Skip to main content

Scanning overview

dave herder
  • Updated

In this article:

     

    What is the SecurityScorecard scanning process?

    SecurityScorecard utilizes multiple, non-intrusive security data collection methods that are publicly available. At a high level, these fall into two technical categories:

    Passive surveying capabilities

    SecurityScorecard utilizes a network of hundreds of passive sensors that are distributed strategically across the internet. These sensors introduce a wealth of security intelligence that is used to determine specific threat related findings. The sensors include honeypots and DNS sinkholes that enable SecurityScorecard to automate the identification of millions of malware infections that are active at any given time. These findings also allow our security engineers to capture important security findings, reverse engineer malware, identify the command and control domains the malware will register, and tune our network of DNS sinkholes to those domains. Combined, these capabilities provide unrivaled visibility into potential threats to the digital footprint of company represented in the SecurityScorecard dashboard.

    Active scanning capabilities

    SecurityScorecard utilizes multiple publicly sourced active scanning technologies. These scanning capabilities introduce a broad range of security intelligence that is used to assess the security ratings across multiple risk factor areas. Also, SecurityScorecard uses other scanning techniques including Google Dorking, Github Dorking, DNS records, SSL certificates, header grabs, and hacker community scanning to identify a wide range of attacks, misconfigurations, and exposed vulnerabilities.

    What findings are obtained during scanning?

    SecurityScorecard assesses dozens of unique findings using the data that is collected during the scanning process, and that number continues to grow as our advanced signals collection team develops more capabilities alongside the evolving cybersecurity threat landscape.

    SecurityScorecard uses some of the data collected for the IP attribution process. For example, publicly sourced DNS records help identify and map digital assets to the vendor that owns them.

    SecurityScorecard also utilizes the data collected to assess and score the security posture of hundreds of thousands of companies. Data that has been collected is mapped into specific security issues that are associated with a specific risk factor area. These findings influence the security posture ratings found in the reports available in the SecurityScorecard dashboard.

    How does scan data affect a company’s security rating?

    For detailed information about our scoring methodology, click here to read our Scoring Methodology paper.

    How often does a vendor get scanned?

    SecurityScorecard provides vendor risk managers a frequently updated perspective of a vendor’s security posture. By leveraging our patented methodologies, we can overcome the limitations of point-in-time risk assessments and other traditional methodologies.

    How is it non-intrusive?

    Our passive and active scanning technologies are interacting with publicly accessible systems within their normal operating parameters and at no time are injecting code, running exploits, or using other intrusive techniques. All the techniques in use by SecurityScorecard are well understood by the information security community and considered to be non-intrusive. All summarized findings are transparent and documented so that organizations can understand what issues were found by SecurityScorecard as part of the rating process.

    Related articles