In this article:
At SecurityScorecard, we are proud to continuously deliver hundreds of innovative features throughout the year, enhancing the way you understand, communicate, and collaborate to reduce risk. Because we move quickly, we want to ensure that we are communicating all of our innovations to you effectively. So, twice a year, we package our new features and improvements into a release, so you can effectively leverage our product suite.
About this release
Threats move fast. We help you move faster.
SecurityScorecard’s Q4 ‘21 Release brings over 20 new product enhancements, partnerships, and resources to increase coverage of security threats, save time, and outpace threats enabling your business to grow with efficiency and trust.
Ratings
Tagging
Streamline third-party vendor management and make business decisions faster.
Now you can tag without limitations and group by risk, domain, industry, and more to help you organize, prioritize, and assess your third party vendors.
Atlas
Evidence Locker 2.1
Get your security diligence recognized by vendor assessments and expand your business. opportunities
Enable vendor risk managers to easily see your security posture with outward facing and shareable evidence
Marketplace
Tenable Lumin
Correlate data from Tenable Lumin with external risk ratings from SecurityScorecard.
Installing the External Security Posture Report from SecurityScorecard into Tenable Lumin adds an “outside-in” perspective of cyber health in a side-by-side comparison to Lumin’s Cyber Exposure Score (CES). With this addition, you can communicate both internal and external risk factors to the C-Suite and Board of Directors as well as others in your security organization with an easy-to-understand visualization of cyber exposure that translates technical data into actionable insights.
Mimecast
Use Email-Based Threats Identified by Mimecast to Augment Risk in SecurityScorecard.
Integrating Mimecast and SecurityScorecard augments internal and external risk factors into a single pane of glass. Receive insight from internal resources with visibility into email-based threats to help quantify your organization’s cyber risk.
Palo Alto
Automatically Create Incidents in Palo Alto Networks Cortex XSOAR from Alerts Set in SecurityScorecard.
The SecurityScorecard Ratings content pack allows security teams to automatically create Cortex XSOAR incidents from alerts in SecurityScorecard. Alerts can be retrieved for factor grade drops, overall score drops, new vulnerabilities found, new issues, and CVEs detected for your organization, and any companies in your SecurityScorecard portfolio. Utilize your Cortex XSOAR dashboard to visualize these incidents and the alerts driving them.
Zendesk
Empower a More Productive Team With Automated Ticket Creation in Zendesk Based on SecurityScorecard Ratings' Continuous Monitoring.
The SecurityScorecard app for Zendesk leverages Zendesk’s REST API, and SecurityScorecard’s own Ratings REST API to facilitate remediation of vulnerabilities in an organization’s network and that of their third parties. SecurityScorecard and Zendesk customers can set up alerts based on changes within Scorecards for their own organization or their third parties, such as when a critical CVE is found or a breach is detected. When the designated event is triggered, a Zendesk ticket is created and assigned, including more details on the event and a link to SecurityScorecard for more information. Teams can resolve the issue if it is on their own Scorecard or contact the impacted third party for next step if it is a vendor’s issue, enabling easy collaboration and real-time action.
HackNotice
Take Action Against External Threats to Your Data and Identity with HackNotice and SecurityScorecard.
The HackNotice integration for SecurityScorecard provides access to actionable threat intelligence and darknet insights. HackNotice scours the dark web to alert employees of vulnerabilities, compromised information, and data breaches in real-time. By activating the integration, you will see 50 recent results for your domain right in your organization’s scorecard. Results include: leaked email addresses, passwords, PII, phone numbers, IP addresses and other information that hackers may use to specifically target employees for spear phishing campaigns, or to directly take over their accounts.
PagerDuty
Streamline Communication, Remediation, and Support with SecurityScorecard Notifications in PagerDuty.
The SecurityScorecard app for PagerDuty gives support teams visibility to important event notifications in their organizations’ Scorecards. Collect tailored SecurityScorecard alerts in PagerDuty to manage them from one location without losing context. Notify users when new SecurityScorecard issues, updates, or records are added to PagerDduty. When a rule is activated by a user-specified event, a message is immediately delivered to PagerDduty.
IntSights
Receive enterprise-grade threat intelligence from IntSights right in SecurityScorecard.
IntSights integration for SecurityScorecard helps identify and instantly lockdown leaked sensitive information. Automatically, detect, prioritize, and take down external threats to your brand across the clear, deep, and dark web.
Certa
Integrate SecurityScorecard vendor ratings into your automated third-party workflows in Certa.
SecurityScorecard integration for Certa provides security and privacy teams a real-time feed that assesses and rates vendors’ security posture and controls. This data can be used to find any remediation actions necessary from the vendor, flag immediate risk, and initiate downstream processes, including additional approvals or additional information requirements from the third party.
Source Defense
Fortify Defenses Against Client-Side Website Attacks with SecurityScorecard and Source Defense.
Source Defense integration for SecurityScorecard provides a list and map of all foreign JavaScript, including 3rd parties, 4th parties and more from Source Defense, to provide a full view of the assets and information on their vulnerabilities right in Scorecards. This includes how much of this JavaScript code runs on pages with sensitive fields, which actions are accessible to 3rd party scripts that may be exploited and ultimately lead to data breaches, session compromises, and other serious client-side risks. Furthermore, the Source Defense client-side security technology leverages machine learning, industry regulations, and best practices to protect these vulnerabilities before they are exploited.
ServiceNow VRM 2.2
Instantly Rate and Understand the Cyber Security Risk of Any Vendor in Your Portfolio.
SecurityScorecard vendor security risk ratings are automatically updated within ServiceNow, reflecting the evolving cybersecurity posture of business partners in your third-party ecosystem. This information allows you to fine-tune the tiers assigned to your vendors through internal assessments and more accurately reflect the true risk posed by specific vendors. The vendor tier is an important element to consider when assigning the type and frequency of vendor risk assessments. As vendor tiers change, automated workflows can push vendor invites and mandated vendor risk assessments.
CSC
Monitor and Protect Your Brand From Domain-Based Fraud Threats With CSC and SecurityScorecard.
SecurityScorecard integrates domain registrar type risks (consumer-grade or enterprise-class) provided by CSC directly into Scorecards, giving you more actionable insights to protect your organization. Utilize the integration with CSC to get domain registrar classification information to ensure you are using a domain registrar that prioritizes domain security, brand protection and fraud protection.
Microsoft Teams
Boost Collaboration and Productivity with SecurityScorecard Notifications in Microsoft Teams.
The Microsoft Teams app for SecurityScorecard enables you to work more productively and ensure that your team never misses a change on a Scorecard. This app extends the power of the SecurityScorecard platform with the ability to set up notifications in a designated Teams channel based on Scorecard changes and events. When your chosen event is triggered, you will receive a Teams post in your channel with more details on the event and a link to SecurityScorecard, enabling easy collaboration, investigation, and action.
Professional Services Advisory
SecurityScorecard Professional Services
Save time, lower risk, and get the most out of your security investment.
These offerings are designed to accelerate your TPRM program while optimizing your resources so you can focus on high security priorities.
- TPRM Blueprint: Increase security velocity and ratings with a TPRM Maturity assessment designed to identify gaps, strengthen your security infrastructure, and reduce risk.
- TPRM Operational Alignment: Get the most out of your security investment. Improve security operations and align to business results with an alignment assessment designed to increase operational efficiency and reduce cost.
SecurityScorecard Academy
SecurityScorecard Academy
Maximize TPRM skills with certification courses.
These self-paced certification courses are designed to help improve customer TPRM and SecurityScorecard skills. Once a student passes the course, they’ll earn (ISC)² CPE credits and a certification badge to add to their LinkedIn profile so everyone knows they’re the TPRM expert.