In this article:
At SecurityScorecard, we are proud to continuously deliver hundreds of innovative features throughout the year, enhancing the way you understand, communicate, and collaborate to reduce risk. Because we move quickly, we want to ensure that we are communicating all of our innovations to you effectively. So, twice a year, we package our new features and improvements into a release, so you can effectively leverage our product suite.
About this release
Q4 '20 Release drives cyber-resilience and agility.
How do you grow resilient roots in a quickly shifting environment?
2020 has brought many changes to our personal and professional lives, creating a new normal. Security and IT teams are dealing with moving their operations to a remote environment while maintaining security controls. This means a more complex third-party ecosystem with new digital assets to secure, demands to do more with less, and the need for cyber resilience.
SecurityScorecard’s integrated platform simplifies cybersecurity monitoring and assessment workflows, extends the value of existing investments, and helps grow resilient cybersecurity roots.
What are the key processes of cyber-resilient organizations?
- Manage Third Parties at Scale: Resilient organizations manage complex third-party ecosystems at scale.
- Automate Processes: Whether teams are fully remote or partially back in the office, process automation is key to agility.
- Get More out of Existing Security Investment: Supplement existing investments, such as GRCs or SIEMs, to get the most out of existing systems.
73 percent of organizations have experienced elevated third-party risks, leading to 43% of enterprises increasing their third-party risk management technology investments. Learn more in our recent study.
Read our Q4 '20 release notes
This release delivers expanded innovations across the entire SecurityScorecard Platform, empowering modern cyber risk management teams to simplify their workflows, automate processes, and manage a complex third-party risk ecosystem at scale. Our mission is to make the world a safer place by empowering every organization with actionable cybersecurity intelligence.
Rule Builder Evolution
Enhance due diligence with security trigger-based workflows
Our latest enhancements to Rule Builder enable organizations to take their due diligence workflows a step further. Now, you can automatically trigger an Atlas questionnaire for approval based on different Scorecard changes, such as a breach, new high severity issue, score drop, and much more. The integration between Ratings and Atlas simplifies the continuous monitoring of third parties with action-based workflows, all-in-one platform.
Understand total risk more easily across your Portfolios to make smarter business decisions
Groups provide unique statistics and insights into risk by aggregating multiple Portfolios of companies into a grouping. This view enables your team to see an overall assessment of all vendors and to perform bulk actions across Portfolios faster.
Commenting on Issues
Provide an added layer of transparency with inside-out context on issues
Add public or private comments on any of the 80+ issues on your Scorecard. Paired with SecurityScorecard’s “outside-in” data, this additional “inside-out” information enables greater trust and understanding between teammates and third parties on cybersecurity issues.
Machine Learning Tuned Risk Factors
Meaningful scores determined by data-driven algorithms
In an industry first, SecurityScorecard has applied machine learning to optimize the values of the individual factor weights so that total scores are maximally correlated with the risk of a breach.
Gain a broader understanding of an organization's cybersecurity posture with new signals
With the increase of threats in 2020, security and IT teams need to be aware of the different ways that their organization can be at risk. New signals in the Social Engineering, Leaked Credentials, and Hacker Chatter Factors enable you to understand whether sensitive information has been exposed or leaked and much more. These new issues broaden SecurityScorecard’s breadth and depth of cybersecurity data to give you the information necessary to remediate any gaps that may be exploited by bad actors.
Consistent and continuous improvements towards accurate digital footprints
Companies globally depend on risk ratings to understand the cybersecurity posture of their own organizations and third parties. With continuous enhancements to attribution, SecurityScorecard provides you an increasingly accurate depiction of the cyber risk of organizations. Visit the Trust Portal to find out more about the data that drives our technology.
Easily search and add third parties to Portfolios for continuous monitoring
The new enhanced search bar enables organizations to quickly search, find, and add any company into customized Portfolios.
White label option for reports with your own branding
Service providers want to present a unified brand experience to their clients. This add-on option lets you download Summary and Detail Reports of any company in your Portfolio with your logo or select a co-branded option. Strengthen and reinforce your brand with SecurityScorecard’s reporting enhancements. We’ve also streamlined the layout of our Summary Reports to be easier to read which aids in the interpretation of summary information.
Demonstrate your organization’s commitment to cybersecurity to over 2 million companies
Now, more than ever, it is very common for organizations to assess each other’s security posture. Proactively publishing security-related information makes it faster for other companies to assess each other’s cybersecurity posture. Publicly sharing curated details with the entire ecosystem demonstrates that your company is proactively engaging with your Scorecard.
Easily collaborate and communicate with your vendors, suppliers, customers, or any external third party
Collaborating with your third parties has become a critical part of business resilience. Now, with designated contacts for each organization, security and IT teams don’t have to waste time trying to find the right contact for their third parties.
Custom Issue Mapping in the Atlas Questionnaire Wizard
Customize and assign SecurityScorecard data in your questionnaires
Atlas now lets you specify which SecurityScorecard Ratings issues map to individual questions in Atlas’ Custom Questionnaire Wizard, enabling you to instantly verify questionnaire responses against SecurityScorecard issues, factors, and grades. When creating or editing a questionnaire in Atlas, you can seamlessly designate objective security ratings data that validates that question. This brings more customization and transparency to the cybersecurity assessment process, providing a true 360° view of risk.
Seamlessly evaluate and validate your organization’s security controls
With remote workforces and distributed teams using different tools, security teams lack a simple way to assess and drive security accountability within their organizations. Now, you can leverage Atlas to conduct internal controls-based risk assessments of different units or subsidiaries within a company and instantly validate them with SecurityScorecard Ratings data automatically mapped to questionnaire responses. By using Atlas for both vendor risk and internal assessments, you can simplify and standardize risk reporting across your organization.
Smart Mapping Enhancements for Faster Questionnaire Completion
Eliminate the need for you and your vendors to respond manually to received questionnaires
Atlas not only helps you instantly validate your vendors’ responses, but also eliminates the need to manually respond to every questionnaire. With this release, we bring you improvements to our Smart Mapping Engine, saving you hours when responding to questionnaires. Leveraging the Autocomplete function with smarter answer suggestions from your Answer & Evidence Repository cuts the questionnaire response time by 50%. Take advantage of the enhanced visualization with a progress bar that gives you a visual indication of the progress made with Autocomplete.
Eliminate email back-and-forths by streamlining communication in Atlas
Streamlining communication while completing or waiting for a questionnaire is now even easier with Atlas’ chat notification emails. Now, when you receive a chat in Atlas you will also be alerted by email, making sure that you never miss a comment or question from your partners. This speeds up the time it takes for vendors to complete received questionnaires.
APIs and integrations
Seamlessly integrate Atlas’ cybersecurity insights into your existing workflows
Our APIs enable you to build custom workflows and integrate Atlas’ cybersecurity assessment data into your existing third-party risk management processes. The Atlas API provides a powerful, convenient, and simple way to interact with Atlas data. For example, you can leverage the API to automatically send a questionnaire from your Template Library, get the status of any sent questionnaire, download responses, and review attached evidence from your vendors’ cybersecurity assessments; or instantly access SecurityScorecard Ratings data auto-mapped to individual questionnaire responses.
A dedicated center for SecurityScorecard APIs
Integrating SecurityScorecard’s cybersecurity data into your existing workflows is now easier than ever with our Developer Hub! The Developer Hub brings you a centralized resource, easy-to-use documentation, and discussion boards to start building your own custom integrations with SecurityScorecard’s Ratings and Atlas APIs. Our APIs give you a powerful, convenient, and simple way to scale your risk management program and enhance the value of your existing workflows.
OneTrust Vendorpedia Integration
Automate third-party risk management in OneTrust with security ratings
SecurityScorecard’s integration with OneTrust Vendorpedia is now available to mutual customers, enabling you to access top-level and factor-level scores in OneTrust Vendorpedia. With the ability to automate actions, such as trigger an assessment based on a score drop and build custom workflows, the power of SecurityScorecard Ratings in OneTrust Vendorpedia helps you scale and operationalize third-party risk management.
Integrate SecurityScorecard into Venminder to build a 360° view of your vendors
Integrating SecurityScorecard into Venminder gives you instant and real-time visibility into the security posture of your vendors in Venminder. With SecurityScorecard top-level and 10 factor-level scores in Venminder, you can identify early warning signs that may warrant your close attention and allow you to take action right inside Venminder. This unique combination solves all critical elements of assessing, managing, and monitoring your vendors during their lifecycle and creates a reliable, cost effective way to manage the complex and otherwise costly burden of third-party risk.
IHS Markit Integration
Make more informed decisions with access to IHS Markit’s assessment products directly from the SecurityScorecard platform
We are excited to partner with IHS Markit, tightly integrating both solutions to provide customers with a 360° view of cyber risk. IHS Markit KY3P Customers can now access SecurityScorecard security ratings in KY3P to more efficiently manage end-to-end third-party risk. Additionally, the integration offers SecurityScorecard customers the opportunity to purchase IHS Markit’s assessment products directly from the SecurityScorecard platform.
ServiceNow for Vendor Risk Management Version 1.1
Embed more SecurityScorecard Ratings into ServiceNow third-party risk management workflows
Our latest upgrade to SecurityScorecard’s ServiceNow Vendor Risk Management app enables you to integrate SecurityScorecard Ratings for up to 2,000 vendors in your ServiceNow instance. Additionally, you can now support multiple vendor records with the same domain. For example, if you have separate vendor records for different business units with the same domain — such as OvoFinance US, OvoFinance France, and OvoFinance Denmark — each referring to the same www.ovofinance.com domain, you can now populate SecurityScorecard data under each record.
Archer GRC Integration 2.1
Accelerate third-party risk management with faster and more Ratings in Archer
Our enhancements to our Archer integration bring you the ability to monitor more vendors with SecurityScorecard Ratings in Archer GRC. Now, you can see SecurityScorecard Ratings data for up to 600 vendors in Archer, 12 times more than before! Additionally, we cut the sync time in half, giving you the most up to date data in your Archer instance. Learn more and install the SecurityScorecard app on the RSA Archer Exchange.
We’re proud to partner with our global alliance ecosystem, bringing SecurityScorecard’s solutions into integrations and services for various use cases, including third-party risk management, compliance, self-assessment, enterprise security information, and event management.
Amazon Web Services Marketplace
SecurityScorecard now available for purchase right in AWS Marketplace
We’re proud to join the Amazon Web Services Marketplace, meeting you and your partners in the places where they procure software. Additionally, members of the Enterprise Discount Program can put to work any excess commitments that were made as part of the annual EDP program to fund purchases for SecurityScorecard when purchasing through AWS marketplace.
Offering security ratings to European businesses and establishing European headquarters
We are excited to partner with Vodafone, the leading multinational telecommunications company, offering security ratings to Vodafone’s customers in Europe. We have accomplished this by partnering with Tomorrow Street, Vodafone’s innovation center, and established our European headquarters in Luxembourg. Our alliance empowers millions of Vodafone’s multinational, corporate, and small business customers to continuously monitor and improve their security posture.
Accessing new insights around tangential areas of risk in the SecurityScorecard Platform
Our alliance with Craft brings together cyber risk data and enterprise intelligence data, strengthening our data set with insights from Craft. We are incorporating Craft data sets into our platform, providing you with access to new insights around tangential areas of risk. Additionally, Craft customers can access SecurityScorecard cyber risk data via Craft’s Enterprise Intelligence Platform.
Great American Insurance Group
Providing cyber risk insureds access to security ratings
Together with Great American Insurance Group, we are expanding access to expertise and best practices from the Security Ratings space. Through this alliance, Great American Insurance cyber policy holders can now access our self-monitoring and vendor-monitoring capabilities with the purchase of a cyber risk policy. This provides insureds with a complete view of their cybersecurity ecosystem, helps to navigate where their vulnerabilities are, and offers a recommended path to remediation.
Bringing cybersecurity ratings to the federal government and public sector with Dcode
SecurityScorecard is proud to have been one of the five companies selected to participate in Dcode’s cybersecurity accelerator class. Dcode is a government accelerator with the goal of connecting private-sector tech companies with government opportunities. As part of the 10-week program, SecurityScorecard joined four other cybersecurity companies in hands-on sessions with industry leaders and mentors and met with government agencies to better understand their needs. Dcode evaluates solutions that can meet national security requirements and support government missions successfully in the long term and SecurityScorecard is proud to be selected as a participant.
Providing members new capabilities in PCI and MSSP
We are working in tandem with GM Sectec to enable businesses in Latin America and the Caribbean with the tools they need to manage security and third-party risks. SecurityScorecard is now included in GM Sectec's "Cyber Essentials" toolkit, which is a portfolio of industry-leading products and services that GM Sectec distributes to its 52,000 customers spanning the Latin American and Caribbean regions. In addition, this alliance will provide our joint customers with new Payment Card Industry (PCI) and Managed Security Service Provider (MSSP) offerings.
Bringing accessible cybersecurity education through the Introduction to Cybersecurity Nanodegree Program
SecurityScorecard has partnered with Udacity to bring easily accessible cybersecurity education to the public and enterprises through the Introduction to Cybersecurity Nanodegree Program. This Nanodegree program offers the right balance of structured content and practitioner-level skills to enable a learner to become a cybersecurity professional. The program is also a great supplement for any IT professional looking to build stronger cybersecurity skills.
Continuously monitor key sources of cyber risk to protect patient health data and adhere to regulatory requirements
SecurityScorecard's new H-ISAC alliance helps healthcare organizations manage their cybersecurity programs and monitor complex ecosystems of vendors to secure patient health information, and reduce the risk of HIPAA-related violations. Healthcare IT and security teams can now leverage security ratings to quickly understand their own security posture, as well as vulnerabilities within their network of insurance companies, medical device manufacturers, pharmaceutical companies, and other healthcare partners.
National Defense ISAC
Managing defense contractor security and satisfying regulations imposed on organizations that do business with the DOD
We are working collaboratively with ND-ISAC to help organizations in the defense industrial base better address cybersecurity challenges, and manage exposure to applicable regulations such as CMMC and NIST 800-171. ND-ISAC Members can now leverage our continuous monitoring and Atlas compliance questionnaire module to satisfy components of the CMMC framework. This also helps the Department of Defense more safely engage with its network of defense contractors and bolsters the overall cybersecurity posture of the DOD supply chains, since many members are suppliers to one another.
Strengthening the aviation supply chain and automating key cybersecurity processes
Our A-ISAC alliance provides a critical service that helps strengthen and stabilize the aviation supply chain by employing market-leading security ratings. A-ISAC Members can now leverage SecurityScorecard’s portfolio of solutions to identify and mitigate risk in areas of IT, third-party risk management, continuous monitoring, and board reporting. Added benefits include automation and streamlining of key cybersecurity processes throughout the vendor risk management lifecycle.
Retail & Hospitality ISAC
Accessing critical security insights for better management of first- and third-party risk
Our new alliance gives RH-ISAC Core Members in the retail and hospitality industry access to SecurityScorecard Ratings that provide insight for better management of risk in their first- and third-party environments. The partnership expands our ability to drive awareness of proactive risk management and change the way retail and hospitality firms address cyber risk. This gives security and business leaders confidence as they engage with vendors in the collective supply chain formed by RH-ISAC.
Mineral and Mining ISAC
Providing access to security ratings to drive cyber resilience with MM-ISAC members
Our partnership the MM-ISAC gives Core Members in the mineral and mining industry access to SecurityScorecard Ratings that provide insight for better management of risk in their first- and third-party environments. The partnership expands our ability to drive awareness of proactive risk management and change the way mineral and mining firms address cyber risk. This gives security and business leaders confidence as they engage with vendors in the collective supply chain formed by MM-ISAC.
Nongovernmental Organizations ISAC
Driving cyber resilience among nonprofit and nongovernmental organizations
We are proud to partner with the NGO-ISAC, enabling US-based organizations to access SecurityScorecard Ratings and protect their ability to carry out their missions. With this alliance, NGO-ISAC members gain access to SecurityScorecard Ratings, providing the tools and guidance to enhance the abilities of the entire sector to operate safely and securely.