Vendor Profile: SecurityScorecard

I caught up with SecurityScorecard at RSA 2020. They’re offering a service that has a lot of potential, in my view. It’s not the only company in its category, but their offering is impressive.

SecurityScorecard provides cybersecurity ratings for thousands of companies worldwide. Their technology scans a range of public information, including dark web data, relating to a given company. From this, they are able to build a cyber risk profile that rates the security of the company’s networks, DNS, endpoint security, malware infections, patching and so forth.

“With our toolset, you see what the hacker sees,” Heid added. “The difference now is that you can act before they do.”

“For better or worse, every corporate entity in the world is emitting digital signals that describe their security postures,” explained Alex Heid, Chief Research & Development Officer at SecurityScorecard. “We harvest these signals and correlate them to create a security scores for each company.” The process is dynamic, with security scores changing over time as businesses remediate security deficiencies—or neglect them.

SecurityScorecard interface

The SecurityScorecard service is potentially appealing in a variety of client scenarios. Some companies might want to be assessed by a neutral third party like SecurityScorecard so they can find out what vulnerabilities they need to remediate. This is quite helpful for PCI compliance, where companies need to know where they have security issues that could affect their certifications.

The security score has great promise in the contexts of vendor management, partnerships and mergers and acquisition (M&A). Before going into business with a company, it’s now possible to get an objective read on their cybersecurity strengths and weaknesses.

The interconnectedness of the business world makes it useful, if not essential, to know about risks lurking in business partners.

The interconnectedness of the business world makes it useful, if not essential, to know about risks lurking in business partners. Vendor networks lead to customers’ networks, after all. An unsecured vendor exposes the customer to risk. With SecurityScorecard, a company can know about an at-risk vendor before it becomes a serious problem.

Alex Heid, Chief Research & Development Officer at SecurityScorecard

The stock market is also emerging as a focus area for SecurityScorecard. As Heid put it, “A breach can really hammer a stock, and for good reason. Breaches are costly to remediate and bad for brands.” In Heid’s view, security scores are on track to become a standard element of a buy/sell decision on Wall Street. “Just as you would consider the impact of a Moody’s debt downgrade, so too you might be concerned about a drop in cyber security score for a public company.”

“With our toolset, you see what the hacker sees,” Heid added. “The difference now is that you can act before they do.”