ISS Internal Security module (Beta) – Help Center

How Internal Security works

To gather relevant data behind your firewall, Internal Security integrates with your own security tools, such as endpoint detection and response (EDR) devices, multi-factor authentication (MFA) applications, firewalls, SIEMs and more.

This data is specific to security events detected or reported by your own tools, such as:

Suspicious firewall traffic
Malware detection
Failed login attempts
Configuration issues
Out-of-date software versions

SecurityScorecard process the data in a unique, isolated container that is completely separate from containers for other SecurityScorecard customers. We encrypt all this data at rest and in transit. The data is always behind AWS firewalls, and we never expose it.

Using best practices of data federation and governance, we can track the data from your assets, into our network, to a dedicated storage location, and then into our Ratings platform.

Install and configure Internal Security

Internal Security communicates directly with your own security tools to gather data, so integrating with these tools is critical.

Step 1: Configure your security tool integrations

Choose the products you want to integrate with Internal Security and then configure their integrations:

For CrowdStrike Falcon, see this integration guide.
For Fortinet FortiGate, see this integration guide.
For Tenable.io, see this integration guide.
For other integrations, use this guide.

Step 2: Install Internal Security

In SecurityScorecard, select Marketplace from the top menu.
On the Integrate360° Marketplace page, click the InternalSecurity Suite tab and then select Internal Security to access the installation page.
View a description of the Internal Security, and click Install.

Installation completes in seconds with no additional prompts or messages.

Step 3: Set up integrations in Internal Security

This step involves providing Internal Security with information to communicate with your security products after you configure their integrations.

In your Scorecard header, click Internal Security Suite and then select Internal Security.
Click Add integrations.
Select the desired product from the drop-down list and then enter the required information, based on your integration setup. Then click Save Configuration.

Your integrations appear in a table on the Internal Security page.

View Internal Security score and findings

In your Scorecard header, click Internal Security Suite and then select Internal Security.

View the following overview information:

Internal Security Score: A letter-grade rating of your internal security posture that is visible only to your organization and unrelated to your overall Scorecard score.
Tally and breakdown of assets and events from which the issue types are derived:

Computing infrastructure includes servers, desktops, databases, and other endpoints deployed in your organization.
Network infrastructure involves includes firewalls, internal and external routing devices, load balancers, gateways, and related components.
User activity involves failed logins, document access, email access, and similar events.
Other includes processes such as patching and updates.

Internal footprint of all the security tool integrations deployed in your environment.

Expand the severity categories to view issue types.

Click any issue to view information about it.

Scroll down the issue details page to view findings. Use the Evidence column to identify the source of each findings so that you can take action to address it.

Tip: See descriptions of all issue types that Internal Security finds.

View your Internal Security footprint

On the Internal Security page, scroll down to view your internal footprint, which lists deployment details about your integrated security tools. This is a helpful reference for inspecting security events.