Vendor: SecurityScorecard
Price: $16,500 for a self-assessment plus 5 slots.
Contact: securityscorecard.com

Recommended

Quick Read

Strengths:
Provides remediation paths as well as customized plans to help reach the target security rating.
Weakness:
None that we found.
Verdict:
This product has some extremely useful unique features that any organization can leverage. Utilizing the score planning feature enables you to quickly and efficiently prioritize the issues that matter most to your organization. SecurityScorecard should be at the top of your list.

Rating Breakdown

SC Labs Reviews

Reviews from our expert team

Features:
Rating: %s
Documentation:
Rating: %s
Value for Money:
Rating: %s
Performance:
Rating: %s
Support:
Rating: %s
Ease of Use:
Rating: %s
Rating: 5.00/5 5.00/5

Summary

SecurityScorecard uses predictive AI analytics and a breach prediction algorithm to give an organization visibility into risk. It can rate any company in minutes, surpassing human validation, and globally locate company assets for digital footprint visibility. With a convergence of outside-in ratings, inside-out data and onsite audits, it provides tools and services to assist auditors with cyber risk assessment.

It quickly produces new ratings with transparent details, collaborative remediation, insurance underwriting, risk quantification, credit ratings integration, proxy advisory integration, marketing intelligence integration, catastrophe modeling and audit and advisory support. Actionable data shows best remediation paths and customized plans for achieving target security ratings using the Score Planner.

In Portfolio view you can see each company’s letter grade and security score with categorical score breakdowns (scorecard, history, issues, compliance, malware and digital footprint), discovered risks and details. Vendors have access to their own profile so they can resolve any issues found in this collaborative workflow. Breach risk is shown with a colorful graph of a multiplier score and corresponding risk health range. An action log lists issues contributing to breach risk, affected companies and exportable CSV files of issues specific to that portfolio.

Score Planning shows current scores and issues along with patching cadence, how many points a patch will recover for you, and the number of findings that will be remediated by a patch. This information is used for remediation prioritization and is gathered via passive scanning of the entire internet and by scrutinizing public sources for leaked credentials.

The Comparison Tool addresses key questions a board of directors may ask by breaking down 10 factors (network security, DNS health, endpoint security, IP reputation, application security, Cubit score, hacker chatter, information leaking and social engineering) used to assess your score against other companies. This is shown in a side-by-side view of how you stack up against your competitors along with general observations, historic trends and the risk severity of detected issues.

SecurityScorecard created CVE Details, an open source security research tool and database that was featured on an episode of the television series “Mr. Robot.” Approximately a quarter million security researchers visit the site every month, registering and researching product vulnerabilities. Security teams can look up products to see correlated vulnerabilities. This is an extensive database you can search to see common vulnerabilities and crawl public repositories of organizations to see information inadvertently leaked into the public domain.

Tested by Matthew Hreben