Main Site HUB FAQ Security Ratings How Does SecurityScorecard Collect Data & Calculate Security Ratings?


How Does SecurityScorecard Collect Data & Calculate Security Ratings?

How does SecurityScorecard collect data?

SecurityScorecard utilizes both active and passive data collection methods to gather proprietary and third-party data.

Active data collection involves:

  • Initiating a connection towards remote hosts and participating in some initial part of their protocol.

You can think about this as data that needs to be requested.

Passive data collection can be performed in two ways:

  • A remote host connects to us.
  • We obtain copies or summaries of some protocol transaction from a network sensor or intermediary device.

You can think about this as data that is collected without asking.

SecurityScorecard’s proprietary data collection relies on a global network of sensors that examine the entire internet and identify services, vulnerabilities, and adherence to best practices, which can indicate a company’s current cybersecurity posture. These signals are the fundamental backbone of SecurityScorecard’s security ratings. We also operate one of the world’s largest network of sinkholes and honeypots to glean indications of malware infection from outside a company's network.

Additionally, SecurityScorecard further enriches our data set by leveraging commercial and open-source intelligence feeds. This allows SecurityScorecard to improve the cadence of observation, build fidelity in the signals, and confirm accuracy in observations.

All of SecurityScorecard’s data collection methods are legal. We collect externally accessible and publicly-available data. No intrusive techniques are used to gather information.

How does SecurityScorecard attribute data?

SecurityScorecard identifies which digital assets (i.e. IPs and domains) belong to an organization. This determines a company’s digital footprint and is the basis of every Scorecard. Attribution is the linchpin for measuring cybersecurity, and an effective attribution process must be able to allow for change. Competitors in the market rely on manual attribution, which limits their ability to keep pace with the dynamic nature of the internet. They have some level of automation, but human analysts are still at the heart of their process. Human intervention involves manual error and results in attribution being only a snapshot of a moment in time. Conversely, SecurityScorecard relies on automation at scale. Attribution technology allows SecurityScorecard to quickly associate findings to an organization’s digital footprint, test for accuracy, relevancy, and completeness—continuously keeping Scorecards up to date.

SecurityScorecard leverages the use of advanced machine learning algorithms and other proprietary methods that accurately attribute IP addresses found on the open internet to the company that has operational ownership of the associated systems. SecurityScorecard has made a significant investment in the development of a patented cybersecurity ratings platform that

includes subject matter experts in areas such as networking, machine learning, risk management, and cybersecurity. The accuracy of the SecurityScorecard’s IP attribution process has its foundation in advanced machine learning techniques.

How does SecurityScorecard calculate security ratings?

SecurityScorecard takes into account all the external-facing discoverable assets of an organization, the issues associated with those assets, and the severity of the threats that were found in order to determine a score for each organization. Additionally, our scoring algorithm is based on a statistical framework that takes into account the 1,500,000+ rated companies on the SecurityScorecard platform.

SecurityScorecard’s scoring model is a continuous measure of the typical number of findings for an organization versus their size. The score is developed based on how many standard deviations an organization is better or worse than the average number of findings for an organization of a particular size. It enables fair comparisons of an organization's cybersecurity hygiene against others of comparable size, and brings increased

accuracy, transparency, and fairness to the security rating process.

Machine Learning Tuned Risk Factors

Additionally, SecurityScorecard utilizes machine learning to tune the scoring impact of our 10 risk factor groups. This data-driven approach enables SecurityScorecard to not only optimize the correlation between our grades and the relative likelihood of a breach, it also provides users more insightful scores. We have found that companies with an F rating are 7.7 times more likely to be breached compared to an A. Read this white paper to learn more.

Monthly Scoring Updates

The breadth and depth of our Ratings product is continuously enhanced with monthly Scoring Updates. These Scoring Updates allow SecurityScorecard to not only readjust the baseline that companies are scored against, which makes scoring more accurate, but it also allows the addition of new signals, retire old signals, and adjust the weight of issues and factors. This monthly cadence enables SecurityScorecard to keep up with the continuously changing threat landscape and provide an increasingly accurate picture of an organization’s cybersecurity posture.

Read our white paper for an in-depth walkthrough of our Scoring Methodology