In this article:
Internal Security is part of Internal Security Suite, which is in Early Access release for selected customers. To learn more, contact your Customer Success Manager.
Use SecurityScorecard's Internal Security module to provide your board and non-technical stakeholders with a real-time 360-degree view of your internal security posture and the likelihood of security events occurring.
To help you clearly quantify your risk, ISS captures and enumerates security issues with various severity levels and generates an internal score that is separate from your primary Scorecard score and visible only to your organization.
How Internal Security works
To gather relevant data behind your firewall, Internal Security integrates with your own security tools, such as endpoint detection and response (EDR) devices, multi-factor authentication (MFA) applications, firewalls, SIEMs and more.
Note: Internal Security currently supports three product integrations:
We will update this list as more integrations become available.
This data is specific to security events detected or reported by your own tools, such as:
- Suspicious firewall traffic
- Malware detection
- Failed login attempts
- Configuration issues
- Out-of-date software versions
SecurityScorecard process the data in a unique, isolated container that is completely separate from containers for other SecurityScorecard customers. We encrypt all this data at rest and in transit. The data is always behind AWS firewalls, and we never expose it.
Using best practices of data federation and governance, we can track the data from your assets, into our network, to a dedicated storage location, and then into our Ratings platform.
Install and configure Internal Security
Internal Security communicates directly with your own security tools to gather data, so integrating with these tools is critical.
Step 1: Configure your security tool integrations
Choose the products you want to integrate with Internal Security and then configure their integrations:
- For CarbonBlack, see this integration guide.
- For CrowdStrike Falcon, see this integration guide.
- For Fortinet FortiGate, see this integration guide.
- For KnowBe4, see this integration guide.
- For Tenable.io, see this integration guide.
- For other integrations, use this guide.
Step 2: Install Internal Security
- In SecurityScorecard, select Marketplace from the top menu.
- On the Integrate360° Marketplace page, click the InternalSecurity Suite tab and then select Internal Security to access the installation page.
- View a description of the Internal Security, and click Install.
Installation completes in seconds with no additional prompts or messages.
Step 3: Set up integrations in Internal Security
This step involves providing Internal Security with information to communicate with your security products after you configure their integrations.
- In your Scorecard header, click Internal Security Suite and then select Internal Security.
- Click Add integrations.
- Select the desired product from the drop-down list and then enter the required information, based on your integration setup. Then click Save Configuration.
Your integrations appear in a table on the Internal Security page.
View Internal Security score and findings
In your Scorecard header, click Internal Security Suite and then select Internal Security.
View the following overview information:
- Internal Security Score: A letter-grade rating of your internal security posture that is visible only to your organization and unrelated to your overall Scorecard score.
- Tally and breakdown of assets and events from which the issue types are derived:
- Computing infrastructure includes servers, desktops, databases, and other endpoints deployed in your organization.
- Network infrastructure involves includes firewalls, internal and external routing devices, load balancers, gateways, and related components.
- User activity involves failed logins, document access, email access, and similar events.
- Other includes processes such as patching and updates.
- Internal footprint of all the security tool integrations deployed in your environment.
Expand the severity categories to view issue types.
Click any issue to view information about it.
Scroll down the issue details page to view findings. Use the Evidence column to identify the source of each findings so that you can take action to address it.
Tip: See descriptions of all issue types that Internal Security finds.
View your Internal Security footprint
On the Internal Security page, scroll down to view your internal footprint, which lists deployment details about your integrated security tools. This is a helpful reference for inspecting security events.