SecurityScorecard Partners with JCDC to Democratize Continuous Monitoring and Cybersecurity Risk Management

Cybersecurity is a team sport, and SecurityScorecard is proud to partner with the Joint Cyber Defense Collaborative (JCDC) to share cyber threat information in defense of public and private critical infrastructure. Established in August 2021 by the Cybersecurity and Infrastructure Security Agency’s (CISA) Director Jen Easterly, JCDC recently celebrated its first anniversary, and the impact it has made in that time has been significant. This impact includes providing a quick response to active, widespread exploitation of the Log4Shell vulnerability; connecting JCDC members with victims based off observed network traffic, which allowed them to step in and help and then share insights back with the community; and offering defensive actions and free services to mitigate harmful impacts to U.S. critical infrastructure from potential malicious Russian state-sponsored cyber operations.

JCDC’s mission is “to unify the global cyber community in the collective defense of cyberspace.” JCDC creates a new model for public-private partnerships and brings together the public and private sectors with Federal and State, Local, Tribal, and Territorial (SLTT) governments to work collaboratively to reduce cyber risk. JCDC’s diverse members provide unique capabilities and expertise; together, they enable increased visibility into the threat landscape, improved analysis, and more timely and actionable cyber risk information sharing—ultimately reducing risk to the cyber ecosystem and critical infrastructure.

Free Cybersecurity Services and Tools

To help boost the overall cyber health of organizations and mature their cybersecurity risk management, CISA created a compilation of Free Cybersecurity Services and Tools for public and private sector entities. SecurityScorecard is proud to be the only security ratings platform included as part of this effort. Our involvement fits our mission to make the world a safer place. CISA’s free resources are categorized according to the four goals outlined in CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats, including:

1. Reducing the likelihood of a damaging cyber incident;
2. Detecting malicious activity quickly;
3. Responding effectively to confirmed incidents; and
4. Maximizing resilience.

In April, CISA added SecurityScorecard’s cybersecurity ratings platform to its free toolkit page, allowing organizations to understand their attack surface, identify vulnerabilities, prioritize security efforts, and reduce the likelihood of a damaging cyber incident. Free self-monitoring can provide small and mid-sized businesses with continuous visibility into their cybersecurity posture that they might otherwise lack the resources to obtain.

Shields Up!

In March, SecurityScorecard was proud to share with JCDC our original threat intelligence research related to the Zhadnost botnet, which JCDC added to their Shields Up Technical Guidance page. SecurityScorecard’s cyber risk intelligence team turned its resources towards the defense of critical infrastructure entities and Ukraine in the wake of the Russian invasion. Our researchers identified three separate DDoS attacks, which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion. Details of these DDoS attacks had not yet been publicly identified.

Onward!

The work continues. SecurityScorecard looks forward to deepening our partnership with JCDC and continuing to share information as a member of the Information Technology Sector Coordinating Council (IT-SCC) as well as the Information and Communications Technology Supply Chain Risk Management Task Force (ICT SCRM Task Force)—to protect businesses, government agencies, and people against malicious cyber activity.