SecurityScorecard
SecurityScorecardExternal reviews
98 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Nice tool
What do you like best about the product?
Easy to use and generates useful reports.
What do you dislike about the product?
nothing that I can think of. It's simple.
What problems is the product solving and how is that benefiting you?
Public facing vulnerabilities
Bringing value in under an hour
What do you like best about the product?
I like the interface of security scorecard I think that it's very insightful the dashboards are useful and the layout initially gives you the information that you need right away.
What do you dislike about the product?
I think there is a little bit of learning curve on where to find your vulnerabilities but that can be overcome easily within the first couple hours of using the platform.
What problems is the product solving and how is that benefiting you?
Instead of our company being reactive to customers reports we are able to be proactive and see these vulnerabilities and alerts before they come up in an audit.
Good follow-up of tech aspects
What do you like best about the product?
The overview of measures that are possible to protect us better.
The scoring and possibility to look at the scoring of peers.
The scoring and possibility to look at the scoring of peers.
What do you dislike about the product?
Nothing really, it does what we want it to do.
What problems is the product solving and how is that benefiting you?
Especially the third party follow up and the scoring as such are top
Security Scorecard has provided important visibility in how I am being viewed on the Internet.
What do you like best about the product?
Detailed information around issues being observed that could lead to a compromise. It is also providing insight into how our partners are handling their security posture and historical stance.
What do you dislike about the product?
There have been some changes to the interface that make it feel like more clicks are required to get to the report center.
The 3rd party and 4th party risk isn't intuitive so it takes some time to dig into it and understand what information it is trying to share.
The 3rd party and 4th party risk isn't intuitive so it takes some time to dig into it and understand what information it is trying to share.
What problems is the product solving and how is that benefiting you?
Providing board level reporting on how our organization is doing as well as providing comparison to our vertical to help justify the spend we are making in the area of IT Security.
It is also useful in comparing multiple vendors participating in an RFP to help decide on who we should proceed with, all other values being equal.
It is also useful in comparing multiple vendors participating in an RFP to help decide on who we should proceed with, all other values being equal.
Good product at a good price
What do you like best about the product?
Ease of use. From day 1, you can start Security Scorecard it is of instant value. You will find information you weren't aware of.
What do you dislike about the product?
Nothing really. It is very comprehensive.
What problems is the product solving and how is that benefiting you?
It brings to my attention "hidden" risks such as lack of TLS, SPF, DMARC, missing patches etc.
Good platform that continues to evolve
What do you like best about the product?
Quick and easy to use to find potential issues with your external assets.
What do you dislike about the product?
Some of the factors used to determine score are subjective and SSC does not provide strong evidence of a risk-based decision.
What problems is the product solving and how is that benefiting you?
Clear view into external asset security posture. In addition, customers are able to the score and how it improves over time.
Useful to kick off a conversation
What do you like best about the product?
I use it as one more input when reviewing the vendor security posture within the vendor security risk assessment process. I like it gives me detailed inputs to start asking things about the third party. The reports are detailed enough to submit them and wait for a targeted and not high-level answer.
What do you dislike about the product?
According to third-party feedback, unfortunately, it gives many false positives. I would say that 50% of the vendors I asked about Scorecard-> are not maintaining it and re-direct us to their security trust center with more accurate pentest on their domains.
What problems is the product solving and how is that benefiting you?
As I said, it's giving me further inputs to kick off conversations with third parties. I wouldn't say it's solving any problem but it's in our checklist in the 3rd parties and supplier assessment. Honestly, so far, it hasn't given us enough accurate information to detect risk exposure in the third party. They don't give much relevance to what SS says and redirect us to their pen tests. It's plenty of false positives (i.e., domains not owned by the scanned URL) in the Application and network security sections.
If we had to follow up each variation in SS we would need a person dedicate to that with no full assurance on adding any value, so, we are not following that "live".
If we had to follow up each variation in SS we would need a person dedicate to that with no full assurance on adding any value, so, we are not following that "live".
We are using securityscorecard to monitor our third party vendors
What do you like best about the product?
simplicity and easy to use reporting, its comprehensive coverage areas
What do you dislike about the product?
sometimes the data is not accurate after confirming with vendors
What problems is the product solving and how is that benefiting you?
blindsidedness when dealing with new third parties. This gives me an opportunity to evaluate risk profiles of the parties we are dealing with.
Best External Security Posture Rating platform
What do you like best about the product?
SecurityScoreCard (SCC) is not just an external security posture rating platform, but it is also external attack surface management. With all the public data available, it shows a mirror to organizations how exactly security looks from the outside.
With every organization now using SCC scores, a kind of social pressure has been created that every organization must maintain a mark security posture, which is overall good for the community.
With every organization now using SCC scores, a kind of social pressure has been created that every organization must maintain a mark security posture, which is overall good for the community.
What do you dislike about the product?
Anything related to your company name impacts the score, even your vendor services and all. Although that's the idea that the security posture of any company is not just its own infrastructure but all supplied ecosystem as well. However, sometimes test systems are also hosted with the same company domain, which can drop security scores a lot.
The assist discovery algorithm is not the best, especially for subdomains.
The assist discovery algorithm is not the best, especially for subdomains.
What problems is the product solving and how is that benefiting you?
Continuously monitoring external security posture in all areas of the security domain.
Social pressure to remain on top of our security.
Ability to detect external threats.
Social pressure to remain on top of our security.
Ability to detect external threats.
It has been a cornerstone of building a successful security program
What do you like best about the product?
Simple to use interface, knowledgeable folks to work with, help resolving issues when they appear on reports, and daily comfort of knowing where I stand on attack surfaces.
What do you dislike about the product?
Wish there was more than just one complimentary vendor to have in the portfolio.
What problems is the product solving and how is that benefiting you?
It provides a powerful outside-in look at my network.
showing 51 - 60