In this article:
Expect the Unexpected
The traditional enterprise risk model is a thing of the past. Cybersecurity risk is not just a cybersecurity risk — it cascades into the organization triggering a legal risk, technology risk, compliance risk, and more. Third-party cyber risk is a material business risk.
Organizations need to be prepared to expect the unexpected. Expecting the unexpected requires resilience. Security teams need to be ready to answer questions such as:
- Are you prepared to respond to a third-party breach?
- Will you be able to operationalize your vendor risk management program?
- Are you ready to comply with new regulations that demand fast response to incidents?
- Can you effectively speak to the board about how your VRM program is driving your business forward?
Our Q4 ‘23 Release is here to ensure that you are prepared to expect the unexpected. This release includes 30+ innovations that prepare your organization with an end-to-end view of your supply chain and attack surface. Get a complete picture of your supply chain risk with actionable cyber risk intelligence, be ready to take action in an instant, and create operational efficiencies through effective communication with stakeholders, partners, and regulatory bodies. Learn more about everything included in this release below!
Third-Party Cyber Risk Management
- Collaborate and improve your security posture with confidence.
- Streamline collaboration with internal stakeholders and your third-parties in one dashboard to generate dynamic remediation plans, prioritize critical vulnerabilities, assign specific people to fix issues, and see progress in real time, saving you hours and reducing ecosystem risk.
Learn more about Action Plans here.
- Accelerate the vendor assessment process with automated questionnaires.
- SecurityScorecard Questionnaires bring a whole new questionnaire experience within the SecurityScorecard platform. Questionnaires make the cybersecurity questionnaire exchange process between senders and receivers faster, more accurate, and secure, with key insights mapped to SecurityScorecard ratings at every stage. With SecurityScorecard Questionnaires, security and third-party risk management teams get one centralized platform for cybersecurity ratings, questionnaires, reporting, and more. Learn more about Questionnaires here.
- Expand your holistic view of risk with critical data for evaluating and reporting on Environmental, Social, and Corporate Governance (ESG) risk.
- SecurityScorecard ESG Data helps you identify ESG risk events for your organization and its vendors, so you can take action. Stay ahead of regulatory activity and investor pressure by tracking adherence to current public and private sector security mandates, and detect potential compliance gaps. Get risk data from one trusted source delivered through a customer facing API.
Natural Language Global Search
- Instantly get the answers you need about your vendors’ cyber exposure
- Ask open-ended questions about your business ecosystem to quickly drive risk management decisions. SecurityScorecad has integrated with OpenAI’s GPT-4 to enhance Global Search, saving leaders significant time by reducing the manual work associated with analyzing data. Learn more here.
Expanded Vendor Intelligence with Attack Surface Intelligence
- Access expanded intelligence to validate risks in your vendor’s threat landscape
- Easily see deeper insights into critical issues impacting your vendors including vulnerabilities, malware infections, leaked credentials, and breach history. Validate the severity of risk and provide your Incident Response team with actionable insights to thwart active and emerging threats. Coming Soon.
Vendor Collaboration Invites
- Increase response rates and customize your requests when inviting your vendors to SecurityScorecard with a seamless invite flow for both the recipient and the sender.
- When requesting evidence, you can now use previously invited contacts from the Contact Manager. Using familiar contacts allows for more personalized, conscious invites to the platform and leads to better responses. As the recipient of a request, you are no longer asked to create a SecurityScorecard account until after you have submitted a response allowing vendors to respond more quickly to requests without interruption.
4th Party Vendor Detection in Portfolios
- Assess your concentration risk within your Portfolios with Automatic Vendor Detection
- Easily search your Portfolios to determine concentration risk or understand what organizations the companies in your Portfolios work with. For example, search for a common vendor, such as Atlassian, to see all organizations within a Portfolio who are connected.
Invited Contact Manager
- Ease collaboration with invited vendors and partners within SecurityScorecard.
- Make your Portfolio connections more powerful by contacting partners and vendors. In a few simple steps, you can quickly reach out to organizations with active SecurityScorecard accounts and reinforce how their security activities affect you. Learn more about Contact Manager here.
Enterprise Cyber Risk Management
Evidence & Events in the Digital Footprint
- Clearly identify evidence of attributed domains in your Digital Footprint and actively assess how assets relate to your organization.
- The updated Digital Footprint provides clear communication of attribution sources and any underlying evidence of domains. There is also an additional Event Log that will be available in the Digital Footprint so security teams can easily understand what assets have been discovered and/or decommissioned, and they will have a clear picture on how those assets relate to their organization. Learn more in our Knowledge Base.
Automated Board Reports
- Clearly articulate the work done in improving the score and the business value and contextualize security risks with business risks.
- A new Board of Directors report is now available to better communicate the most important high level metrics across an organization’s Scorecard. Summarize and report on the most important metrics across your organization’s Scorecard; going over self monitoring, vendor risk management, your industry and the competition.
Enhanced Compliance Readiness Assessment
- Centralize evidence collection for faster, more efficient audits
- Evaluating how well any organization is performing against regulatory requirements, cybersecurity standards, or organizational best practices is faster and more effective. Cloud configuration and Questionnaires data has been integrated to expand the types of requirements that can be verified. Any compliance framework can be supported and findings can be easily shared with other stakeholders. Learn more in our Knowledge Base.
- Enable more segmented monitoring and risk mitigation with labeled assets to easily assign ownership of IPs and Domains
- The ‘Asset Category’ column in the Digital Footprint will show auto assigned (SecurityScorecard detected) and even user-contributed categories for assets making it easier for Infosec Managers to determine ownership of assets within their teams. These categories provide a more accurate picture of an organization's attack surface and Top Level score. Learn more in our Knowledge Base.
Custom Scorecard Filters
- More tagging and filtering criteria is now available to quickly build Custom Scorecards
- Effectively monitor an organization’s security posture with faster allocation of assets to respective regional teams by pulling assets associated with custom tags and geolocation filters into specific Custom Scorecards. Learn more in our Knowledge Base.
View all issue evidence for subsidiary scorecards
- Continuously monitor the security posture of your organization and subsidiaries
- Improve overall entity security posture faster by accessing complete issue evidence for subsidiaries and understanding common risks across your overall entity. Subsidiary management enables you to quickly prioritize subsidiaries that require additional resources or attention to reduce cyber risk. Learn more in our Knowledge Base.
- Accurate identification of breaches, reduce false positives, improve timely breach notifications, and increase geographic coverage with BreachDetails.
- BreachDetails is SecurityScorecard’s in-house method for collecting and analyzing news articles, ransomware articles, and other sources that contain information on data breaches. Using an in-house breach detection tool allows for greater control over breach notices and on-demand addition of breach detection sources. BreachDetails also uses automation and AI to increase accuracy, timeliness, and coverage of detected breaches. Learn more in our Knowledge Base.
Visual Search in Attack Surface Intelligence
- Surfacing threat intelligence is fast and intuitive.
- Visual Query Builder enables users without query syntax knowledge to quickly and efficiently conduct searches in Attack Surface Intelligence to gain the answers they need to drive decisions. See it in action or learn more here.
Table View in Attack Surface Intelligence
- Effortlessly view and sort threat data for quicker results.
- The table view in Attack Surface Intelligence allows users to get answers faster from a list of searchable IPs and associated threat data. In addition, users are able to download the larger table results in the reporting center for ease of search and sorting the data.
- Harness vulnerability intelligence to understand the impact to your attack surface.
- Gain a comprehensive understanding of details associated with all published and upcoming CVEs to drive remediation decisions. Our proprietary website, CVEDetails.com, gives you insight into the severity of a CVE and any known exploits, so you can determine the impact to the business. Visit CVEDetails.com to learn more.
Integrations and Marketplace
- Use critical cyber risk insights from SecurityScorecard for your third-party risk management workflows in ProcessUnity
- SecurityScorecard Ratings are embedded into ProcessUnity to give you accurate and critical visibility into the overall cybersecurity risk posed by vendors. Add vendor Scorecards into ProcessUnity with just the company name. Factor-to-factor compliance mapping in ProcessUnity improves workflow automation.
Jira On-Demand Ticket Creation
- Automatically create actionable and detailed Jira tickets for individual Issue Findings from SecurityScorecard
- On-Demand Jira ticket creation for individual Issue Finding allows IT Security Teams and SOC managers to select the most important issues present, and place them in the right locations for resolution. Triage individual issues based on severity and score impact.
S&P Supplier Risk Indicator
- Evaluate any organization’s supply chain risk.
- SecurityScorecard Ratings paired with S&P Market Intelligence have been integrated to provide a Supplier Risk Indicator (SRI) score. Evaluate supplier’s with a single score based on key risk factors including cyber, financial, and ESG. Drill down into the factors comprising the score to prioritize individual issues that could put your organization at risk. Receive trusted data from two of the industry’s leading Ratings companies.
Cybersecurity Risk Insights App for Coupa
- Understand how cyber risk impacts your Supplier’s overall health with SecurityScorecard Ratings in Coupa
- Continuously monitor and understand a supplier’s overall cyber security posture across the entire procurement and supplier lifecycle to make more informed business decisions. Use cybersecurity ratings to improve critical workflows such as requisition approval chains.
Salesforce Scorecard Importer
- Bulk import vendor accounts from Salesforce to create Scorecards for each.
- Monitor Scorecards for your Salesforce vendor accounts with one-click using the Salesforce Scorecard Importer. Bulk importing vendor details from Salesforce allows you to fast-track the SecurityScorecard onboarding process and hit the ground running collaborating with vendors via SecurityScorecard.
Ratings Integration for ThreatQuotient
- Automate continuous monitoring of your cybersecurity posture and that of your third-parties.
- ThreatQuotient customers can now integrate SecurityScorecard Ratings with the ThreatQ security operations platform to gain an outside-in view of their security posture, monitor for vulnerable third-parties, and prioritize remediation.SecurityScorecard listing on ThreatQuotient Marketplace.
Netskope CCI Integration
- Confidently make policy decisions based on accurate and comprehensive security risk data for your saas applications
- Adding SecurityScorecard data to the Netskope Cloud Exchange (CE) provides customers with powerful insight into their security posture and that of their SaaS applications. The two companies are bi-directionally sharing critical risk and threat information between SecurityScorecard, Netskope Cloud Threat Exchange (CTE) and the Netskope Platform. Combined data from SecurityScorecard and Netskope provides customers with a higher level of confidence on a particular application's true risk.
Managed Cyber Risk Services
- Bridging the gap between vendor risk and cybersecurity.
- Operationalize your third-party cyber risk program for an outcomes-based approach to with our Risk Operations Center of cybersecurity professionals. With this service, our ROC team proactively identifies the likelihood of a cyber incident from your vendor landscape by taking the powerful risk signals, telemetry, and threat insights gleaned from the SecurityScorecard platform; combined with state-of-the-art predictive intelligence and expert led breach response capabilities. Talk to a member of our ROC today to get started.
Zero-Day as a Service
- Your ultimate defense against zero-days in your supply chain.
- Zero-day vulnerabilities are unseen, undetectable risks, waiting to exploit gaps in your IT environment and supply chain ecosystem. Our Zero-Day-as-a-Service (ZDaaS) is an early warning and detection service, alerting organizations to new and emerging potential zero-day vulnerabilities across your third-party vendor landscape. To build a more resilient vendor cyber risk program, speak to an expert today.
Request Services within SecurityScorecard Platform
- Access a team of experts at your fingertips.
- SecurityScorecard's Risk Operations Center (ROC) is a team of expert threat intelligence, incident response, and cyber risk management professionals who leverage SecurityScorecard's vast data signals and telemetry to proactively monitor emerging threats and vulnerabilities. Now, you can get access to our team of experts right within the SecurityScorecard Platform by selecting Professional Services in the navigation bar. Whether you want to test your defenses with a pen test or tabletop exercise, operationalize your third-party risk management program, or respond to an emergency, our ROC is here for you.
Data Residency Compliance
- Send and receive Questionnaires in Europe and the Asia Pacific region.
- Data residency requirements define which types of sensitive data need to be stored or processed within a specific geographic location in order to meet local data privacy laws. Sensitive data provided by customers in Europe or the Asia Pacific region in Questionnaires, Evidence Locker, and other parts of our platform now resides locally.
- Easily track activities and actions that are taking place on the platform.
- Audit logs allow customers to easily track who is accessing their data, what data is being accessed, and where it is being accessed from to improve their internal controls, data security, and meet compliance and regulatory requirements. Learn more in our knowledge base.
- Simplify your workflows in SecurityScorecard with a smarter menu.
- We’ve enhanced our navigation menu within the SecurityScorecard Platform, enabling you to accomplish what you need, faster. Find what you need more easily with all Scorecard tools – including Scorecards, Portfolios, Core Tools, and Services — condensed into a simpler interface.