What advice do you have for others considering SecurityScorecard?

Overall, I would rate SecurityScorecard as a seven out of ten. It is a good product yet somewhat generic in its capabilities. It has partnered well for third-party capabilities, but newer products are incorporating more AI functionalities.

I'd rate the solution eight out of ten.

Overall I would rate the solution a nine out of ten.

Our organization relies on numerous SaaS services for critical business functions, such as CRM and monitoring solutions. In a hypothetical scenario where a security breach occurs in the CRM database, potentially exposing our data and our clients, SecurityScorecard proves invaluable. It provides a security score, typically a percentage, based on extensive data collection from various sources, including the dark web and social networks. Let's say our CRM solution receives a security score of 78%, indicating a relatively safe status according to the information gathered by SecurityScorecard. One of its most effective features for risk identification is its enterprise-ready automation for third-party risk measurements. Additionally, it provides valuable insights into vulnerabilities within an organization, utilizing tools such as CVE details. For instance, it can assign a score based on vulnerabilities detected, such as 60%, and specify each vulnerability by its identifier. It offers scalability and can handle large volumes of real-time data. The continuous monitoring feature significantly enhances the ability to manage risks by providing real-time data collection on suppliers. We can observe fluctuations in their security levels over time, sometimes even every month. We can create alerts for high-risk situations, enabling organizations to respond promptly to potential security threats or vulnerabilities identified within their supplier network. The product's security ratings are helpful. While there may be occasional false positives, it does not function as a scanning solution. Instead, it presents the same information that hackers could potentially exploit. While I haven't worked with other cybersecurity rating solutions, I can attest to its strengths based on my experience. One notable advantage is their extensive data collection capabilities, surpassing many competitors in the market. They gather a wide range of information, resulting in a vast database that includes many suppliers or companies. It is easy to integrate with other tools. I rate it a nine out of ten.

SecurityScorecard has improved our company's vendor risk assessment process since it basically gives us the comparison of the competitors and certain vulnerabilities which we can report from an external view or a third party view, giving us an improvement area to work on, which might we might not have focused a lot, or maybe it might be overlooked upon by us. SecurityScorecard helps our company get better scores. The tools help fix the vulnerabilities, which in turn improves scores, making it a valuable product for us. A scenario where SecurityScorecard enabled better decision-making for IT projects includes an incident involving a couple of domain names that my company used to use in the past since sometimes we see that some applications were replicated. My company forgot to clean up the DNS names. Once my company gets to know from SecurityScorecard that our application has vulnerabilities, I may not have renewed the certificate considering that the application is no longer in use, owing to which our company might lose track of it, during which SecurityScorecard helps us to do the cleanup. There are many places where the right certificates are not installed, or maybe there is a small application vulnerability, which the tool can catch from the external view. This can be let known to our company since there is an action we take to fix such areas. Our company operates in the online classified market. The features of SecurityScorecard that are the most beneficial for security monitoring are the reports generated with the help of external audit and vulnerability assessment. The platform's grading system helps prioritize our company's security concerns since it helps us in the area of scores and provides the competition score. The tool also provides recommendations to improve the scores, which is helpful. In the identification of potential threats, SecurityScorecard helps our organization since it does black box analysis. With the black box analysis, the tool helps us in the area of external websites where we cannot do many things directly, after which the tool shares an unbiased status with our company. SecurityScorecard's reporting capabilities support our company's compliance initiatives since it has a dashboard with credentials through which we can get the vulnerabilities reported. The product should provide an option so that it has the ability to fix the reported vulnerability at the same time that it is reported by allowing users to raise a ticket directly with SecurityScorecard's team. After the aforementioned steps are followed, SecurityScorecard can conduct a scanning process and add up the score, which basically gives me the complete trend by allowing me to say last month's trend versus the current month's trend or maybe the last scan versus the current month's scan. I would tell those who plan to use the solution that it is a straightforward product to use. I rate the product a nine out of ten.

I rate the product a seven out of ten.

Don't expect answers for closing issues right away. There are still people involved who re-check the issues for proper fixes and if your explanation for "that's no issue" is acceptable.