Security Ratings

It all starts with a score.

We then provide you with the tools and intelligence you need to improve the cyberhealth of your entire ecosystem.

SecurityScorecard enables users to view and continuously monitor security ratings, easily add vendors or partner organizations, and report on the cyberhealth of their ecosystems. The platform automatically generates a recommended action plan for issue remediation in order to achieve a “target” letter grade for customers and their vendor and partner organizations. It also provides access to insights and shows a clear record of issues that have impacted scores over time. Additional collaboration tools help enterprises better manage cyber security and ensure continuous compliance with regulatory standards and frameworks.

Laptop Dashboard

Understand the cyberhealth of your ecosystem across 10 risk factors.

  • Network Security

    Network Security

    Examples of network security hacks include exploiting vulnerabilities such as open access points, insecure or misconfigured SSL certificates, or database vulnerabilities and security holes that can stem from the lack of proper security measures.
  • DNS Health

    DNS Health

    The SecurityScorecard platform measures multiple DNS configuration settings, such as OpenResolver configurations as well as the presence of recommended configurations such as DNSSEC, SPF, DKIM, and DMARC.
  • Patching Cadence

    Patching Cadence

    How diligently a company is patching its operating systems, services, applications, software, and hardware in a timely manner.
  • Endpoint Security

    Endpoint Security

    Endpoint security refers to the protection involved regarding an organization’s laptops, desktops, mobile devices, and all employee devices that access that company’s network.
  • IP Reputation

    IP Reputation

    The SecurityScorecard sinkhole system ingests millions of malware signals from commandeered Command and Control (C2) infrastructures from all over the world. The incoming infected IP addresses are then processed and attributed to corporate enterprises through our IP attribution algorithm. The quantity and duration of malware infections are used as the determining factor for these calculations, providing a data point for the overall assessment of an organization’s IP Reputation, along with other assessment techniques.
  • Web Application Security

    Web Application Security

    Examples of vulnerabilities detected include Cross-site Scripting (XSS) or an SQL injection attacks.
  • Cubit Score

    Cubit Score

    The Cubit Score factor is SecurityScorecard’s proprietary threat indicator that measures a collection of critical security and configuration issues related to exposed administrative portals.
  • Hacker Chatter

    Hacker Chatter

    The SecurityScorecard Hacker Chatter factor continuously collects communications from multiple streams of underground chatter, including hard-to-access or private hacker forums. Organizations and IPs that are discussed or targeted are identified.
  • Leaked Credentials

    Leaked Credentials

    SecurityScorecard identifies all sensitive information that is exposed as part of a data breach or leak, keylogger dumps, pastebin dumps, database dumps, and via other information repositories. SecurityScorecard maps the information back to the companies who own the data or associated email accounts that are connected to the leaked information, assessing the likelihood that an organization will succumb to a security incident due to the leaked information.
  • Social Engineering

    Social Engineering

    SecurityScorecard identifies a variety of factors related to social engineering, such as employees using their corporate account information for services, for example, social networks, service accounts, personal finance accounts, and marketing lists that can be exploited. In addition, employee dissatisfaction is monitored through publicly available data.

No Waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and instantly receive your score in your business email.

Get It Now

Instant visibility across your entire ecosystem.

SecurityScorecard gives you a complete view into the security posture of your entire ecosystem. Its easy-to-use dashboard displays mission-critical information including high-risk vendors, critical and common security issues, and predictive insights for your portfolios. 

With Custom Scorecards users have instantaneous access to more detailed cyber security risk data on specific parts of their own or a business partner’s organization. Data can be segmented in a way that is most relevant to the user; by business units, subsidiaries or geographical locations for self-monitoring or third-party risk management.

Understand third-party cyber security issues.

View individual vendor scorecards and identify third-party cyber security issues that put your business at risk. The dashboard displays both an overall security score as well as scores broken down across 10 risk factors. Drill down into specific findings to visualize and understand severity, IP addresses, and much more.

Automatic Vendor Detection Scan

Discover and manage risk posed by your vendors' vendors.

Manage fourth-party risk with Automatic Vendor Detection (AVD™).  AVD uses non-intrusive methods and data sources to reliably detect the third-party vendors your own vendors are using. You can then add these vendors to your portfolio to ensure your IT infrastructure isn't compromised by a fourth-party.

Take control of your cyber security rating and easily boost your score.

Score Planner provides full visibility and transparency into how specific security issues impact scores and automatically generates a recommended remediation plan in order to achieve a “target” letter grade. If the recommendations don’t meet your needs, you can run interactive “what if’ scenarios and create a customized action plan using SecurityScorecard’s simple user interface. Also available to all of your vendors and partners, Score Planner changes the game by providing transparent, prescriptive, and actionable advice to you and your third-party communities. Once a plan is generated, you can download it as a CSV for convenient integration with your issue tracking system or GRC platform.

Cyber Security Ratings Planner

SecurityScorecard delivers a holistic view of any organization’s security posture based on the collection, analysis, and attribution of millions of critical data points. The result is an unprecedented security solution that provides an accurate view of risk across your ecosystem, whether that risk is posed by one poor performing vendor or by a correlated risk across a group of companies.

The SecurityScorecard platform is powered by ThreatMarket, our patented security data engine, which leverages sophisticated security collection capabilities and advanced machine learning algorithms to identify signals, accurately attribute findings, and calculate a security score.

Data leveraged by our platform is mined using the market’s leading data collection capabilities. We monitor signals across the internet, relying on a global network of sensors that spans the Americas, Asia, and Europe. We enrich our data set by leveraging commercial and open-source intelligence sources, ensuring our customers have access to the greatest breadth and quality of intelligence available.


The first thing I do when I learn that a new vendor needs to be onboarded is check their score in the SecurityScorecard platform for a quick and accurate assessment.

Mike Belloise Director of Information Security, TriNet

Read Case Study

SecurityScorecard contextualizes security issues so that users across the enterprise including executives, security engineers, vendor risk managers, cloud architects, and many others can leverage the platform to make better security decisions.

SecurityScorecard’s A-F rating system is easy to understand and correlates directly to risk indicators that have been identified on the public web, dark web, our global sensor network, and other sources.

A cornerstone of accurate security ratings is the ability to collaborate with internal stakeholders and external vendors and partners to resolve security and compliance issues. With SecurityScorecard you can easily invite vendors and grant them free, unlimited access to their detailed security scorecards and point them to which vulnerabilities to focus on first.

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!