has more ways of being attacked than a company with a small one. Therefore, if left alone, large organizations would have poorer scores than small ones. Meaningful comparisons would be difficult.
Who Is SecurityScorecard ?
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 12 million companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting.
SecurityScorecard continues to make the world safer by transforming how companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated. Thousands of organizations leverage our patented rating technology for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. But we don’t stop there. Through a customer-centric, solution-based commitment to our partners, we are transforming the digital landscape building a path toward resilience.
What Is Included In The Subscription ?
Silicon has partnered with SecurityScorcard to provide an affordable, cybersecurity scorecard as a service. The service aims to provide organisations with a detailed, monthly snapshot of their security rating and how it relates to their security posture. Here is what is included:
Reports. The subscription consists of 3 monthly reports:
- The Summary Report. This is a 1-page PDF with security risk information that is ideal to present to a board or executive team to illustrate a snapshot of your organisation’s risk profile. The report consists of a Scorecard overview, industry comparison chart, and vulnerabilities overview
- The Issues Report. This is a multi-page PDF with the Scorecard overview, a 30-day score history, Issues overview (“Action Items”), and Issue descriptions.
- The Detailed Report. This is a multi-page PDF with the Scorecard overview, a 30-day score history, Issues overview (“Action Items”), Issue descriptions, and Issue findings & details.
Improve Score Plan. A detailed plan of steps that are required to improve your security score and risk profile.
Alerts. We will set up rule-based alerts to notify your organisation when it’s score changes.
To find out more about how SecurityScorecard can help you understand your organisations risk profile, call us today on 04 499 4999.