SecurityScorecard is used across healthcare, financial services, retail, and hospitality. It is also being adopted in the services industry, including by CPAs and legal firms.
SecurityScorecard
SecurityScorecardExternal reviews
98 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Continuous vendor risk insight has improved cloud visibility but still needs fresher data
What is our primary use case?
What is most valuable?
SecurityScorecard continuously scans just about every IP address out there, which means there is information available about virtually every company. For third-party risk management, this tool allows me to obtain that information without having to build my own database from scratch using tools that do not provide this capability. The information is readily available and accessible. SecurityScorecard also provides substantial insight and detailed information specifically about how secure companies' cloud environments are, allowing for quick identification of issues with authentication or other areas.
There are both advantages and disadvantages to their approach. The continuous scanning of companies all the time ensures that there is always current information available about the third-party vendors and companies being monitored. However, the downside is that the information may be several days old, so it is not always current. Despite this limitation, using SecurityScorecard enabled us to obtain information about every one of our third parties that our clients are interested in monitoring.
My focus has been primarily on third-party risk. The automated alerts allow us to receive feedback as they update their information and when something comes up, which impacts the risk rating for each vendor or third party.
What needs improvement?
The ability to perform an automatic scan at any point in time to refresh information and provide the most current data would be helpful. Setting up automated scans on a schedule where information is more than a week old so that a forced automatic scan could be triggered for a particular company would be beneficial. This would ensure that current information is being used when monitoring different clients.
Overall, SecurityScorecard is a good product, and they need to continue developing it. There are challenges around third-party risk management. When providing risk management for your own company, it does everything you want it to do. However, for managing third parties, there are still some challenges, mainly because some aspects are out of their control since you do not have control over another company's risk or infrastructure and cannot dictate whether they are making changes. Overall, SecurityScorecard provides good information, but I am always looking for something that is more automated and would provide a better and more detailed picture of third-party risk profiles.
For how long have I used the solution?
I have used or evaluated SecurityScorecard on and off for the last eight years, and I have clients that leverage and use it on a regular basis. I would say I am certainly familiar with it over the last ten years, using it intermittently, so at least five years of consistent experience.
How are customer service and support?
I do not rate many software companies highly on the support side. I would give SecurityScorecard about a seven out of ten. They could improve in terms of response time and other areas, but they are not terrible.
How would you rate customer service and support?
Positive
How was the initial setup?
SecurityScorecard can be complex during setup, and I would recommend that anyone implementing it get help setting it up because it is not as straightforward as people might think. Getting third parties set up and configuring how you will do that and what you will search for can be complicated. Unfortunately, many clients today are looking for a button to push with everything being done for them automatically. I would recommend using third-party assistance in getting things set up the way you want.
What's my experience with pricing, setup cost, and licensing?
The setup cost is a little higher than some of the other products out there. However, SecurityScorecard has a lot of features, so they are fairly competitive.
Which other solutions did I evaluate?
Other than their dashboards, which have a lot of information and are set up quite nicely, SecurityScorecard provides granular and more detailed information than some other products, specifically regarding cloud capabilities. Much of the functionality you are starting to see in many products is being offered by SecurityScorecard. SecurityScorecard has been around longer than many of the other solutions, and they have many built-in capabilities that some other solutions are just starting to implement now.
What other advice do I have?
For remediation efforts, SecurityScorecard helps by identifying third-party suppliers where risk ratings are going up. Because I use it for third-party monitoring, we watch third parties and SecurityScorecard identifies when there is another potential risk that has affected their rating level. I can then alert my clients that they have a vendor that is potentially at risk, giving us the opportunity to react faster.
I am not a formal partner with the company yet, but we do conduct evaluations on behalf of our clients. I give SecurityScorecard a seven out of ten overall rating.
A must-have with some quirks
What do you like best about the product?
The ability to monitor our entire digital footprint and get actionable insights is unbeatable. The team’s willingness to let us test new features is a big plus too.
What do you dislike about the product?
The dashboard can lag, and I’ve had to refresh it more than once to see updated scores. It’s a small annoyance but noticeable.
What problems is the product solving and how is that benefiting you?
It’s tackling our need for continuous security oversight, which has reduced our risk exposure and improved our internal processes.
Identify vulnerabilities and increase risk ratings with need for dark web intelligence
What is our primary use case?
I primarily use Fortify Data for financial organizations. It combines attack surface capabilities with dark web information and breach disclosure information to assess vulnerabilities and risks. It also offers internal vulnerability scanning capabilities to provide a comprehensive risk assessment.
What is most valuable?
Fortify Data offers attack surface capabilities that identify vulnerabilities, exposed ports, and dark web information. It also provides breach disclosure information and has the capability for internal vulnerability scanning, which is helpful for a comprehensive risk assessment. It combines threat intel data with vulnerability information to increase risk ratings and provides insights into third-party supply chain risks.
What needs improvement?
The product can be improved by incorporating more data points and intelligence around dark web information and threat data. Adding more features to combine and consolidate internal vulnerability scanning was a beneficial enhancement. There is a need for more active rather than passive third-party risk management features to truly mitigate risks.
For how long have I used the solution?
I have worked with SecurityScorecard for a few years. I started getting more experience with them a couple of years ago and began a relationship with the company about a year ago.
What do I think about the scalability of the solution?
The product is suitable for medium to large businesses, typically with a revenue range from $200 million to a couple of billion dollars. It may not be ideal for Fortune 500 companies due to name recognition and scale.
How are customer service and support?
I would rate them about a six or seven. There are areas for improvement in response times and overall support. They are not a substantial company and are constantly improving, however, they need better organization to support their customer volume.
How would you rate customer service and support?
Neutral
How was the initial setup?
The setup was straightforward. It is easy to set up and can facilitate scanning within minutes.
What about the implementation team?
Deploying usually requires just a couple of people who understand the network and security components.
What was our ROI?
The biggest benefit is visibility, allowing organizations to understand their risks, vulnerabilities, and potential threats. It helps executives make effective decisions on mitigating or accepting risks.
What's my experience with pricing, setup cost, and licensing?
SecurityScorecard is priced in the middle range. There are more expensive and cheaper options available, however, Fortify Data and Censinet are also in the same middle range.
Which other solutions did I evaluate?
I have experience with Censinet and Fortify Data, which can be tailored more specifically to clients compared to SecurityScorecard.
What other advice do I have?
Overall, I would rate SecurityScorecard as a seven out of ten.
It is a good product yet somewhat generic in its capabilities. It has partnered well for third-party capabilities, but newer products are incorporating more AI functionalities.
Comprehensive Security Monitoring Made Easy
What do you like best about the product?
SecurityScorecard provides a user-friendly platform that offers valuable insights into our cybersecurity posture. The ability to monitor our own and third-party vendors' security ratings helps us proactively address potential risks
What do you dislike about the product?
While SecurityScorecard provides valuable insights, some of the alerts can be too frequent or lack specificity, leading to alert fatigue. Additionally, the pricing structure may not be cost-effective for smaller organizations with tight budgets
What problems is the product solving and how is that benefiting you?
SecurityScorecard helps us manage third-party risks by providing visibility into the security posture of our vendors. This proactive monitoring allows us to identify and address potential risks before they become critical issues, thereby strengthening our overall cybersecurity strategy. Additionally, the platform supports compliance efforts by offering insights and reports that align with various regulatory standards
Security Scorecard adds value to TPRM program
What do you like best about the product?
Security Scorecard adds value when completing vendor assessments and self-monitoring our organization's external facing vulnerabilities.
What do you dislike about the product?
Mis-attribution of vulnerablities to vendor organization's
What problems is the product solving and how is that benefiting you?
Security Scorecard helps streamline the vendor assessment process.
Helps identify our environment's vulnerabilities
What is our primary use case?
We use SecurityScorecard for reporting.
How has it helped my organization?
The solution helps identify our environment's vulnerabilities.
What is most valuable?
SecurityScorecard's most valuable feature is easy reporting.
What needs improvement?
The tool needs to have the ability to mitigate vulnerabilities with alternative solutions.
For how long have I used the solution?
I have been working with the solution for three years.
What do I think about the stability of the solution?
I rate SecurityScorecard's stability a seven out of ten.
What do I think about the scalability of the solution?
I rate the solution's scalability a seven out of ten.
How was the initial setup?
SecurityScorecard's deployment is easy.
What was our ROI?
I have seen ROI with the tool's use but cannot quantify it.
What other advice do I have?
I rate the product a seven out of ten.
Nice app but needs improvement
What do you like best about the product?
Very simple, Very fast, understandable. Fast support team.
What do you dislike about the product?
Mail sending and reporting module is insufficient and problematic.
What problems is the product solving and how is that benefiting you?
I use it in my group company, supplier, consultant and 3rd party security scoring.
Good rating service but can go further
What do you like best about the product?
Good interface, easy to use. Remediation plan are efficient and easy to apply to your business and allows you to have a battle plan to improve your rating.
What do you dislike about the product?
Should go further by checking more security controls. Today it's a lot relying on SSL/TLS version, http headers best practices and HTTP redirection to give you a score.
Also looking alike subdomains and domains shouldn't be automatically counted as per of your company
Also looking alike subdomains and domains shouldn't be automatically counted as per of your company
What problems is the product solving and how is that benefiting you?
Give us a security score that is used externally by auditors or cyber insurance.
Good experience
What do you like best about the product?
The open source feed that allows a company to gather insights necessary that helps understand a hacker's perspective.
What do you dislike about the product?
Some of the features are limited compared to other vendors I took a look at from the conference.
What problems is the product solving and how is that benefiting you?
Vendor security and privacy and security risk analysis
Good insights about your third party vendor security posture.
What do you like best about the product?
Accuracy of the data which helps to provide good informarion that can then drive better decisions.
What do you dislike about the product?
The scope sometimes is not relevant to what we are lookimg for.
What problems is the product solving and how is that benefiting you?
Provides quick insight into security practices and maturity of our vendors and third party. Productivity has been positively impacted.
showing 1 - 10