Skip to main content
TrustRadius
SecurityScorecard

SecurityScorecard

Overview

What is SecurityScorecard?

SecurityScorecard provides A-F graded security rating scorecards, to drive improved communication, effective compliance reporting, and more informed decision making. These enable enterprises to rate, understand, and continuously monitor the security posture of any organization worldwide, as well as gain visibility…

Read more
Recent Reviews

TrustRadius Insights

SecurityScorecard is a versatile tool that addresses a variety of cybersecurity use cases. Users have found that it simplifies the process …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is SecurityScorecard?

SecurityScorecard provides A-F graded security rating scorecards, to drive improved communication, effective compliance reporting, and more informed decision making. These enable enterprises to rate, understand, and continuously monitor the security posture of any organization worldwide, as well as…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

8 people also want pricing

Alternatives Pricing

What is OneTrust GRC & Security Assurance Cloud?

Based on technology acquired from Tugboat Logic and Shared Assesments by OneTrust, the OneTrust GRC and Security Assurance Cloud brings resiliency to organization and supply chain amidst continuous cyber threats, and global crises.

What is Gatekeeper?

Gatekeeper is a Contract & Vendor Management Solution that promises to bring visibility and transparency to your contract and vendor sets. The vendor says Gatekeeper allows you to create a single source of truth with a central data repository, develop robust, scalable processes using automation and…

Return to navigation

Product Demos

SecurityScorecard - Zero Trust Lab Demo

YouTube

Continuous Cyber Monitoring and Rating with SecurityScorecard

YouTube

SecurityScorecard Introduction & Demo | Somerford

YouTube

SecurityScorecard Vendor Risk Management Demo

YouTube
Return to navigation

Product Details

What is SecurityScorecard?

SecurityScorecard Video

Transforming the Way Organizations Understand and Communicate Cyber Risk

SecurityScorecard Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(6)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

SecurityScorecard is a versatile tool that addresses a variety of cybersecurity use cases. Users have found that it simplifies the process of tracking vulnerabilities and mitigating them, which is especially important when dealing with third parties and customer information. It helps small IT and Information Security teams evaluate multiple vendors or tools in the technology domain, making their lives easier and more secure. The product allows users to keep track of every domain and identify active vulnerabilities and misconfigurations, helping to secure their perimeter. It provides quick insight into the security practices and maturity of vendors and third parties, positively impacting productivity.

SecurityScorecard assists in conducting reconnaissance on critical vendors and assessing vendor and third-party risks. It is valuable for prospective clients and helps quantify organizational risk and provide risk posture assessments for vendors. The product enables users to detect public-facing vulnerabilities and address them proactively before audits. The third-party follow-up and scoring features are highly regarded by users. It provides board-level reporting on the organization's security performance and helps compare multiple vendors participating in an RFP. The product brings attention to hidden risks such as lack of TLS, SPF, DMARC, and missing patches. It offers a clear view into the external asset security posture and allows customers to track and improve their scores over time.

SecurityScorecard helps initiate conversations with third parties and supports third-party and supplier assessments. The product continuously monitors the external security posture and helps detect external threats. It provides an outside-in look at the network and offers provable, unbiased data for security risk assessments. The product improves compliance and risk management, supports vendor risk assessment, facilitates reporting in GRC tools, enhances visibility into the organization's security posture, facilitates vendor risk management, and improves the cybersecurity posture of the organization. It detects security holes exposed to the public, provides status comparisons with other business entities, identifies vulnerabilities in independent advisor hosted sites, streamlines the vendor risk assessment process, and is used to evaluate an organization's public footprint compared to peers and potential vendors transparently and easily.

SecurityScorecard enables rapid assessment and prioritization of third parties, maximizes vendor collaboration and remediation efforts, supports ongoing monitoring and individualized domain reporting for calculating inherent risk, automates periodic checks for public breaches across vendors, provides alert capabilities for pressing issues, helps improve the overall security score and reduce web attacks, monitors and makes informed decisions about vendors and third-party risk, identifies underperforming third-party companies and vulnerabilities to mitigate risks, helps cybersecurity consultants gain a better understanding of customer surface areas, and track progress during the remediation process. It serves as a useful tool before security testing or red team exercises to understand customer domains. SecurityScorecard provides an overview and insights into public services, such as web pages and internet-facing applications, with easy setup and integration with ticketing systems. Users can benchmark their overall score against similar companies in their industry and create portfolios to monitor vendors. The platform allows for the creation of custom or template-based vendor questionnaires to assess compliance status. SecurityScorecard provides a comprehensive description of cyber risks related to custom domains and their third parties/vendors, as well as a detailed electronic questionnaire for assessing compliance.

Overall, SecurityScorecard offers valuable features that contribute to stronger cybersecurity practices. It helps organizations track vulnerabilities, evaluate and manage vendor risks, improve compliance and risk management, and monitor their own security postures. Users appreciate its ability to provide quick insights, initiate conversations with third parties, and support ongoing monitoring and assessment activities. While some users have expressed concerns about false positives and inefficient support, many have seen significant improvements in their overall security scores and reduction in web attacks after using SecurityScorecard.

Good Interface: Users have praised the interface of Security Scorecard, with many stating that it is intuitive and easy to use. The design is considered to be well thought out and the navigation seamless.

Useful Dashboards: Many users have found the dashboards provided by Security Scorecard to be helpful and insightful. They appreciate being able to see necessary information at a glance, allowing for quick assessment of their organization's security posture.

Comprehensive Reporting Options: Users value the comprehensive coverage areas offered by Security Scorecard's reporting options. This allows them to tailor their security results message according to their audience, ensuring that they are providing relevant and targeted information.

Long Report Generation Time: Users have mentioned that it takes a significant amount of time to generate risk reports for new organizations, with multiple reviewers expressing frustration at the lengthy seven-day turnaround. This has been described as time-consuming and inconvenient.

Arbitrary and Irrelevant Findings: Some users have found that Security Scorecard provides arbitrary and irrelevant findings in its generated reports. This has led to a lack of trust in the accuracy and usefulness of the reports, making it difficult for users to make informed decisions based on the information provided.

Lack of Support: There have been complaints about the lack of support from Security Scorecard. Users have expressed dissatisfaction with having to solve issues independently without adequate assistance or guidance from the product's support team.

The following recommendations have been gathered from users of SecurityScoreCard:

  1. Request a demo: Users suggest asking for a demo of SecurityScoreCard to gain a better understanding of its capabilities and functionalities before making a purchase decision.

  2. Utilize it for assurance: Reviewers recommend using SecurityScoreCard as a tool to provide assurances to clients, investors, and partners about the effectiveness of a company's cyber-security program. It can help enhance confidence in the organization's security measures.

  3. Leverage continuous monitoring: Users find value in SecurityScoreCard's feature of continuous monitoring and taking action on score changes. By actively tracking and addressing any security score changes, companies can proactively address potential vulnerabilities and improve their overall security posture.

Overall, users recommend familiarizing themselves with SecurityScoreCard's capabilities, utilizing it for assurance purposes, and leveraging its continuous monitoring features to improve their information security practices.

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We used SecurityScorecard to have an overview and more insights about our public services such as web page and Internet facing applications.
I was very easy to set up, just give them your URLs & Public IP addresses and within a week we were getting results.
To keep track of issues, you can integrate your ticketing system to create new tickets.
You can also request further review if you think there's a false positive, which will affect your overall score.
About the overall score, you get to have a benchmark against similar companies, industry-size.
You're able to create portfolios to keep an eye on your vendors and get an overview about their scores.
One different feature, is the ability to create custom or use templates for Vendor questionnaires (such as PCI, ISO 27K, etc.) For this you'll have to but token, each token equals 1 questionnaire. The platform allows to keep track of requests (date sent, answered, etc.)
  • Security Ratings
  • Security Assessments
  • Reporting Center
  • Partner development
It was really easy to find issues, solve false positives and keep track of overall security ratings.
  • Security Ratings
  • Get insights about our external security posture
  • Actionable tasks to solve
At the moment it was the most affordable option for the company
Antonio Carlos Scola - MSc | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
ResellerIncentivized
SecurityScorecard provides a full description of all cyber risks related to the custom domain and its 3rd parties/vendors as well. Also, SecurityScorecard provides a detailed electronic questionnaire to be sent to customer's vendors & 3rd parties in order to beget a full view of COMPLIANCE status (GDPR, PCI, and others).
  • Generates precise security ratings.
  • Allow customers to obtain a full view of its vendors' status of regulatory laws (GDPR, PCI...etc) - when handling an electronic questionnaire.
  • Pricing could be reviewed for specific industries which were more impacted by the pandemic situation.
WELL SUITED * Cyber insurance companies. * Financial industry. * Telecom industry. LESS APPROPRIATE * Education.
  • They allow us as a reseller to use the platform in order to generate summary reports which are crucial for to be sent to some prospects.
  • ROI numbers as shown by the Forrester Research caused a positive impact on some of our prospects in Brazil.
  • ROI numbers for using atlas - electronic questionnaire are just amazing. When customer does not need to worry about EXCEL traffic with its vendors asking for info - they feel a strong sense of relief.
SecurityScorecard has very crucial functionalities in which customers have more detailed information related to is cyber risks. Though BitSight is a good solution - it lacks a deep analysis on issues that are crucial for end-users.
Randy Varela | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I work for CyberSecurity as a consultant for the LATAM region and the SecurityScorecard helps me to have a better understanding of the surface area of the customer as well as to track the progress over time during the remediation process.

It also helps me as a kick-off tool before penetration testing or red team exercise to understand better the customer domains.
  • Provides good reports
  • Easy to manage and use
  • Tracks in near real time customer changes on the public network
  • Reports are only available in English.
  • More insights about the dark web would be useful.
  • Tracking of email/pwd leakeage across the organization would be a good-to-have feature.
Good:
* Initial recognition of perimeter
* Discovery of shadow IT assets
* Get nice reports to set baselines and objectives for your customers

Bad
* Does not provide threat intel as another tool
* Not enough documentation for the API or to automate scenarios
  • Reporting
  • Public info scanning
  • OSINT mapping
  • It help us to sell more services to our customers.
  • It helps to save time with the pre-defined reports.
Return to navigation