SecurityScorecard uses multiple data collection methods. One of these is internet-wide active scanning, which is described in this article. Other passive and enrichment sources are also used and operate differently.
Passive surveying capabilities
SecurityScorecard uses a network of hundreds of passive sensors strategically deployed across the internet. These sensors provide a wealth of security intelligence used to identify specific threat-related findings. The sensors include honeypots and DNS sinkholes, enabling SecurityScorecard to automate the identification of millions of active malware infections. These findings also enable our security engineers to capture important security findings, reverse-engineer malware, identify the command-and-control domains the malware will register with, and tune our network of DNS sinkholes to those domains. Together, these capabilities give you unparalleled visibility into potential threats to the company's digital footprint, as shown in the SecurityScorecard dashboard.
Active scanning capabilities
SecurityScorecard uses multiple publicly available active-scanning technologies. These scanning capabilities provide security intelligence to assess security ratings across multiple risk factors. Also, SecurityScorecard uses other scanning techniques, including Google Dorking, GitHub Dorking, DNS records, SSL certificates, header grabs, and hacker community scanning, to identify a wide range of attacks, misconfigurations, and exposed vulnerabilities.
What findings are obtained during scanning?
SecurityScorecard assesses dozens of unique findings from scan data, and that number grows as our advanced signals-collection team develops new capabilities to keep pace with the evolving threat landscape.
SecurityScorecard uses some of the data collected for IP attribution. For example, publicly available DNS records help identify and map digital assets to their owners.
SecurityScorecard also utilizes the data collected to assess and score the security posture of hundreds of thousands of companies. The collected data is mapped to security issues associated with specific risk factor areas. These findings influence the security posture ratings reported in the SecurityScorecard dashboard.
How does scan data affect a company’s security rating?
For details on how our scoring works, see our Scoring Methodology Whitepaper.
How often does a vendor get scanned?
SecurityScorecard provides vendor risk managers with a frequently updated perspective of a vendor’s security posture. With our patented methodologies, we can overcome the limitations of point-in-time risk assessments and other traditional approaches.
How is it non-intrusive?
Our passive and active scanning technologies interact with publicly accessible systems within their normal operating parameters, and at no time do they inject code, run exploits, or use other intrusive techniques. All techniques used by SecurityScorecard are well understood by the information security community and are considered non-intrusive. All summarized findings are transparent and documented, enabling organizations to understand the issues SecurityScorecard identified during the rating process.