Learn about the latest product updates improvements in the SecurityScorecard platform.
Some features mentioned in this article may only be available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
March
Communicating compensating controls across all issues
SOC teams can now communicate compensating controls for every issue via the user interface. Before, only a limited amount of issues could be resolved by indicating the presence of compensating controls.
Enhanced visibility of global rules
The Rule Builder now features enhanced visibility. Each rule now displays key information including: a description, trigger type, manager, recipient, and an on/off toggle, allowing for quick adjustments. You can also search for and review the actions executed by the Rule Builder.
SecurityScorecard PaloAlto Cortex XSOAR v 1.0.12 Release Now Available
The new version of the PaloAlto Cortex XSOAR integration now provides issue-level findings details, giving SOC teams deeper context into security issues detected across their own organization and suppliers. With this enhancement, security analysts can access granular, actionable data directly in XSOAR, streamlining investigations and accelerating response times using XSOAR security playbooks.
Learn more about SecurityScorecard for Palo Alto Cortex
February
New Grip Security integration
The new integration with Grip Security enables security teams to monitor newly discovered or critical SaaS vendors in Grip for continuous assessment in SecurityScorecard, ensuring up-to-date and proactive risk management across SaaS suppliers.
Learn more about integrating with Grip Security
Exposing complete SSL Cert evidence
You can now obtain all the SSL Cert evidence that SecurityScorecard has used to discover and attribute IPs or subdomains. This data is available as a PEM file that can be downloaded from the attribution evidence section of the Digital Footprint.
Getting Started with Vendors experience
Two new sections have been added to the Getting Started Page:
- Work with other companies: A singular view to see your requests like receiving action plans and questionnaires
- Learn the basics: Understanding your score, reviewing your digital footprint, inviting team members
Measuring vendor responsiveness improvement
You can now track the average amount of time questionnaires spent in each stage of the questionnaire lifecycle. This data is displayed on the Status of questionnaires sent widget within the Vendor Engagement dashboard.
New communication tools: Contact Manager and Request Log
The Contact Manager is a centralized contact management solution that enables you to create, read, update, and delete contact information for both internal and external contacts. To access navigate to Communication > Contact Manager.
The Requests Log provides you with comprehensive invitation management so you have visibility and traceability into vendor or client communication through SecurityScorecard. To access, navigate to Communication > Requests Log.
One-click flow for subdomain refute
When you click on a subdomain, you now receive instant information about how it was attributed to the attack surface as well as how to manage it.
Learn more about adding and removing subdomains
Sunsetting Scoring 2.0 for API users
Support for Scoring 2.0 data via the Platform API and Bulk Data API is sunsetting on February 6, 2025. After this date, Scoring 2.0 data will no longer be available via the Platform API or Bulk Data API.
Learn more about these updates to the Bulk Data and Platform API
SecurityScorecard ServiceNow ITSM v 3.1.1 is Now Available
The new version of the ServiceNow ITSM integration includes:
- Support for ServiceNow Xanadu release
- Description Risk and Recommendations format now reads as standard text. This text was previously in JSON format and more difficult to read.
Learn more about SecurityScorecard for ServiceNow IT Service Management
SecurityScorecard PaloAlto Cortex XSOAR v 1.0.10 Release Now Available
The new version of the PaloAlto Cortex XSOAR integration addresses issues noted in commands used by security teams to create security automation from SecurityScorecard risk intelligence. This release has refactored the following commands to work with our current alert generation system:
- Securityscorecard-alert-grade-change-create
- Securityscorecard-alert-score-threshold-create
- Securityscorecard-alert-delete
- Securityscorecard-alerts-list
Learn more about SecurityScorecard for Palo Alto Cortex
January
SSL cipher update
The cipher suite supported by platform.securityscorecard.io was updated from TLSv1.2_2018 to TLSv1.2_2021. In order to continue using the SecurityScorecard platform, you must use an up-to-date browser that supports the secure ciphers from the TLSv1.2_2021 suite.
Learn more about this cipher update
In-platform Incident Likelihood Assessments and Remediation Plans for MAX
Incident likelihood reports and remediation plans are now created and consumed within the platform and the appropriate findings data is kept up to date.
Learn more about the MAX dashboard
Comment on issues for your subsidiaries
Admins from parent organizations can now comment on issue findings and make it visible for their subsidiary organizations. An updated hierarchy is a pre-requisite for this.
Learn more about updating your hierarchies
Slack private channel support
You can now configure the Slack integration to send sensitive alerts to private channels.
Comments
6 comments
Feature release notes have been updated with improvements released on January 8:
Feature release notes have been updated with improvements released on January 22:
Feature release notes have been updated to correct the release date for "Score calculations fixed for scorecards with less than 50 score" which was actually released on December 2024.
The description of that feature has been added to the 2024 feature release notes.
The release notes have been updated with improvements released on February 5:
The release notes have been updated with improvements released on February 19:
The release notes have been updated with improvements released on March 5:
Article is closed for comments.