Trusted by the best.
SecurityScorecard Ratings evaluate an organization’s cybersecurity risk using data-driven, objective, and continuously evolving metrics that provide visibility into any organization’s information security control weaknesses as well as potential vulnerabilities throughout the supply chain ecosystem.
SecurityScorecard Ratings offer easy-to-read A-F ratings across ten groups of risk factors.
The Web Application Vulnerability module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.
This proprietary module measures a variety of security issues that a company might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.
This module measures the health and configuration of a company's DNS settings. It validates that no malicious events occurred in the passive DNS history of the company's network.
The Endpoint Security Module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.
The SecurityScorecard Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.
The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds, and third-party threat intelligence data-sharing partnerships.
The Network Security module checks public datasets for evidence of high risk or insecure open ports within the company network.
This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.
The Patching Cadence module analyzes how quickly a company reacts to vulnerabilities to measure patching practices.
The SecurityScorecard Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.