Q2 2022 launch release notes

In this article:

About this release

SecurityScorecard’s Q2 ‘22 Release is the next evolution of the SecurityScorecard platform, bringing you a holistic approach to cybersecurity that enables them to evolve from risk management to risk intelligence. This release includes:

• Four new product modules
• A suite of pre- and post-breach professional services
• Newly released features to our security ratings
• Nine new Marketplace integrations

Outside-In View of Risk

Go deeper into our data with our newly added product modules and enhancements to Ratings, bringing you holistic risk intelligence products and services. 

Attack Surface Intelligence (ASI)
Early Access

Illuminate your security blind spots with a unified view of your attack surface 

SecurityScorecard’s Attack Surface Intelligence (ASI) is the first to unify attack surface, attribution, and deep threat intelligence into a single platform, arming security teams with better and faster threat attack analysis. Identify and respond to threats faster, scale your security teams, and save time with faster analysis through a single console that combines threat intelligence, IP scanning, domain attribution, vendor risk management, and CVE/malware trackers. Click here to request early access.

Automatic Vendor Detection

Gain a complete view of your vendor ecosystem.

Automate and scale your third-party risk management workflows with SecurityScorecard’s Automatic Vendor Detection (AVD). AVD instantly gives you a view of your digital third- and fourth-party ecosystem, enabling you to visualize and take proactive steps to mitigate risk. Additionally, a Supply Chain Risk Score is calculated, quantifying the combined risk of your organization and your entire digital supply chain. 

Badges

Put your security score front and center. 

Easily showcase your organization’s security health to your partners, customers, vendors, and the public with Badges. Save time, boost confidence in your organization, and be the vendor or partner of choice by showcasing your cybersecurity Rating on your website. Learn more about Badges and how to add it to your website here.

Tagging

Discover risk faster by making it easier to find the right Scorecards.
Tagging makes it simple to assign, sort, and filter assets and vendors based on metadata. Companies can create and assign custom tags by function, criticality, geography, purpose, or any other factor to anything in their portfolio, enabling them to find all relevant items with a click. Tags give customers a new way to interact with and manage their portfolios so they can increase their visibility and more effectively discover, track, and monitor security issues. 

Digital Footprint enhancements

Understand the score impact and risk associated with your digital footprint assets.

Digital Footprint 2.0 enables an easier way to understand, navigate and validate Digital Footprint assets. Customers can see the status of digital footprint IPs/Domains refutes to build trust and better manage expectations around score changes. Sort by Issue Count and score impact, and score impact per asset to pinpoint your most critical assets

Global Scorecard Search

One-stop-shop search capability in the SecurityScorecard platform

Find the information you need, faster, with our enhanced search capabilities. Leverage our enhanced search field to find companies, custom scorecards, portfolios, and tags. Additionally, automatic search suggestions and autosave of previous searches makes it easier to find and remember what you are looking for. 

Inside-out view of risk 

Bring a holistic view of risk that augments external ratings capabilities with data from an organization’s own infrastructure provided them. 

Internal Security Suite
Early Access

Capture an inside-out view of your cybersecurity readiness with SecurityScorecard’s Internal Security Suite. 

Internal Security Suite (ISS) provides you with a confidential rating for both your internal security and your cloud security. With Internal Security Suite (ISS) you get a full view of your entire organization’s assets while also being able to tell the story of your findings through our comprehensive reporting. Internal Security Suite (ISS) allows you to centralize all of your insights from your security tools, accounting for both on-premises and cloud assets, in an easy-to-understand, real-time A-F scoring system. These scores can then be used to detect, prioritize, and make informed decisions about how to effectively protect your organization. Click here to request early access.

Evidence Locker 3.0

Making your security posture more discoverable and accessible.

Evidence Locker 3.0 brings further flexibility enhancements to Security Scorecard’s existing Evidence Locker capabilities.  Companies now have an unlimited number of evidence badges, can upload multiple artifacts of the same evidence type, and arrange their artifacts based on importance in an effort to make their security posture more shareable and digestible outside of their own organization.

Cyber Risk reporting

Showcase the impact of your security programs with the tools to easily quantify and communicate risk meaningfully to stakeholders. 

Cyber Risk Quantification

Optimize cyber risk management investments.

SecurityScorecard’s Cyber Risk Quantification translates cyber risk into dollars, assisting you in a cost-benefit analysis of different cyber investment options. Lower your cyber risk, strengthen the balance sheet, and improve communication of risk with the insights obtained from the combination of SecurityScorecard’s ratings data and leading cyber risk models from ThreatConnect. Implement a repeatable and trustworthy model for quantifying cyber risk instead of relying on labor intensive assessments that take weeks to complete and are based on outdated snapshots of the business.

Benchmarking report

Benchmark your organization’s cybersecurity resilience.

Benchmarking reports enables you to benchmark your own organization's risk and security hygiene against competitors or industry peers and benchmark the security posture of a vendor or potential vendor against other third parties.

Company Triage Report 

Prioritize your organization’s risk mitigation efforts.

Company Triage report enables you to accurately prioritize your risk mitigation efforts, identify which companies present the highest cyber risk and the specific security issues that need urgent attention.

Marketplace

Integrate SecurityScorecard data into the solutions you already use to power data-driven workflows. 

CrowdStrike

Continuously monitor, grade, and help improve the cybersecurity posture of your organization.

Receive actionable details in Falcon for all issues detected across your external environments with SecurityScorecard’s context enrichment app available in the CrowdStrike store. View continuously refreshed sub-scores in Falcon that measure any organization’s performance across 10 key risk factors. Additionally, see internal signals from CrowdStrike among the other issues for your organization in Scorecards.

Palo Alto XSOAR

Speed up your ability to identify and react to potentially critical conditions.

SecurityScorecard’s integration with Cortex XSOAR enables you to add cyber risk ratings to your Cortex XSOAR workflows. Utilize your Cortex dashboard to visualize SecurityScorecard incidents and the alerts driving them. Use ready-made playbooks to trigger remediation workflows.

RapidRatings

Manage supply chain and third-party risk through deep insight into financial health.

See the Financial Health Rating for each portfolio in your RapidRatings account directly in Scorecards. The rating is a single number from 0-100 that indicates the overall financial health of a given company at a glance.

ThreatConnect

Automatically translate cyber risk into financial terms.

With SecurityScorecard and ThreatConnect you can move against threats with remediation recommendations based on top security frameworks. Run custom scenarios using ThreatConnect RQ’s automated model, FAIR scenarios, and Semi-Automated FAIR Scenarios

Axio

Quantify cyber risks in seconds to see your financial exposure to catastrophic scenarios.

Continuously model how security decisions will impact your business with SecurityScorecard and Axio. Analyze the unique risks to your business and calculate how individual scenarios would impact the bottom line. Plan for the cyber threats that will have the largest financial impact across your organization.

ServiceNow VRM 2.2

Instantly rate and understand the cyber security risk of any vendor in your portfolio.

Use SecurityScorecard ratings to determine which vendors to prioritize for deeper reviews in ServiceNow VRM. Automatically create and send ServiceNow assessment when a vendor’s SecurityScorecard scores fall below the minimum threshold you set. Invite vendors to join SecurityScorecard for free, so they can improve scores by acting on issue-level remediation guidance.

Splunk

Enable deeper insights into enterprise and third-party cyber risk.

Use Splunk to integrate internal cybersecurity events and log data with SecurityScorecard ratings and issue-level event information. Leverage SecurityScorecard data in existing VRM or other security operations programs managed by SIEM platforms.

OneTrust Third-Party Risk Exchange

Monitor vendor risks, compliance, and controls over time.

Receive a vendor’s overall security score powered by SecurityScorecard in the Vendorpedia Third-Party Risk Exchange. Get updates when a vendor’s security, privacy, and compliance posture changes. 

Professional Services

Third-Party Risk Management Program Review

Build a trusted TPRM program with our risk experts.

Whether you are maturing an existing program or just getting started, our third-party risk management (TPRM) program experts will work with you to identify how to mature your TPRM program and improve efficiencies in your organization while reducing risk. 

Cyber Risk Intelligence as a Service

Use tailored threat intelligence to answer your most important questions.

Receive deep threat intelligence about emerging threats that are attacking or targeting your company, vendors, and executives with our bespoke Cyber Risk Intelligence as a Service (CRIaaS). Understand threat actor behavior, motivations, plans, and intentions with a tailored continuous global and relevant view of evolving cyber risk to your organization. 

Digital Forensics, Investigation, and Response (DFIR)

Minimize the impact of cyber attacks with fingerprint and evidence analysis on demand.

Act decisively to any threat with our on-demand team of digital forensics, investigation, and response experts from SecurityScorecard LIFARS. Our experts move at a high rate of speed with military precision to minimize your threat attack surface, extent of compromise, and damage associated with a cyber attack. This service is available on-retainer at an agreed upon rate or on-demand. 

Incident response

Gain peace of mind knowing cyber resilience experts are a call away.

Be ready to respond to any threat with our incident response commanders available 24/7 and onsite during a crisis to support execution of IR plan, including: swift containment, prioritizing remediation, regulatory reporting, restoring critical business functions, and minimizing the impact of an incident. This service is available on-retainer at an agreed upon rate or on-demand. 

Tabletop exercises

Prepare and practice for incidents, building cyber resiliency.

Test your organization’s Incident Response (IR) plan and your team’s ability to respond effectively to a real-life incident scenario when time is of the essence. This practice exercise helps determine where to improve whether that is through enhanced training, identifying gaps or weaknesses in the IR plan, or among the team. 

Penetration testing

Test the real-World effectiveness of your security controls while achieving compliance.

Perform a simulated cyber attack against your computer systems will identify vulnerabilities that are impossible to detect with scanning software; assess the magnitude of potential business and operational impacts to successful attacks; determine the feasibility of a customized set of attack vectors; test the ability of your network defenders to successfully detect and respond to attacks; provide context to support increased investments in security ; and meet annual and ongoing compliance requirements. 

Red teaming

Test if your organization can stand a real-life attack.

Leave nothing to chance with a red team exercise for your organization. A cover red team test will check how your team detects and responds to a cyber attack by turning the offensive on yourself helps to strengthen your security defenses. 

Academy

Cybersecurity in the Boardroom

Learn how the board of directors and CISO can team up to protect a company from cyber attack and build resilience.

Corporate board members are known for their relentless focus on the bottom line. In this course, you will learn how board members and CISOs can work together to protect their company from cyber attack,  build resilience,  and communicate the business impact that cybersecurity has on the bottom line. Take the course and claim your certification here! Promo code: secureacademy100

Cybersecurity Insurance Strategies

Gain a deeper understanding of how cybersecurity insurance works for buyers and sellers.

This course demystifies the world of cyber insurance. Learn how cyber insurance is approached by all four market participants in the insurance process - buyers, brokers, underwriters, and loss control managers - and how security ratings act as a common language to discuss and evaluate cyber risk. Take the course and claim your certification here! Promo code: secureacademy100

Self-Monitoring with SecurityScorecard

Gain a better understanding of how to leverage SecurityScorecard to continuously monitor your organization's cybersecurity resilience. 

This course is designed to teach you how to do exactly that; get you set up and running within about 20 minutes. Available to all users with a free or paid SecurityScorecard plan. In this course you’ll learn how security ratings work, how to use SecurityScorecard, how to understand your organization’s security rating, and how to increase your organization’s security rating. Take the course and claim your certification here!