In this article:
Internal Security Suite (ISS) is in Early Access release for selected customers. To learn more, contact your Customer Success Manager.
Use this article as a reference to learn about all possible issue types that SecurityScorecard's ISS modules can discover in your internal and cloud environments.
Internal Security issue types
Browse issue types based on integration categories and products that provide relevant data:
Learn about ISS Internal Security (Beta).
Issue types provided by endpoint detection and response (EDR) integrations
| Issue type | Severity | Supported products |
Description |
| Endpoint security product detected | Positive |
CarbonBlack CrowdStrike McAfee MVISION |
We detected a product that provides internal malware protection and prevention in your internal network. EDR solutions are critically important for neutralizing threats that occur behind your firewall. These products can discover, and help prevent risks, ranging from phishing campaigns to malware attacks. |
| Endpoint threat detected | High |
CarbonBlack McAfee MVISION |
We detected that an endpoint protection product triggered an alert that was not filtered out. Internal endpoints such as desktops, laptops, mobile devices, and virtual desktops are highly sensitive targets. If exploited, they can provide attackers with unauthorized access and cause breaches of sensitive data. |
| Endpoint threat remediated | Positive |
CarbonBlack McAfee MVISION |
An EDR product signaled that an attack on an endpoint in your internal network was remediated. A quick, coordinated response to an attack on an internal endpoint, such as a desktop, laptop, mobile device, or virtual desktop, can limit the impact, and prevent the spread, of further damage or data loss. |
| Host-based firewall present | Positive |
CarbonBlack McAfee MVISION |
We detected a firewall running on a computer inside the network. |
| Out-of-date endpoint security | Medium |
CarbonBlack McAfee MVISION |
We detected an out-of-date version of an endpoint protection product inside the network. The effectiveness of an EDR product is diminished if its version is out of date. Providers of these solutions continuously update these products to address new and evolving threats that rapidly emerge. |
Issue types sourced from firewall integrations
| Issue type | Severity | Supported products |
Description |
| Admin service down | Medium | FortiNAC | We detected a failure in a firewall admin service. A failure may indicate risk of exposure. |
| Gateway antivirus present | Positive |
FortiGate FortiWeb |
We detected the presence of a host-based firewall running with antivirus detection. |
| Gateway antivirus service expired | Medium | FortiWeb | We detected a gateway device with out-of-date antivirus signatures. Expired antivirus signatures offer little protection for your assets. |
| Gateway antivirus service is valid | Positive | FortiWeb | We detected a gateway device with valid antivirus signatures. Maintaining valid antivirus signatures is a security best practice. |
| Gateway antivirus service not valid | Medium | FortiWeb | We detected a gateway device with an invalid antivirus signatures. Invalid antivirus signatures offer little protection for your assets. |
| Gateway antivirus signatures out of date | Medium | FortiWeb | We detected a gateway device with out-of-date antivirus signatures. Expired antivirus signatures offer little protection for your assets. |
| Gateway antivirus signatures updated | Positive | FortiWeb | We detected a gateway device with up-to-date antivirus signatures. Maintaining up-to-date AV signatures is a security best practice. |
| HTTP antivirus scan enabled | Positive | FortiGate | We detected a gateway device with a web application firewall (WAF) enabled. A WAF is a security best practice. |
| Out-of-date firmware | Medium | We detected an out-of-date version of firmware running on your internal network. Firmware is the software that comes preinstalled on network hardware devices. Like an operating system that runs on your smart phone or your personal computer, it controls the inner workings of the device. For example, it enables the router to communicate wirelessly with other network devices and helps protect your network from malware, viruses, and other threats. If your router firmware version is out of date, its ability to provide this protection is diminished.` | |
| Out-of-date operating system | Medium | FortiNAC | We detected a device with an out-of-date operating system. Keeping the operating system of your firewall up to date is critical to your network security. |
Issue types sourced from multifactor authentication (MFA) integrations
| Issue type | Severity | Supported products |
Description |
| Account lockout threshold enabled | Positive | Duo | The ability to verify a user's identity with a second factor, such as the user's phone number, prevents malicious parties, from logging into your internal assets, even if they have captured the user's password. Installing and regularly updating a two-factor authentication solution is an important security practice that provides a second line of defense. |
| Failed 2FA authentication | Medium | Duo | A two-factor authentication device in your internal network signaled an authentication failure. The ability to verify a user's identity with a second factor, such as the user's phone number prevents malicious parties from logging into your internal assets, even if they have captured the user's password. If the two-factor authentication device fails to authenticate, that second line of defense falls, allowing easier access for attackers. |
| Strong minimum password length set | Positive | Duo | We detected a strong minimum password challenge in your internal network. Enforcing complex passwords prevents brute forcing, where malicious parties use complex algorithms to guess user passwords. One major risk factor is ease of access for an attacker, so complex factors can be a line of defense. |
Issue types sourced from vulnerability management integrations
| Issue type | Severity | Supported products |
Description |
| Completed vulnerability management scans | Positive |
Qualys Tenable |
We detected network vulnerability scans in the last seven days. Regular scanning is a best practice for managing vulnerabilities in your environment. |
| Software installed in the cloud VM | Informational | Tenable | We detected a list of applications installed in the cloud-based virtual machine, which we display in the findings table for this issue type. |
| Vulnerabilities in the version of the software installed in the VM |
Medium | Tenable | We detected vulnerabilities inside scanned network assets. Vulnerabilities can expose your network assets to exploits. |
| Vulnerabilities in cloud Windows instance | Medium | CrowdStrike | We detected vulnerabilities inside Windows cloud-based instances. Vulnerabilities can expose your Windows assets to exploits by threat actors. |
| Vulnerabilities in cloud Linux instance | Medium | CrowdStrike | We detected vulnerabilities inside Linux cloud-based instances. Vulnerabilities can expose your Linux assets to exploits by threat actors. |
Cloud Security issue types
Browse issue types based that are sourced from different resource categories in your cloud:
- Account summary: Management of the AWS account permissions
- Compute: Management of servers, desktops, databases, and other endpoints deployed in your organization
- Database: Management of databases and stored data
- Password policy: Mandated practices for password length, complexity, reuse, and more
- Logging: Management of logging operations
- Queue: Management of processes such as patching and updates
- Storage: Management of devices used to store data
- User: Provisioning and management of users
Note: ISS Cloud Security currently supports integration with Amazon Web Services (AWS).
Learn about Cloud Security (Beta).
| Issue type | Severity | Cloud resource | Description |
| Database instances are not encrypted | High | Database | We observed that databases in your AWS account are not encrypted. Unprotected stored data leads to identity theft, fraud, and theft of financial resources from employees and customers. Encryption, a best practice for data protection, involves translating data into another form, or code, so that only people with access to a secret key or password can read it. With Amazon relational database service (RDS), you can increase data protection of your applications deployed in the cloud, and to fulfill compliance requirements for encryption at rest. |
| Ephemeral disks are not encrypted | High | Compute | We observed that ephemeral storage disks in your AWS account are not encrypted. Encrypting data at rest is an important security practice that ensures that storage disks are not readable by any user or application without a valid key. Lack of encryption exposes stored data to compromise by threat actors. |
| Object storage buckets allow public access | Low | Storage | We observed that object storage buckets in your AWS account allow public access. Instead of broadly allowing public access, manage access on an as-needed basis. |
| Object storage buckets are not encrypted | High | Storage | We observed that object storage buckets in your AWS account are not encrypted. Encrypting data at rest is an important security practice that ensures that storage disks are not readable by any user or application without a valid key. Lack of encryption exposes stored data to compromise by threat actors. |
| Password policy does not prohibit reuse | Medium | Password policy |
We observed that your Amazon Web Services (AWS) password policy permits password reuse, which can increases the risk of a breach. If a user continually recycles a password across different services, and any of these services are compromised, a threat actor can leverage the stolen password for credential stuffing, the automated submission of stolen username and password pairs in website login forms. Prohibiting password reuse prevents the use of previously stolen credentials in such attacks. |
| Password policy does not require regular updates | Low | Password policy |
We observed that your Amazon Web Services (AWS) password policy does not require regular updates. Changing passwords frequently and regularly makes it more difficult for threat actors to compromise your first line of defense. A healthy password update policy helps limit breaches to multiple accounts, prevents threat actors from accessing your account multiple times or from using saved passwords, and limits access by keystroke loggers who steal passwords through keystroke surveillance. |
| Persistent disks are not encrypted | High | Compute | We observed persistent disks in your AWS account that are not currently encrypted.Encrypting data at rest is an important security practice that ensures that storage disks are not readable by any user or application without a valid key. Lack of encryption exposes stored data to compromise by threat actors. |
| Queues are encrypted with provider-managed keys | Low | Queue | We discovered that queues in your AWS cloud are encrypted with provider-managed keys. Using a customer-managed key (CMK) is recommended. |
| Queues are not encrypted | High | Queue | We observed that queues are not encrypted, which can leave sensitive data exposed. |
| Root user account without MFA enabled | High | Account summary | We observed that the root user in your Amazon Web Services (AWS) account has access keys. The root user has the highest privileges in your Amazon Web Services (AWS), with full access to literally everything in it. This level of permission makes the root user an attractive target for threat actors, and an attack could result in significant damage and data loss for your cloud assets. It is important to protect this role with multi-factor authentication, making it more difficult for threat actors to compromise it. |
| Root user account has access keys | High | Account summary | We observed that the root user in your Amazon Web Services (AWS) is not protected with multi-factor authentication (MFA). The root user has the highest privileges in your AWS account, with full access to literally everything in it. This user should not have access keys, which are long-term credentials for performing programmatic operations with the AWS API. Access keys cannot be connected to mutifactor authentication (MFA) devices. If they are exposed anywhere public, such as a GitHub repository, anyone with malicious intent can use them relatively easily to carry out damaging actions against your AWS assets or data. |
| Users with access keys that are not rotated regularly | High | User | Rotating access keys diminishes the risk if they are compromised without your knowledge. The practice limits how long anyone, including. a threat actor, can use the key to access your resources. You can apply a custom password policy to your account to require all your IAM users to rotate their AWS Management Console passwords. You can also mandate how often. |
| Users with passwords that are not rotated regularly | Medium | User | We observed that users in your Amazon Web Services account have access keys that are not rotated regularly. Rotating passwords diminishes the risk if they are compromised without your knowledge. The practice limits how long anyone, including. a threat actor, can use the password to access your resources. You can apply a custom password policy to your account to require all your IAM users to rotate their AWS Management Console passwords. You can also mandate how often. |
| Users with unused access keys | Low | User | We observed that users in your Amazon Web Services (AWS) account have unused access keys. Unused or unnecessary access keys in your AWS account may escape attention, making it easier for threat actors to steal them to access your cloud assets and data. Observe best practices to limit unused passwords. Only users who perform operations on the console should have access keys. Others should not. |
| Users with unused passwords | Low | User | We observed that users in your Amazon Web Services (AWS) account have unused passwords. Unused or unnecessary passwords in your AWS account may escape attention, making it easier for threat actors to steal them to access your cloud assets and data. Observe best practices to limit unused passwords. if you created an IAM user for an application that does not use the console, then the IAM user does not need a password. |
| Users without MFA enabled | High | User | We observed that the root user in your Amazon Web Services (AWS) is not protected with multi-factor authentication (MFA), making it easier for threat actors to compromise it. MFA requires users to provide unique authentication from an AWS-supported MFA mechanism in addition to their regular sign-in credentials. Even if a threat actor can brute force or otherwise compromise usernames and passwords, their ability to breach your environment is impeded by MFA a second line of defense. |