In this article:
Some features mentioned in this article may only be available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Learn about the latest product updates, features, early release features, and improvements, in the SecurityScorecard platform.
For scoring recalibrations and other changes that affect Scorecard scores, see scoring update release notes.
March, 2023
Compliance module with cloud support
The Compliance module provides a more efficient audit of requirements by expanding evidence collection and simplifying visibility. You can now add cloud service provider account data for AWS and GitHub to the compliance assessment.
Learn more about the Compliance module and how to integrate it.
MITRE and breach filters added to Attack Surface Intelligence
You can enrich your Attack Surface Intelligence searches with breach information and MITRE ATT@CK adversary tactics, techniques, and procedures (TTPs).
Learn more about facets in Attack Surface Intelligence.
Improved Portfolio performance
When you open Portfolios that contain thousands of Scorecards, you can instantly view and filter of Scorecards.
Faster attribution updates
With faster and more frequent attribution updates, you see more accurate and current asset information in your Digital Footprint.
Digital Footprint domain details and workflow
When managing your Digital Footprint assets, see right away how we attributed IP addresses and domains to your organization. The page details attribution sources and methods for each domain.
After reviewing this evidence, you can categorize certain assets so that they have appropriate score impact. For example, for a tenant domain, all related issue findings do not impact the score. You also can still refute assets if you can demonstrate that they do not belong to your organization.
Learn more about Digital Footprint and this workflow.
WHOIS added for attribution data collection
SecurityScorecard now includes the WHOIS public database as a source for collecting attribution data. This improves attribution accuracy, enables identification of more related domains, and speeds detection of domain additions. Digital Footprints update faster, with more precise enumeration of domains.
Custom Scorecard Version 3
You can precisely filter and control which assets appear on your Custom Scorecard, select multiple source scorecards, aggregate multiple scorecards entirely, apply new issue type filters, and have control over the migration and updates applied to your existing Custom Scorecard.
Learn how to make your Custom Scorecards.
Active resolution of findings for SPF-related issue types
We now resolve findings for the following issue types if we no longer detect them in subsequent scans:
- SPF Record Missing
- Malformed SPF Record
- SPF Record Found Ineffective
- SPF Record Contains a Softfail without DMARC
We remove such findings from the Scorecard as soon as we assert that they are no longer present in a weekly, recurring scan. This means you do not need manually submit resolution requests in the platform after you address findings, so that you can focus on more impactful issues.
Netskope CCI integration
With their partnership, SecurityScorecard Netskope enrich each other’s security and risk posture data, so you can make more informed policy access decisions about the risk associated with cloud applications. With the new Marketplace integration, Netskope’s Cloud Confidence Index (CCI) provides SecurityScorecard with public and private signals for over 55,000 SaaS applications.
Netskope's installation page in Marketplace
After you install the integration and the SecurityScorecard starts collecting the data, the findings appear in the Application Security factor of your Scorecard.
Netskope issue type details page and findings
February, 2023
Global navigation
Simpler, clearer, smarter menus help you get where you need to go and get more done faster. Dedicated menus consolidate all your Scorecards, Portfolios, toolsets, and services.
Additional search facets in Attack Surface Intelligence
You can refine searches based on additional facets related to location, SSL certificates, information returned by HTTP headers, and attributed domain counts. New boolean (yes/no) facets expand search options, too.
Learn about all available search facets in ASI.
Automatic Vendor Detection enhancements for Portfolios
You can now assess and understand the supply chain risk for Portfolios. Search for potential issues across Portfolios. For example, see all the organizations in your Portfolios that use Atlassian.
January, 2023
Self-monitoring Launchpad
Get a quick view of important Scorecard updates and actions that help you monitor your organization's security posture and respond to critical events.
Access your launchpads from the Dashboard menu in the top navigation bar.
Report branding and legal disclaimer
You can brand your exported reports with your corporate logo and apply disclaimers for protection against legal claims.
Learn about how uploading your logo.
Invited vendor landing page
When partners and other third parties accept invitations to join SecurityScorecard, they are directed to a personalized landing page, where they are welcomed and can set their account passwords before starting their free account onboarding process.