Skip to main content

ISS Internal Security module (Beta)

Mark Glinski
  • Updated

In this article:

    Internal Security is part of Internal Security Suite, which is in Early Access release for selected customers. To learn more, contact your Customer Success Manager.

    Use SecurityScorecard's Internal Security module to provide your board and non-technical stakeholders with a real-time 360-degree view of your internal security posture and the likelihood of security events occurring.

    To help you clearly quantify your risk, ISS captures and enumerates security issues with various severity levels and generates an internal score that is separate from your primary Scorecard score and visible only to your organization.

    iss-internal-overview-hover.png

    How Internal Security works

    To gather relevant data behind your firewall, Internal Security integrates with your own security tools, such as endpoint detection and response (EDR) devices, multi-factor authentication (MFA) applications, firewalls, SIEMs and more.

    Note: Internal Security currently supports three product integrations:
    • Duo
    • KnowBe4
    • Qualys

    We will update this list as more integrations become available.

    This data is specific to security events detected or reported by your own tools, such as:

    • Suspicious firewall traffic
    • Malware detection
    • Failed login attempts
    • Configuration issues
    • Out-of-date software versions

    SecurityScorecard process the data in a unique, isolated container that is completely separate from containers for other SecurityScorecard customers. We encrypt all this data at rest and in transit. The data is always behind AWS firewalls, and we never expose it.

    Using best practices of data federation and governance, we can track the data from your assets, into our network, to a dedicated storage location, and then into our Ratings platform.

    Install and configure Internal Security

    Internal Security communicates directly with your own security tools to gather data, so integrating with these tools is critical.

    Step 1: Configure your security tool integrations

    Choose the products you want to integrate with Internal Security and then configure their integrations: 

    Step 2: Install Internal Security

    1. In SecurityScorecard, select Marketplace from the top menu.

      marketplace-off-platform-header.png

    2. On the Integrate360° Marketplace page, click the InternalSecurity Suite tab and then select Internal Security to access the installation page.

      iss-marketplace.png

    3. View a description of the Internal Security, and click Install.

      iss-internal-install.png

    Installation completes in seconds with no additional prompts or messages.

    Step 3: Set up integrations in Internal Security

    This step involves providing Internal Security with information to communicate with your security products after you configure their integrations.

    1. In your Scorecard header, click Internal Security Suite and then select Internal Security.

      iss-iss-cloud.png
    2. Click Add integrations.

    3. Select the desired product from the drop-down list and then enter the required information, based on your integration setup. Then click Save Configuration.

      iss-internal-integrations-add-info.png


    Your integrations appear in a table on the Internal Security page.

    iss-internal-integrations-list.png

    View Internal Security score and findings

    In your Scorecard header, click Internal Security Suite and then select Internal Security.

    iss-iss-cloud.png

    View the following overview information:

    • Internal Security Score: A letter-grade rating of your internal security posture that is visible only to your organization and unrelated to your overall Scorecard score.
    • Tally and breakdown of assets and events from which the issue types are derived:
      • Computing infrastructure includes servers, desktops, databases, and other endpoints deployed in your organization.
      • Network infrastructure involves includes firewalls, internal and external routing devices, load balancers, gateways, and related components.
      • User activity involves failed logins, document access, email access, and similar events.
      • Other includes processes such as patching and updates.
    • Internal footprint of all the security tool integrations deployed in your environment.

    iss-internal-overview-hover.png

    Expand the severity categories to view issue types.

    iss-internal-issues-expanded.png

    Click any issue to view information about it.

    iss-internal-issue-detail.png

    Scroll down the issue details page to view findings. Use the Evidence column to identify the source of each findings so that you can take action to address it.

    iss-internal-issue-findings.png


    Tip: See descriptions of all issue types that Internal Security finds.

    View your Internal Security footprint

    On the Internal Security page, scroll down to view your internal footprint, which lists deployment details about your integrated security tools. This is a helpful reference for inspecting security events.


    iss-internal-footprint.png

     

     

     

     

     

    Related articles