Custom Scorecards are available with a SecurityScorecard Business or Enterprise plan. See our plans page for more information about levels of features and access.
Your company scorecard may contain a large set of domains and IPs, which may be difficult to analyze in its entirety, but you can define a specific subset of all your digital assets by creating a custom scorecard. You can base a custom scorecard on your own company scorecard or that of another company, such as a vendor.
Using a set of filters, you can include or exclude base scorecard assets according to different criteria. For example, you can base your filtering on different business units, service lines, geographies, or cloud assets.
A custom scorecard works like any other, except for the limited set of digital assets it contains.
Filtering Assets for Different Needs
The flexibility of filtering assets enables you to tailor scorecards to different needs.
Enterprise Cyber Risk Management—Focused Self-monitoring
Your company uses custom scorecards to focus on a particular business unit, region, facility, or any other organizational grouping.
- Benefit: The security of each focus area is managed by a different person internally. Creating custom scorecards helps your company fix issues faster because you can quickly assign the task to the correct point of contact. Different organizational units can focus on a smaller set of issues that they control.
- How to do it:
- Include or exclude domains or IPs to define the focus of the scorecard you want to monitor.
- Add the custom scorecard to portfolios for continuous monitoring.
- Caveat: The scoring on the custom scorecard is not related to the company base scorecard.
Third-Party Monitoring
Your company wants to monitor, and focus on, a portion of a vendor’s very large scorecard, for example, their customer cloud business.
- Benefit: You can focus on a specific area of the vendor scorecard, such as riskier websites and assets, or specific domains or IP ranges.
- How to do it: Identify the correct asset subsets to evaluate.
Create Your Custom Scorecard—Step By Step
- Log into your SecurityScorecard account.
- Select one of the following from the Scorecards drop-down menu in the top navigation bar, depending on your business need:
-
- For your own company: Select Create Customer Scorecard, and continue with the following steps.
- For other organizations: Select the scorecard you want to evaluate. Click the Custom Scorecard button next to the name of the scorecard, and select Create Custom Scorecard. Then, from the Custom Scorecard creator page, continue with the following steps.
- Find and select your base scorecard, either by its domain...
... or by a portfolio that contains it.
- Name the scorecard and choose who can modify it.
When creating a custom scorecard for your own organization, you can make it viewable by Everyone (Public).
Add a description if it is helpful.
- Add filters to define the exact subset of assets that you want:
- You can add IPs, IP ranges, and domains individually, using commas to separate different values. Click the arrow on the right of the text box to expand it for entering more values.
- You can define wildcard search queries for domains. For example:
*.domain.com - To use geolocation, select countries by IP location in the drop-down menu.
Learn more about how filtering works with assets. - Once you are done adding filters, click the Apply Filters button.
Note: When including multiple filters, choose ANY to include the widest range of results, or ALL to restrict results to a smaller, more focused subset.
- Save your new custom scorecard.
- Choose one or more portfolios to add the custom scorecard to, so that you can receive alerts for it.
View Your New Custom Scorecard
A newly created custom scorecard is generated within three days with initial scores, and you receive an email when it is ready.
Depending on the issue types associated with IPs or domains, it may take longer for a particular issue to appear.
Note: No history prior to the creation of the custom scorecard is included in a custom scorecard.
You can view the same details for any scorecard, such as Factor Level Scores, Issue Details, History, and Reports.
About Custom Scorecard Scoring
The scoring of a custom scorecard is independent of the base scorecard, and may be significantly different due to variances in the size of the digital footprint, cohort, and other factors.
For example, a small, focused custom scorecard may end up being scored as if it were a small business instead of part of a large international company. So, issues in the custom scorecard may be weighted differently than in the base scorecard.
See a more detailed explanation of scoring factors in the SecurityScorecard Trust Portal.
Publish Your Custom Scorecard
You have the option to make your custom subset of assets public so that any user of the SecurityScorecard platform can discover and follow it. Anyone can then add that custom scorecard to their portfolio.
You can also un-publish a custom scorecard that is no longer relevant or maintained.
Note: You cannot publish custom scorecards based on vendor or third-party scorecards because they do not belong to you.
To publish, switch the viewing permissions for the scorecard to Everyone (Public).
How Filtering Works with Assets
You can layer three categories of filters to derive the exact subset of assets you need:
- Domains / subdomains
- IPs / IP ranges
- Geography (determined by IP location)
For each filter, use the toggle is any of to include all values...
...or is none of to exclude all values.
Domain and IP Address Relationships
Domain and IPs are always linked together as part of a digital footprint. The SecurityScorecard dynamic attribution process uses various scanning techniques to find domains and IPs that are linked. For example, a DNS resolution shows an IP address resolving for a domain name.
It is not currently possible to separate linked attributions. When a domain is included in a digital footprint, any IP addresses attributed to those domains are also included. So, issues found on both the domains and the IP addresses are included in the scorecard.
Similarly any IP addresses included in a digital footprint that are associated with specific domains cause those domains to be added to the digital footprint of the scorecard.
Domain and Subdomain Filter Behavior
If a domain or subdomain is part of the filter set, the digital footprint of the custom scorecard includes or excludes:
- Domains or subdomains that match the filter and are part of the base scorecard
- IP addresses linked to domains or subdomains matching the filters
- Wildcard subdomains that match the filter and are part of the base scorecard
- Example: *.company.com
Note: Filtering on a wildcard value such as *.company.com does not automatically include company.com. You would need to include it in a separate filter.
IP and IP Range Filter Behavior
If an IP or IP range is part of the filter set, the digital footprint of the custom scorecard includes or excludes:
- IP Addresses that match the filter and are part of the base scorecard
- IPv4 Range notation, such as 0.0.0.0/0 or 123.123.123.123/24
- Domains linked to IP addresses matching the filters
This means that you will see issues on the custom scorecard that are directly attributed to the IPs that you include in filters, as well as issues that are attributed to domains or subdomains related to the IPs you specified.
The geography IP filter includes or excludes IPs that resolve to the country that you selected. Any domains linked to those IP addresses are also included.
Geolocation Filter Behavior
Geo-filtering is approximately 80 percent accurate, so using a geolocation-based filter may give inconsistent results. SecurityScorecard recommends using more specific IP or domain filters when possible.
ANY / ALL Logic
Selecting the ANY toggle produces results that match any of the filters in the set, even if they conflict. Filters are joined by the OR operator.
Selecting the ALL toggle produces only results that match the criteria of all of the filters, so it is most restrictive and with more limited results. Filters are joined by the AND operator.
FAQ
I created a custom scorecard using IP filters, but I see domain-based issues. Why?
The SecurityScorecard platform generally links domains and IP addresses whenever possible through dynamic attribution, various scanning methods, and use of various data sources. This means that you will see issues that are directly attributed to the IPs that you input into filters, as well as issues that are attributed to domains or subdomains related to the IPs you specified.
I have Fast Score enabled, so why isn’t my custom scorecard being created in real time?
Currently, Fast score is not available for custom scorecards.
Should I contact my vendor for domains and IP ranges or CIDR blocks that I need for a custom scorecard?
Yes, if you want the vendor’s help to determine which domains or IP addresses are most relevant to you. In some cases a vendor creates and publishes their own custom scorecard for a particular business unit. Sometimes a little research on which domains and subdomains you use to interact with the vendor can provide a good starting point for a custom scorecard based on that vendor. Related IP ranges are included through dynamic attribution.
Does a custom scorecard take up a license?
Yes.
If my digital footprint is missing the asset I need for my custom scorecard, do I need to add it to my base scorecard first?
Yes, only domains, subdomains, or IP ranges that are part of a base scorecard are available to match one or more filters. If the asset is removed from a base scorecard that previously matched a filter, it no longer matches the custom scorecard and will be removed from the custom scorecard as well.
Get Help or Share Feedback
If you need help, have questions, or would like to share feedback, submit a Support request.
Comments
0 comments
Please sign in to leave a comment.