Skip to main content

Learn about Internal Security Suite (Beta)

Mark Glinski
  • Updated

In this article:

    Internal Security Suite (ISS) is in Early Access release for selected customers. To learn more, contact your Customer Success Manager.

    Share with your board and non-technical stakeholders a real-time 360-degree view of your internal and cloud security posture and the likelihood of security events occurring. To help you clearly quantify your risk, ISS generates internal and cloud scores that are separate from your primary Scorecard score and visible only to your organization.

    ISS includes two components that you can install and use separately: 

    • Internal Security integrates with your own security tools to identify and prioritize issues behind your firewall that have the greatest impact on your security posture. 
    • Cloud Security integrates with your Amazon Web Services (AWS) accounts to give you a comprehensive security view of all your organization’s cloud-based Digital Footprint.

    FAQ

    How does Cloud Security get access to my cloud data?

    Cloud Security uses AssumeRole, a standard token service provided by Amazon Web Services (AWS) to establish cross-account trust between AWS customers and service providers such as SecurityScorecard. This gives Cloud Security read-only access to the results of the API calls that describe the relevant AWS resources.

    What data does Cloud Security gather?

    Cloud Security evaluates the security-relevant configurations of many AWS services such as:

    • S3 buckets
    • Compute Instances
    • Databases

    It flags misconfigurations that expose your cloud services to compromise. 

    Does Cloud Security access any data stored within my cloud resources?

    No.

    How does Internal Security get access to my behind-the-firewall data?

    Internal Security authenticates with your security tools using API keys connected to special user accounts that you generate and provide during setup. 

    To enable Internal Security to communicate with your products, add the IP address  54.88.49.59 to your allowlist.

    What data does Internal Security collect?

    Internal Security collects configurations and security-relevant events from your security tools, which includes, but it is not limited to:

    • Endpoint detection tools
    • Firewalls
    • Authentication services

    In addition to malware events, Internal Security flags configuration issues like out-of-date product versions, weak password policies, lack of multi-factor authentication, and exposed services behind your firewall.

    Does Internal Security modify any sensitive data stored behind my firewall?

    No.

    How does SecurityScorecard process my internal data?

    We process your data in a unique, isolated container that is completely separate from containers from other SecurityScorecard customers.

    We encrypt all this data at rest and in transit. The data is always behind AWS firewalls, and we never expose it. Using best practices of data federation and governance, we can track the data from your assets, into our network, to a dedicated storage location, and then into our Ratings platform.

    Are my Internal Security or Cloud Security scores or issues visible outside of my organization?

    No. They are only visible to user accounts connected to your organization.

    How do ISS data and reports tell me what I need to know without contributing additional “noise” to my Scorecard? 

    You only receive ISS data if you install Internal Security or Cloud Security modules. ISS data and scores remain separate from your main Scorecard. They are only visible to you and do not impact your overall Scorecard score.

    Does my ISS data get updated in my Scorecard in real time?

    ISS obtains data from your configured integrations and cloud accounts on a daily basis. The time and frequency of collection is configured by SecurityScorecard..

    How can ISS complement or enhance my security operations center (SOC) or my managed security services (MSS)?

    ISS collects data from a variety of integrations and cloud providers and shows this data in one location.

    Can I share my ISS data externally with clients, insurers, board members or others?

    SecurityScorecard is evaluating this important capability for a future release.

    What controls do I have over who can see my data, how long, or what portions or levels of detail)?

    Your ISS data is only visible within your account. You can determine how and when to share it with others.

    How often are my Internal Security and Cloud Security scores updated?

    We compute and update Internal and Cloud Security scores on the same schedule as other factor scores..

    What do my Internal Security and Cloud Security scores mean?

    Like other factor scores in the platform, Internal and Cloud Security scores provide an easy-to-understand rating of your security posture in both of these important areas of cyber-hygiene. Higher scores indicate better cyber-hygiene and less likelihood of a breach.

    How do I improve my Internal Security and Cloud Security scores?

    Configuring integrations for the internal security solutions you already use is a great way to improve your Internal Security score as well as provide more and more actionable data to your teams. Connecting cloud accounts and operating those accounts in accordance with the cloud provider’s best practices for security is the best way to increase your Cloud Security score.

    How do I prioritize what to improve, when I have issues on my Scorecard and issues found through ISS?

    As with other factors and issues in your Scorecard, you can triage which findings to remediate by severity level. 

    How do my ISS scores and my overall Scorecard score relate to each other?

    Your Internal and Cloud Security scores do not affect your overall Scorecard score at all. 

    How do I explain the Internal and Cloud Security scores to my board?

    Although these scores do not affect your overall Scorecard score, they complement it to provide a 360-degree view of your security posture. By assessing your risk from external, internal, and cloud perspectives, you can clearly explain the likelihood of security events occurring and showcase your security team’s ROI.

    What reporting can I do with ISS scores?

    You can present ISS scores to your board of directors, vendors with interest in the data (using export functionality), internal stakeholders who may want to address the issues, and anyone you provide platform access to within your company domain. Initially, the ISS tab will report high-level analytics in the first release, a digital footprint, and detailed breakdown of every issue type, evidence for each, descriptions, and recommendations just like the main score factors.

    How accurate is the data in ISS?

    The data comes directly from security vendors installed with the ISS integrations. SecurityScorecard does not control the data these vendors’ tools produce.

    What is SecurityScorecard’s capacity for handling ISS data in terms of organization size?

    The ISS backend technology can handle thousands of devices, networks, users, and other sources in each organization. The capacity will continue to improve and scale with future releases.

    How does SecurityScorecard determine severity levels for the issues that Internal Security and Cloud Security find?

    Subject matter experts with SecurityScorecard’s Threat Research team determine issue severity levels. These levels can be changed. The team follows a standard change-control process to adjust severity levels.

    How does SecurityScorecard score the issues that Internal Security and Cloud Security find?

    We leverage the same scoring framework that we use for our industry-leading security scores to power Internal Security and Cloud Security scoring. Your internal or cloud score will reflect your performance compared to a peer group. This enables your security professionals to understand how your network or cloud environment compares to other organizations.

    Related articles