In this article:
Some features mentioned in this article may only be available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
This article highlights product updates, new features, early release features, bug fixes, and more that we have added to the SecurityScorecard platform. Check back regularly to stay up to date.
For the latest changes that affect Scorecard scores, see scoring update release notes.
December
December 2, 2022
Free Business Plan trial - Try out the full set of features for a SecurityScorecard Business Plan for two weeks. A button for setting up the trial appears at the top of the platform user interface if you have a free account.
December 13, 2022
Projected score (General availability) - Immediately see your future, adjusted numeric score and letter grade displayed on your Scorecard when one of the following changes triggers a recalculation:
- You resolve issue findings.
- You have certain IPs or domains removed from your Digital Footprint, so that the negative score impact of any related issue findings is erased. Any approved changes to a domain also affect any subdomains or IPs associated with that domain.
Improvements for contacting organizations (General availability) - Send personalized messages safely through the platform to vendors, partners, and other organizations. Set score improvement expectations or discuss other important items.
December 14, 2022
Role-based access control (General availability) - Assign roles, giving users in your organization the right amount of access to platform features or data. Use your administrative settings to create and assign roles.
Recommendations for Scorecards to follow (General availability) - See recommendations for Scorecards to add to your Portfolios, so you can cover gaps in your ecosystem's cybersecurity coverage. The recommendations appear in your Portfolios.
Improvements for inviting companies to join SecurityScorecard (General availability) - Initiate and track invitations more easily. In a single, simple workflow:
- Invite multiple companies at once using .csv file uploads.
- Sort invited companies more easily Portfolio tables.
- Personalize invitations with logo branding and custom messages.
December 19, 2022
Ability to request a penetration test - Ask our Professional Services team to run a penetration test on your assets. Make the request directly from the Factors page of your Scorecard.
December 21, 2022
Ability to request documents in Evidence Locker - Ask vendors or partners to share documents or other artifacts that provide evidence of compliance or standard cybersecurity best practices. Make these requests quickly and safely in any Public Scorecard or in Evidence Locker in the SecurityScorecard platform.
November
November 17, 2022
Improvements for inviting companies to join SecurityScorecard (Early access) - Initiate and track invitations more easily. In a single, simple workflow:
- Invite multiple companies at once using .csv file uploads.
- Sort invited companies more easily Portfolio tables.
- Personalize invitations with logo branding and custom messages.
November 14, 2022
Risk Control - Proactively identify which companies are at high risk of sustaining an incident and send them personalized email alerts to make them aware of vulnerabilities that need immediate attention.
November 3, 2022
APIs for Scorecard tagging - Use tagging functionality at scale with your integrations and automated processes.
November 2, 2022
Tagging for Watch List companies - Track and prioritize organizations that are not yet in your Portfolios.
November 1, 2022
Custom reports - Build reports using data widgets to share the information your leadership, board, and security team need.
Report cloning - Build custom reports based on existing ones so you can keep relevant information and insert additional data points.
October
October 27, 2022
Automatic Vendor Detection for Portfolios - Track third- and fourth-party connections and directly from your Portfolios.
October 13, 2022
- Tagging for issue findings - Prioritize and address findings faster.
October 4, 2022
- Dashboard improvements - See at a glance:
- Your Scorecard score
- The current day's recommended tasks
- Recommended issues to remediate
- Activity log showing score changes for companies monitored companies
- Support link and hotline number to call for ransomware incidents
September
September 23, 2022
- Enhanced Custom Scorecard (Internal Access). Testing improvements to our Custom Scorecard functionality for a future release. Release date TBD.
September 22, 2022
- Projected Score (Internal Access). Testing a new way to reflect resolved findings more instantly. Release date TBD.
- Monthly Scoring Release. Our standard monthly recalibration updates the baselines that companies are scored against. Learn More.
September 21, 2022
- Watch List (Early Access). A new way to monitor high-level score information of companies without consuming a portfolio slot is currently being tested by a select group of early access customers. Release date TBD.
September 20, 2022
- Share Scorecard (General Access). Customers can now share their own Scorecard or any vendor's Scorecard with the entire world via their social networks.
September 12, 2022
- Watch List (Internal Access). A new way to monitor high-level score information of companies without consuming a portfolio slot. Release date TBD.
September 9, 2022
- Automatic Vendor Detection Portfolios (Internal Access). A potential way for users to understand and assess the supply chain risk for a particular portfolio. Release date TBD.
September 8, 2022
- ASI - Attack Surface Intelligence (General Access). A new threat and risk intelligence capability from SecurityScorecard that surfaces our rich dataset for the global attack surface to customers. Learn More.
- Reporting Center 2.0 (General Access). This update improves the performance of available reports with enhanced performance, increased security, and saves time by adding filters and widgets for customization.
- Custom Reports (Early Access). Custom reports will allow users to build their own report through select widgets and are currently being tested by a select group of customers. Release date TBD.
September 1, 2022
- Cyber Risk Quantification for other Scorecards (Internal Access). This expands on the ability to use CRQ for vendor risk management. Release date TBD.
August
August 31, 2022
- Tags for Issue Findings (General Access).CISO / Infosec Analyst will be able to identify and prioritize issue findings by leveraging tags, enabling them to submit relevant remediations faster to improve their security posture. Learn More.
August 25, 2022
- Entity Scorecard (Internal Access). This idea provides a way to show the aggregated security posture of an entity that has multiple Scorecards. Release date TBD.
August 18, 2022
- Free plan updates. We regularly re-evaluate features in our free plans and make changes where appropriate. See our plans page for more information about levels of features and access.
- Share Scorecard (Internal Access). We're working on a way to allow users to share their Scorecard with others through select channels. Release date TBD.
August 17, 2022
- Tags for Findings in the ‘Issues Page’ (Early Access). CISO / Infosec Analyst will be able to identify and prioritize issue findings by leveraging tags, enabling them to submit relevant remediations faster to improve their security posture. Release date TBD.
- Reporting Center 2.0 (Internal Access). This update will improve the performance of available reports and allow for customizable report creation. Release date TBD.
- Role-based access for Evidence Locker. User permissions now support better controls for Evidence Locker with the ability to decide which users can Create/Edit/Delete items in your Evidence Locker or grant access to others.
August 9, 2022
- Improved Add Company and Invite Company flow. These improvements simplify the process of adding a company to a portfolio and inviting a company to manage their Scorecard with over 200 customers now using it. Learn More
- Financial Impact improvements. Users on the ThreatConnect API can now see support for selected currencies, calculate dollar loss by record type, for PCI, PHI, and PII, and an updated layout with a summary view
July
July 29, 2022
- Tags for Findings in the ‘Issues Page’ (Internal Access). CISO / Infosec Analyst will be able to identify and prioritize issue findings by leveraging tags, enabling them to submit relevant remediations faster to improve their security posture. Release date TBD.
July 27, 2022
- Free user plan changes. The graph of score history graph is no longer visible in the Free plan. The free plan is now allowing users to remove companies they are monitoring for more flexible Third Party Risk Management.
- UX Improvements. General design and UX improvements to improve the experience for our free users and promote discoverability of new features
- Improved Add Company and Invite Company flow (Early Access). These improvements simplify the process of adding a company to a portfolio and inviting a company to manage their Scorecard with over 200 customers now using it. GA Release Date TBD.
July 21, 2022
- Digital Footprint IP Details page. This new page has more precise IP attribution evidence, enhanced page navigation, allows you can now export or download both the associated domains and issues lists, as well as view all of issues on a single page.
July 18, 2022
- Supply Chain Risk connections graph. The connections graph menu is now in a side drawer instead of a modal making it easier to digest.
July 15, 2022
- Chrome Extension. The SecurityScorecard Chrome Extension allows users to see grades for the sites they visit to give them an indication of site security. Install Now
- Custom Reports (Internal Access). This will allow users to create their own custom report library. Release date TBD
- Improved Add Company and Invite Company flow (Internal Access). These improvements simplify the process of adding a company to a portfolio and inviting a company to manage their Scorecard. Release date TBD.
July 12, 2022
- UX Improvements. General design and UX improvements to improve the experience for our free users and promote discoverability of new features
July 1, 2022
- Risk Control Workflow (Internal Access). This new workflow will let companies who monitor other companies, like insurers or vendor risk managers, proactively identify which companies are at high risk of sustaining an incident and deliver bulk email alerts to those companies to make them aware of vulnerabilities that need immediate attention. Release date TBD
June
June 30, 2022
- Manage Scorecards details. Admins can now see which users followed a domain and when, along with what portfolio that domain is in. Learn More
- Non-Domain accounts. This feature enables sub-domains to leverage the SecurityScorecard Platform with their own separate account with separate licensing and slot consumption. Learn More
- Tagging IP and Domains (General Access). Includes new functionality such as assigning ‘same tag’ to multiple assets at once, Bulk Upload of thousands of tags along with assets, and ability to view and edit IP/Domain tags in ‘Issue Page’ and much more. Learn More
June 29, 2022
- Ransomware Report (General Access). CISOs or Vendor Risk Managers can use this report to understand an organization's susceptibility to a ransomware attack by displaying and correlating several key pieces of information. Learn More
June 28, 2022
- SecurityScorecard Snowflake Data Set. A simplistic way to leverage up-to-date security data to any tool that is or can be connected to Snowflake. Learn More
June 24, 2022
- Digital Footprint IP Details Page (Internal Access). This will give customers the ability to see all of their issues on one page and can export / download both the associated domains and issues lists. Release date TBD.
- Marketplace UI Improvements. We've brought improved navigation, featured listings, a search box, additional informational links per listing, sorting, labels, and more. These improvements give users a first-class experience in terms of clarity and usability. Check it out
- Tagging Role Based Access (Early Access). This new feature provides controls to Admins on who can Create, Edit, Delete or Assign Tags. Learn More
June 23, 2022
- Navigation UI changes (General Access). These changes present a cleaner view to provide users with more space to focus on the information they need to manage their Scorecard, Account, and Portfolios.
June 21, 2022
- July Scoring Update. These changes will go live July 21st, 2022 and include a new informational issue type and scoring baseline updates. Learn More
June 16, 2022
- Tagging IP and Domains (Early Access). Includes new functionality such as assigning ‘same tag’ to multiple assets at once, Bulk Upload of thousands of tags along with assets, and ability to view and edit IP/Domain tags in ‘Issue Page’ and much more. Release date TBD
June 15, 2022
- Automatic Vendor Detection with Enhanced Illumination (General Access). This new update provides additional volumes of 3rd and 4th party vendors, using collection methods that complement the existing AVD module. Learn More
June 1, 2022
- New Portfolio Table (General Access). This change brings better filtering options to an organization's portfolio along with improved UX around tagging, and the ability to search by name or domain within a portfolio table. Learn More
May
May 27, 2022
- Vendor Engagement Report (General Access). This report shows the status of invited vendors, how their scores compare, and how those scores have improved. Learn More
May 26, 2022
- Tagging IP and Domains (Internal Access). Includes new functionality such as assigning ‘same tag’ to multiple assets at once, Bulk Upload of thousands of tags along with assets, and ability to view and edit IP/Domain tags in ‘Issue Page’ and much more. Release date TBD
May 25, 2022
- June Scoring updates. These changes will go live on June 15th, 2022, and include increased coverage of TLS Certificate Measurements, Decreased rate of false positives, and Scoring Baseline updates. Learn More
May 24, 2022
- Global Search. This enables our CISOs and VRMs to do their jobs faster with accuracy by providing 'One Stop Shop' Search capability to search - Companies, Custom Scorecards, Portfolio and Tags. Learn More
May 19, 2022
- May Scoring updates. New Common Vulnerabilities and Exposures (CVEs) released as Informational, Reducing duplicate findings, Scoring baselines updated, and more. Learn More
May 18, 2022
- Issue Type Trends Report. This report will show what issues you should be prioritizing, how you can track specific issues, and how you can determine if an issue persists. Learn More
- Scorecard side navigation (Internal Access). Scorecard side navigation presents a clean scorecard with obvious indication of which tab is selected, providing minimal distractions on an organization's scorecard.
May 16, 2022
- Global Search (Early Access). This enables our CISOs and VRMs to do their jobs faster with accuracy by providing 'One Stop Shop' Search capability to search - Companies, Custom Scorecards, Portfolio and Tags. Learn More
May 12, 2022
- In-platform onboarding. Free users will now be greeted with an in-platform onboarding experience that welcomes them to the product and helps get them started.
May 9, 2022
- Scorecard navigation (Early Access). Improvements to the navigation within a Scorecard promotes and improves visibility of key features.
- Automatic Vendor Detection with Enhanced Illumination (Internal Access). This new update will provide additional volumes of 3rd and 4th party vendors, using collection methods that complement the existing AVD module.
May 3, 2022
- Updates to IBM QRadar integration. This update includes an overhaul of the app including the Python 2 codebase was upgraded to Python 3, a new base OS was used, and several bug fixes were also made.
- Updates to ServiceNow VRM integration. This integration has been upgraded to work with the newest version of ServiceNow, San Diego. Learn More
- Top 10 Cybersecurity Index page. This is a live leaderboard of the Top 10+ companies per industry for Public Scorecards. Learn More about Public Scorecards.
May 2, 2022
- CVE Impact on Companies. This report provides a simple view to help reduce systemic risk. Learn More
- Attack Surface Intelligence (Early Access). Attack Surface Intelligence (ASI) helps our customers respond faster to cyber threats by uncovering blind spots in their attack surface, including their third-party vendors. Public Release date TBD
April
April 27, 2022
- Company Triage Report. This report enables you to accurately prioritize your risk mitigation efforts. Identify which companies have the highest cyber risk and the most important issues to be addressed - all in one report. Learn More
April 26, 2022
- Cyber Risk Quantification. This new product offering enables customers to understand cyber risk in financial terms to bring cyber risk into holistic business risk analysis and assist organizations in a cost-benefit analysis of cyber investment options. Learn More
April 25, 2022
- Scorecard Tagging. Tagging enables speed by empowering CISOs and VRMs to rapidly identify, manage and prioritize security issues, as well as collaborate internally and externally on those specific issues. Learn More
April 21, 2022
- Atlas Generate Link. With this feature, a VRM can generate a guest user link while sending the questionnaires if the recipient is not an existing user of Atlas, which can be used by the recipient to create a guest user account and start filling in the questionnaire. Learn More
- Evidence Locker 3.0 (Internal Access). This update will bring further flexibility enhancements to Security Scorecard’s existing Evidence Locker capability. Public Release date TBD.
- Attack Surface Intelligence (Internal Access). Attack Surface Intelligence (ASI) helps our customers respond faster to cyber threats by uncovering blind spots in their attack surface, including their third-party vendors. Public Release date TBD
- Vendor Compliance Validation Report (Internal Access). Ensuring vendor compliance with a specific framework is time-consuming and can be inaccurate. This report is aimed at solving those challenges. Public Release date TBD.
April 14, 2022
- April Scoring Update. New Informational issue types added, updated definitions, bug fixes, and more. Learn More
April 11, 2022
- Update to primary site navigation. We've improved the look and feel of our Ratings platform including new branding, removing the footer, and updating the users profile icon to reflect their intials. Check it out!
March
March 31, 2022
- Issue Type Trends Report (Internal Access). This report will show what issues you should be prioritizing, how do you track specific issues, and how do you determine if an issue persists. Public Release date TBD.
March 29, 2022
- Vendor Engagement Status Report (Internal Access). This report will show the status of invited vendors, how their scores compare, and how those scores have improved. Public Release date TBD.
March 25, 2022
- Global Search (Internal Access).This enables our CISOs and VRMs to do their jobs faster with accuracy by providing 'One Stop Shop' Search capability to search - Companies, Custom Scorecards, Portfolio and Tags. Public release date coming in April 2022.
March 16, 2022
- Scorecard Header (Internal Access). We're working on improving the look and feel of our product. Public Release date coming in April 2022.
- CVE Impact on Companies report (Internal Access). This report provides a simple view to help reduce systemic risk. Public Release date coming in May 2022
March 11, 2022
- Scorecard Tagging (Internal Access).Tagging enables speed by empowering CISOs and VRMs to rapidly identify, manage and prioritize security issues, as well as collaborate internally and externally on those specific issues. Public Release date coming in April 2022.
March 8, 2022
- Company Triage Report (Internal Access). This report will enables you to accurately prioritize your risk mitigation efforts. Identify which companies have the highest cyber risk and the most important issues to be addressed - all in one report. Public Release date TBD.
March 3, 2022
- Pro plan. The SecurityScorecard Pro plan is a new plan with advanced features focused on an organization's own Scorecard to enable more powerful self-monitoring capabilities. Learn More
- Free account change. Portfolios for free accounts were reset. Teams can now monitor Scorecards from a shared and centralized place.
February
February 28, 2022
- Digital Footprint 2.0. This enables an easier way to understand, navigate and validate Digital Footprint assets. Learn More
- Removed legacy License & Usage and Subscription pages. Managing Scorecards a company is monitoring as well as Subscription details are now handled by our Account page. Learn More
- Badges. An easily embeddable icon that enables any company in the world to showcase their good cyber security health directly onto their website, all within a few steps. Learn More
January
January 28, 2022
- Login authentication between Ratings and Help Center. Users can now login to the Help Center with the same credentials they use to login to the Ratings platform.
January 20, 2022
- SecurityScorecard for ServiceNow VRM, v2.2 integration update. Several new features and bug fixes have been updated in our ServiceNow VRM integration. Learn More
January 19, 2022
- Fixed issue where adding your own Scorecard domain to a portfolio consumed a slot. Companies can now add their own domain to portfolios without a slot being taken up.
Comments
0 comments
Article is closed for comments.