SecurityScorecard
SecurityScorecardExternal reviews
98 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Use Security Scorecard
What do you like best about the product?
Easy UI, quick visibility into unknown vendors
What do you dislike about the product?
Integration with different security tools
What problems is the product solving and how is that benefiting you?
Vendor and 3rd party risk
Good platform that continues to evolve
What do you like best about the product?
Quick and easy to use to find potential issues with your external assets.
What do you dislike about the product?
Some of the factors used to determine score are subjective and SSC does not provide strong evidence of a risk-based decision.
What problems is the product solving and how is that benefiting you?
Clear view into external asset security posture. In addition, customers are able to the score and how it improves over time.
Useful to kick off a conversation
What do you like best about the product?
I use it as one more input when reviewing the vendor security posture within the vendor security risk assessment process. I like it gives me detailed inputs to start asking things about the third party. The reports are detailed enough to submit them and wait for a targeted and not high-level answer.
What do you dislike about the product?
According to third-party feedback, unfortunately, it gives many false positives. I would say that 50% of the vendors I asked about Scorecard-> are not maintaining it and re-direct us to their security trust center with more accurate pentest on their domains.
What problems is the product solving and how is that benefiting you?
As I said, it's giving me further inputs to kick off conversations with third parties. I wouldn't say it's solving any problem but it's in our checklist in the 3rd parties and supplier assessment. Honestly, so far, it hasn't given us enough accurate information to detect risk exposure in the third party. They don't give much relevance to what SS says and redirect us to their pen tests. It's plenty of false positives (i.e., domains not owned by the scanned URL) in the Application and network security sections.
If we had to follow up each variation in SS we would need a person dedicate to that with no full assurance on adding any value, so, we are not following that "live".
If we had to follow up each variation in SS we would need a person dedicate to that with no full assurance on adding any value, so, we are not following that "live".
Good software
What do you like best about the product?
I think best feature is on scoring feature, I can compare more than one company
What do you dislike about the product?
I dislike if I must solved the issue by myself
What problems is the product solving and how is that benefiting you?
The problem I solving like close security hole was exposed on public
SSC
What do you like best about the product?
The automated scanning and scoring that feeds into a portal where we can manage findings, resolutions, etc.
What do you dislike about the product?
Adjusted scoring seems to be to frequent
Patching cadence findings show in the score improvement plan generation and you cannot resolve those until the time elapses
I don't like the patching cadence logic and it is to rigid of a scoring mechanism for large organizations with multiple environments with an online presence.
Patching cadence findings show in the score improvement plan generation and you cannot resolve those until the time elapses
I don't like the patching cadence logic and it is to rigid of a scoring mechanism for large organizations with multiple environments with an online presence.
What problems is the product solving and how is that benefiting you?
Visibility into our digital footprint and a risk based scoring report
Improve supplier communication
What do you like best about the product?
SecurityScorecard supports the communication with supplier by adding more focus in potential risks and the possibility to interact.
What do you dislike about the product?
Sometimes IPs/URLs impact the score even if they are unused and only reserved for a company.
What problems is the product solving and how is that benefiting you?
Improving communication with supplier and sharpening the view on the own estate.
Recommendations to others considering the product:
SecurityScorecard puts the focus in the right direction, it is not the tool to fix your issues.
Great tool in the VRA toolkit
What do you like best about the product?
The ability to quickly ascertain the size of an org's digital presence and see whether or not they are addressing vulnerabilities appropriately; and whether or not they have open ports that are concerning.
What do you dislike about the product?
Attribution. I also manage our Scorecard and find myself spending a good deal of time sorting through IP lists to determine whether or not our cards are accurate. Parked domains can be problematic as far as introducing a significant amount of findings on scorecards (things like lack of https re-directs, spf records, etc.) This gives me a bit of pause when trying to analyse vendors' Scorecards because it can bring doubts as to the accuracy of their digital footprint (especially if they are inactive).
What problems is the product solving and how is that benefiting you?
Enabled us to identify independent advisor hosted sites that have wordpress vulnerabilities, servers w/ RDP open so we can reach out to remediate. Streamlines our Vendor Risk Assessment process, particularly when vendors are unable to provide vulnerability scans or pen test results during our due diligence process.
Recommendations to others considering the product:
Make good use of the ability to manage your own org's Scorecard. We have been able to use it to provide assurances to OUR clients, institutional investors, and FID partners as to the effectiveness of our cyber-security program.
showing 11 - 17