SecurityScorecard

My main use case for SecurityScorecard  is to keep an eye on our vulnerabilities and also monitor which companies follow us in the platform, and we keep track when our score drops so we can fix it.

For tracking vulnerabilities or monitoring our score with SecurityScorecard , we take action based on our score, and a few people in our group have access there so they check it daily, monitor our IPs, and if there is something they need to discard. We have one specialist who fixes the vulnerabilities, and when he fixes things, he reports back to SecurityScorecard so we keep our score as high as possible, preferably at least A, and we have noticed some customers sharing reports from your platform where they needed us to have this A score.

SecurityScorecard is quite simple and easy to use, and we just need to keep track when we receive those notifications from the tool.

The best features SecurityScorecard offers are that it is easy to use and quite easy to understand what the vulnerabilities are and how to fix them. I appreciate the interface where you can see in one screen pretty much everything, and I also appreciate the feature where you can see the number of customers who follow you in the platform.

The interface of SecurityScorecard stands out for me because it is very easy. In one dashboard, you can see pretty much everything. I appreciate the nice colors that are easy to follow, and I also appreciate the graphs in the platform.

SecurityScorecard has impacted my organization positively as it was a surprise to notice that many of our customers follow us there, and the tool scans the web twice per day, so we can see how hackers and what they can see from our publicly available IPs.

Specific outcomes or metrics that show how SecurityScorecard has helped my organization include our score improving quite a lot. We started with a C or maybe D and reached the A, keeping it above 90 points, which has impacted us because it is now a metric our management follows.

I suggest that SecurityScorecard could be improved by giving a little more specifics on how the scanning works and how you are able to detect those IPs, including more details on the privacy side about how the scanner operates and how it is sometimes allowed to do those scans. Additionally, it might be good to understand how to quickly fix or report the quite a lot of false positives, perhaps through a self-checkout feature or something similar.

The features of SecurityScorecard are quite adequate and do not need anything added.

I have been using SecurityScorecard for about two and a half years.

SecurityScorecard is stable.

SecurityScorecard's scalability is easy to scale.

The customer support for SecurityScorecard is amazing.

I did not previously use a different solution, as no solution of this kind was used before.

Before choosing SecurityScorecard, we did not evaluate other options.

My experience with pricing, setup cost, and licensing is that we still have the free version, but we have an offer from your side, which I think is straightforward.

I have seen a return on investment with SecurityScorecard as it is easy to use and has saved us some time, so we do not need to do the scans on our own.

I have seen a return on investment with SecurityScorecard as it is easy to use and has saved us some time, so we do not need to do the scans on our own.

Before choosing SecurityScorecard, we did not evaluate other options.

I would rate SecurityScorecard a solid nine out of ten.

I chose a nine because I appreciate the features a lot, but there is still room for small improvements, those that I mentioned above.

SecurityScorecard is deployed in my organization in a public cloud.

The cloud provider we use for SecurityScorecard is Microsoft Azure .

My advice for others looking into using SecurityScorecard is to use it as soon as possible and you will know the difference. My overall review rating for SecurityScorecard is nine.

My main use case for SecurityScorecard  is to qualify the surface and the domain of the company, and to detect vulnerabilities or assess the protection made by my client.

I provide quick visibility into the vendor's external security posture to my clients. Another situation could be highlighting specific risk areas instead of just a general score. Additionally, I support data-driven conversations with stakeholders and vendors.

SecurityScorecard  helps us identify potential vulnerabilities early, reduce third-party risk, and make more informed security decisions without relying only on questionnaires or self-reporting information.

SecurityScorecard positively helps us quickly assess vendor risks and understand an organization's external security posture without spending a lot of time on manual reviews. In particular, it helps us identify security gaps early, prioritize follow-up actions, and have more informed conversations with vendors and internal stakeholders.

In terms of measurable positives regarding risk reduction, we were able to identify high-risk vendors earlier, and we complete assessments thirteen or fourteen percent faster since we rely less on lengthy questionnaires and manual evidence collection.

SecurityScorecard could be improved with more detailed remediation guidance, better customization of scoring, and stronger integration with GRC  and vendor management tools.

It could also use better reporting and alert customization as well as a more intuitive user interface.

I have been using SecurityScorecard for six months.

In my experience, SecurityScorecard is stable and operates faster without issues of downtime or reliability.

My experience with SecurityScorecard is that it is highly scalable and can handle more vendors or users as my organization grows.

We have support, and whenever I need it, my colleagues and I find that the support team is quick and responsive, helping to resolve any questions.

I previously used Azure  or another solution called Socradar before switching to SecurityScorecard.

My experience with the pricing has been positive because the platform is robust and user-friendly, and the setup was straightforward. Regarding licensing, my organization has a limitation on the number of domains or vendors we can integrate, but it depends on the type of license that I have.

We have seen a clear return on investment, and in terms of the metrics, the time saver is in the reduction of time spent.

Before choosing SecurityScorecard, we evaluated other vendors such as Azure  and Socradar, but we chose SecurityScorecard for the pricing.

My advice would be to take full advantage of the continuous monitoring and vendor insights, explore the dashboards and alerts early, and understand the license limits, specifically regarding the number of domains or vendors you can track or add in the dashboard for monitoring.

We are a partner with SecurityScorecard.

I think the interview could improve by involving discussions on how to assess other companies with risks in different areas.

I would appreciate a short poem or haiku that summarizes this review. I have provided a review rating of eight out of ten.

SecurityScorecard  is used across healthcare, financial services, retail, and hospitality. It is also being adopted in the services industry, including by CPAs and legal firms.

SecurityScorecard  continuously scans just about every IP address out there, which means there is information available about virtually every company. For third-party risk management, this tool allows me to obtain that information without having to build my own database from scratch using tools that do not provide this capability. The information is readily available and accessible. SecurityScorecard also provides substantial insight and detailed information specifically about how secure companies' cloud environments are, allowing for quick identification of issues with authentication or other areas.

There are both advantages and disadvantages to their approach. The continuous scanning of companies all the time ensures that there is always current information available about the third-party vendors and companies being monitored. However, the downside is that the information may be several days old, so it is not always current. Despite this limitation, using SecurityScorecard enabled us to obtain information about every one of our third parties that our clients are interested in monitoring.

My focus has been primarily on third-party risk. The automated alerts allow us to receive feedback as they update their information and when something comes up, which impacts the risk rating for each vendor or third party.

The ability to perform an automatic scan at any point in time to refresh information and provide the most current data would be helpful. Setting up automated scans on a schedule where information is more than a week old so that a forced automatic scan could be triggered for a particular company would be beneficial. This would ensure that current information is being used when monitoring different clients.

Overall, SecurityScorecard is a good product, and they need to continue developing it. There are challenges around third-party risk management. When providing risk management for your own company, it does everything you want it to do. However, for managing third parties, there are still some challenges, mainly because some aspects are out of their control since you do not have control over another company's risk or infrastructure and cannot dictate whether they are making changes. Overall, SecurityScorecard provides good information, but I am always looking for something that is more automated and would provide a better and more detailed picture of third-party risk profiles.

I have used or evaluated SecurityScorecard on and off for the last eight years, and I have clients that leverage and use it on a regular basis. I would say I am certainly familiar with it over the last ten years, using it intermittently, so at least five years of consistent experience.

I do not rate many software companies highly on the support side. I would give SecurityScorecard about a seven out of ten. They could improve in terms of response time and other areas, but they are not terrible.

SecurityScorecard can be complex during setup, and I would recommend that anyone implementing it get help setting it up because it is not as straightforward as people might think. Getting third parties set up and configuring how you will do that and what you will search for can be complicated. Unfortunately, many clients today are looking for a button to push with everything being done for them automatically. I would recommend using third-party assistance in getting things set up the way you want.

The setup cost is a little higher than some of the other products out there. However, SecurityScorecard has a lot of features, so they are fairly competitive.

Other than their dashboards, which have a lot of information and are set up quite nicely, SecurityScorecard provides granular and more detailed information than some other products, specifically regarding cloud capabilities. Much of the functionality you are starting to see in many products is being offered by SecurityScorecard. SecurityScorecard has been around longer than many of the other solutions, and they have many built-in capabilities that some other solutions are just starting to implement now.

For remediation efforts, SecurityScorecard helps by identifying third-party suppliers where risk ratings are going up. Because I use it for third-party monitoring, we watch third parties and SecurityScorecard identifies when there is another potential risk that has affected their rating level. I can then alert my clients that they have a vendor that is potentially at risk, giving us the opportunity to react faster.

I am not a formal partner with the company yet, but we do conduct evaluations on behalf of our clients. I give SecurityScorecard a seven out of ten overall rating.