What is unique about SecurityScorecard attribution?
SecurityScorecard has an automated attribution strategy whereas other companies rely on a more manual strategy.
Some organizations use a manual attribution strategy in lieu of an algorithm. With human analysts at the heart of their process, they can only offer a snapshot of a moment in time.
This approach may have been a sufficient way to proceed before, but with more and more organizations moving their workload the cloud, the environment becomes more dynamic. For example, Google’s cloud, Mobile networks, Wi-Fi networks change every day if not every hour.
If everything you are interested in monitoring is highly dynamic, you need an attribution strategy that can follow change dynamically. We chose to accept the dynamic nature of the internet — and invest heavily in an intelligent, automated attribution strategy that can do just that.
What is the difference between SecurityScorecard and a vulnerability scanner?
We’re not trying to point out all of your vulnerabilities. What we’re trying to do is get just enough data on an organization to understand healthy and unhealthy behaviors. At the end of the day, SecurityScorecard is built to save you time during on-boarding and ongoing monitoring of third parties when answering questions about which third parties deserve a second look, deeper scrutiny, or follow-up in order to dig in and ask the harder questions. There are many signals that we could detect that tell us about precise vulnerabilities. However, what sets us apart is that we’re more interested in finding out how good the organization is at understanding their assets, identification, protection, detection, response, and repair.