Where do we get our information?

We analyze a very broad number of signals. The signals are gathered non-intrusively from three places:

1. Terabytes of proprietary data continuously gathered by our sensors, scattered throughout the globe
2. Data sharing partnerships with other security companies
3. Open Source Intelligence Information (OSINT) about various risk indicators

Open Source–what is it?

Open-source intelligence is information collected from publicly available sources. This includes data dumps posted publicly, unprotected communication between threat actors, and the use of public resources to determine security factors.

What partnerships does SSC have?

We have partnered with a wide variety of best in class organizations to identify comprehensive security indicators found on the Internet. These partnerships include public universities, private research organizations, information security collaboration communities, nonprofit security data feeds, and for-profit security data feeds. We continuously add and remove partners to make sure that we have the best in class view of all third parties.

What proprietary data does SSC have?

The bulk of SecurityScorecard data originates from a proprietary collection of threat intelligence sensors. These signals collect data from SecurityScorecard’s malware analysis pipelines, monitored hacker chatter crawlers, honeypot infrastructures, and social engineering sensors.