Q4 2022 launch release notes

In this article:

Ratings

Portfolio role-based access control (RBAC) 

Provide and restrict portfolio access for specific users.

• SecurityScorecard's Portfolio RBAC enables you to control and delegate specific responsibilities to users based on their access level. With RBAC, you can ensure compliance by preventing users from accessing information that does not pertain to them. With access controls you can create, edit, delete Portfolios (Private, Team, Company), Tags, and Evidence Locker. Your SecurityScorecard administrator can also now delegate user management permissions to specific users. 

Non-domain accounts

Create separate accounts for sub-domains.

• As a subdomain user, you can now purchase your own SecurityScorecard account with separate licensing and slot consumption,  which contributes to operational security and more flexibility.

Tagging

Identify ecosystem risk faster.

• Tagging is available for Scorecards, IPs, domains, and issue fIndings. Tagging enables you to organize and prioritize assets in your Portfolio, Digital Footprint, and on the Issues tab.  RBAC for tagging eliminates the potential for too many tags to be created or edited without value and permissions. Tags save time and allow you to do your job faster when managing assets and vendors based on specific criteria. 

Custom Scorecard Version 3.0

Create higher functioning and improved custom Scorecards.

• Version 3.0 of Custom Scorecards feature improved score accuracy and more precise filtering capabilities. With a better display of Scorecard assets, more accurate scores, and better filtering you can curate a Scorecard tailored to your business needs and requirements.

Reporting Version 2.0 

Prove your security teams' progress with customizable reports.

• Reporting 2.0 introduces the capability to create custom reports to communicate risk effectively, depending on your business needs. Custom reports save you time when building a report that resonates with your security team and board members. Reporting 2.0 enables you to better benchmark your own organization or your vendors against industry peers. Track and continuously monitor your security team's improvements in your security posture, or your third-parties. You can also clone a report to create an exact copy of a report to save you time when adjusting one or very few filters.

Projected Score 

Resolved findings and improved score reflected within minutes.

• You can now quickly demonstrate your ability to resolve issues and positively impact your score by seeing an estimated improvement in your score immediately after remediations are approved. Projected Score is important to provide reassurance that the submitted remediations are positively impacting your score, and your security team is taking the correct steps.

Evidence Locker Version 3.0

Make your security posture more discoverable and accessible.

• Openly exchange your security artifacts to share and validate your organization’s security posture with the vendors you work with.

Watch List

Monitor more of your vendor ecosystem without breaking the bank.

• See high-level score information of all the organizations you care about without consuming a Portfolio slot.

New invitation flows

Easily invite vendors and partners to SecurityScorecard to help maintain your cybersecurity health.

• With SecurityScorecard’s new Add Company and Vendor Invite Flows, bulk add companies to your portfolio and bulk invite them to join SecurityScorecard with the click of a button. The process is all done in a streamlined way where inviting vendors is included as part of starting to monitor a company in a portfolio.

Chrome extension

Easily evaluate the risk of any website you visit.

• Easily see the overall security rating of sites you visit with an automatically inserted A-F rating right on the site.

• • Gain a better understanding of the security risk for websites you visit. 

New customizable dashboard

Quickly assess, address and remediate risk using our new dashboard cards.

• Easily understand the cybersecurity vulnerabilities that your organization faces, making it simple to take action.

• Reduce noise and focus on what matters most to your organization.

Google Single Sign-on

Easily log into your SecurityScorecard account using Google Single Sign-On

• Now you can log in with the set of credentials you already have. This means you do not have to create and remember another user name and password to use your SecurityScorecard account!

• Log into your account quickly and invite your vendors to do the same so they can take action at a rapid rate.

Public Scorecard sharing

Share your Public Scorecard with one click.

• Build trust with new and existing business partners by showing them you are doing proper due diligence when it comes to maintaining your cybersecurity health.

Automatic Vendor Detection (AVD)

AVD + Enhanced Illumination

Discover your unknown vendors and the products they use.

• Get additional visibility into third- or fourth-party vendors or the products in use that cannot be detected with web crawling alone. Leverage additional volumes of third- and fourth-party vendors and the products they use to get a more complete picture of your digital supply chain.

Cyber Risk Quantification (CRQ)

CRQ for any Scorecard

Evaluate the financial impact of cyber risk for any organization.

• The applicability of our Cyber Risk Quantification capabilities has been expanded to support third-party risk management use cases. Lower cyber risk by prioritizing the strategies and investments that reduce an organization’s financial losses.

CRQ multi-currency support

Localize your financial impact analysis.

• Cyber Risk Quantification supports 15 international currencies so that you do not have to manually convert an analysis output into your preferred currency. This enhancement ensures an accurate representation of the financial impact of cyber risk for many regional audiences 

Attack Surface Intelligence (ASI)

ASI Version 2.0

Make confident decisions with deep contextualized threat intelligence.

• ASI promotes action by empowering you to evaluate threats through a risk lens containing deep contextual insights at a zoomed-out or zoomed-in view. 

ASI API

Direct access to petabytes of contextualized threat intelligence.

• Gain endless contextualized threat intelligence through a fast and powerful API that seamlessly integrates with your existing workflows.

Marketplace apps and integrations

Gatekeeper

Deliver total visibility and awareness of security risks through the lifecycle of engagement with your third parties.

• View top-level SecurityScorecard grades without leaving the Gatekeeper MarketIQ module.

RapidRatings

Manage supply chain and third-party risk through deep insight into financial health.

• View a company’s Financial Health Rating from RapidRatings in Scorecards.

RedSift

Protect your organization from email spoofing and forgery with visibility into 1.5 million domains.

• Validate that organizations you work with have adequate email authentication and protection.

Safebase

Share security program details proactively and automate access to sensitive compliance documents.

• Publish your SecurityScorecard grade in Safebase to advertise your company’s commitment to security and make compliance verification easier.

Snowflake

Combine, enrich, and contextualize vendors' data from SecurityScorecard and Snowflake  to assess the potential business impact of their security risk .

• Without leaving Snowflake, you can run analytics on your own or your vendors’ cybersecurity posture to ensure your ecosystem is secure.

Professional Services

Cyber Risk Intelligence

Gain cyber-clarity with tailored threat intelligence.

• Cyber Risk Intelligence combines expert-led human analysis with deep and dark web intelligence sources to deliver customized and actionable reports to reduce your risk exposure. 

• Multiply your threat intel team by gaining dark and deep web intelligence tailored to your organization's security posture, including leaked credentials, signs of advanced persistent threat (APT) reconnaissance, malicious email analysis, and more.
• Arm your threat intel teams with board-ready reports to proactively inform strategic decision makers and prioritize risk controls

VRM Jump Start Program

Up-level your vendor risk management (VRM) program by working with with SecurityScorecard experts to operationalize the platform.

• The VRM Jump Start Program offers a team of subject matter experts to help your team integrate the SecurityScorecard platform into your existing VRM program, including platform configuration, vendor categorization and tiering, vendor questionnaire creation, Atlas configuration, and more.

Academy

Cyber Risk Intelligence and Incident Response

Learn how you can leverage the SecurityScorecard platform to achieve your team's cybersecurity goals and make your organization more resilient.

• In this course, we take you on a journey to explore the fast-growing world of security ratings and show you how to: 
• Understand your organization's security rating.
• Increase your organization's security rating to an A.
• Visualize your organization's entire attack surface
• Start an automated third-party risk management (TPRM) program.
• Quantify your organization's cyber risks.
• Integrate SecurityScorecard into your organization's tech stack.
• Practice active defense.
• Respond to an incident.
• Continuously up-skill your team.
• To learn more or to request promo codes for additional courses, send an email to academysupport@securityscorecard.io.