Sign in
Sign in
or
Create a new account
Categories
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

SecurityScorecard

SecurityScorecard | 1

Reviews from AWS Marketplace

0 AWS reviews
  • 5 star
    0
  • 4 star
    0
  • 3 star
    0
  • 2 star
    0
  • 1 star
    0

External reviews

73 reviews
from G2

External reviews are not included in the AWS star rating for the product.

    Banking

Simple and straightforward tool

  • October 31, 2019
  • Review verified by G2

What do you like best about the product?
SS interface is user friendly, easy to explain to other staffs in the bank.
What do you dislike about the product?
We have started using the platform, once we mature with time we would be in better postion to provide the feedback on dislike.
What problems is the product solving and how is that benefiting you?
* Third party is always a high risk area, especially where customer information are shared.
* With traditional third party assessment approach, it is very difficult to regularly track on vulnerabilities and then its mitigation.
* With SS platform, vulnerabilities tracking & mitigation process is simplified.
Recommendations to others considering the product:
SS is simple to use and up to the point, support team are very helpful.

    Information Services

Improve supplier communication

  • October 31, 2019
  • Review verified by G2

What do you like best about the product?
SecurityScorecard supports the communication with supplier by adding more focus in potential risks and the possibility to interact.
What do you dislike about the product?
Sometimes IPs/URLs impact the score even if they are unused and only reserved for a company.
What problems is the product solving and how is that benefiting you?
Improving communication with supplier and sharpening the view on the own estate.
Recommendations to others considering the product:
SecurityScorecard puts the focus in the right direction, it is not the tool to fix your issues.

    Aaron G.

Great tool in the VRA toolkit

  • October 30, 2019
  • Review verified by G2

What do you like best about the product?
The ability to quickly ascertain the size of an org's digital presence and see whether or not they are addressing vulnerabilities appropriately; and whether or not they have open ports that are concerning.
What do you dislike about the product?
Attribution. I also manage our Scorecard and find myself spending a good deal of time sorting through IP lists to determine whether or not our cards are accurate. Parked domains can be problematic as far as introducing a significant amount of findings on scorecards (things like lack of https re-directs, spf records, etc.) This gives me a bit of pause when trying to analyse vendors' Scorecards because it can bring doubts as to the accuracy of their digital footprint (especially if they are inactive).
What problems is the product solving and how is that benefiting you?
Enabled us to identify independent advisor hosted sites that have wordpress vulnerabilities, servers w/ RDP open so we can reach out to remediate. Streamlines our Vendor Risk Assessment process, particularly when vendors are unable to provide vulnerability scans or pen test results during our due diligence process.
Recommendations to others considering the product:
Make good use of the ability to manage your own org's Scorecard. We have been able to use it to provide assurances to OUR clients, institutional investors, and FID partners as to the effectiveness of our cyber-security program.

    Information Technology and Services

Great product for 3rd eye view

  • October 30, 2019
  • Review verified by G2

What do you like best about the product?
We use SecurityScorecard for evaluating ourselves to ensure our public footprint is secure and use it as part of 3rd party security reviews in comparison to peers and new vendors to work with. It definitely provides an insight with data transparency and ease of use UI. Support team is super responsive and that's one of the key features.
What do you dislike about the product?
Continuous improvement are a part of SS but Email notification can be added, it will be great.
What problems is the product solving and how is that benefiting you?
We use SecurityScorecard for evaluating ourselves to ensure our public footprint is secure and use it as part of 3rd party security reviews in comparison to peers and new vendors to work with. It definitely provides an insight with data transparency and ease of use UI. Support team is super responsive and that's one of the key features.

    Food Production

The sucess behind SSC is its people

  • October 29, 2019
  • Review verified by G2

What do you like best about the product?
Many times you buy a security tool and after a short onboarding period, you are on your own. The experience with SSC has been the opposite. They were there and continue to be there for us. From the sales, to support, to continuous customer care, the experience has been outstanding. SSC stands behind its product and is ready and able to engage whenever we bring our third parties to the table or have any questions. They have been very responsive to our needs (e.g. training, deployment, questions by internal teams and third parties, open to feedback, etc.) The tool is helping us assess a large number of third parties that we are discovering.
What do you dislike about the product?
Does not have enough capabilities yet to gain insight on how the tool is being used within the organization.
What problems is the product solving and how is that benefiting you?
Rapid assessment and prioritization of third parties that are popping up as part of a discovery process. It is enabling us to become more agile and have more intelligent and fact-supported conversations with our third parties.

    Insurance

SecurityScorecard for Continuous Security Monitoring

  • October 29, 2019
  • Review provided by G2

What do you like best about the product?
What we like best about SecurityScorecard is the intuitive user experience and well organized content. The platform is very well layered to provide a wide audience with reporting, security risk metrics, and technical risk details to help support the needs of a well rounded Continuous Monitoring program. It enables its users to not only detect, but react and collaborate with in scope suppliers through the use of the vendor invite functionality. Additionally the Security Scorecard team has been beyond supportive in this journey helping the team to not only understand the tool, but how to develop processes and a program structure to maximize the value the tool brings.
What do you dislike about the product?
1) The team often finds themselves needing to refresh pages such as the insights dashboard, a supplier profile, ip inventory, etc. The data often doesn't load and we receive error messages advising us to refresh. 2) Inability to track and report on invited vendor engagements such as when the vendor was invited, did they accept the invite, when did they last login, etc. 3) Custom Scorecard data unavailable through the API.
What problems is the product solving and how is that benefiting you?
Problems Being Solved: Security Scorecard has filled the gap between our point in time, questionnaire based security assessments. This has instilled a new sense of comfort in our organization knowing that we have the ability to detect and seek remediation for possible risk prior to the next security assessment.
Benefits: The platform has enabled my team to maximize their vendor collaboration and remediation efforts through native portfolio management, dynamic filtering, and configurable real-time alerting.
Recommendations to others considering the product:
Some recommendations our team would make to others using SecurityScorecard is to first familiarize themselves with the capabilities of the tool, become comfortable with the data, and understand how the platform will fit into your overall 3rd Party Risk Management and Security strategy prior to issuing licenses and engaging with your vendor partners.

    Insurance

A valued resource and a true partner.

  • October 29, 2019
  • Review verified by G2

What do you like best about the product?
In a word: ACCESSIBILITY. Everyone makes you feel like your issues actually matter and will elevate to the appropriate people. The escalation path never feels like someone trying to satiate you.
What do you dislike about the product?
Random errors and slowdowns. It can take a LONG TIME to generate a report.
What problems is the product solving and how is that benefiting you?
I don't know how we would perform proper ongoing monitoring if not for SSC. Using the individualized domain reporting for Inherent Risk calculations have also proven to be integral.
Recommendations to others considering the product:
Simply has better support than BitSight. If you feel that you're on the fence, ask to speak to the customer success team. It's honestly one of their best features - the people.

    Human Resources

Great Interface and

  • October 29, 2019
  • Review verified by G2

What do you like best about the product?
Super User friendly interface
Great insight into the security posture
The detailed report analysis are best in class compared to other reporting tools
What do you dislike about the product?
Domain/IP mapping for company entities is fairly inaccurate
I would like to see improvements to the bottom three scorecard domains (Hacker Chatter, Information Leak and Social Engineering), they tend to never change
What problems is the product solving and how is that benefiting you?
Security Scorecard helps our team kick start the our Vendor Security Risk Assessments. We are able to leverage scores and findings during our vendor review process. I'm a huge fan of the different changes we can make to the dashboard. I also find the security news section insightful.

    Financial Services

Outstanding new perspective on third party risk.

  • October 29, 2019
  • Review verified by G2

What do you like best about the product?
The SecurityScorecard platform provides insights that an organization would otherwise not have related to security. Understanding where critical risks may exist dramatically reduces the risk posture of the third party population through coordinated remediation requests and efforts.
What do you dislike about the product?
The only downside to the use of he platform, and it is a very minor negative, would be the inability to create very granular alerts within the platform. The current alerting, while extremely beneficial, does require a little research after a notification is received to understand the underlying problem.
What problems is the product solving and how is that benefiting you?
Through the use of the multiple API endpoints, performing periodic checks for public breaches across the vendor population has been completely automated. Additionally, the alert capabilities provides great insight into pressing issues that a vendor's attention should be focused on for remediation purposes to reduce their inherent risk.
Recommendations to others considering the product:
It is highly recommended to explore the options available to the end user through the vast array of API endpoints. Detailed information can be obtained and parsed through scripting and automation. The remediation support that the SecurityScorecard team provides through their validation efforts is also top notch. The customer success managers work alongside you throughout both the implementation and training process as well as navigating the ongoing usage of the platform.

    Marvin G.

Best bang for the Buck in SecurityScore space

  • October 26, 2019
  • Review verified by G2

What do you like best about the product?
We use SecurityScorecard in a variety of ways; 1) watching ourselves to ensure our Internet footprint secure & following best practices, 2) as part of 3rd party security reviews/approvals of new vendors/SaaS, etc., and 3) Industry benchmarking & Board reporting. 4) We're just beginning to look at corporate spend & map that back to a SecurityScore-based heatmap for a more corporate view. Also, the ability to quickly add previously unscored companies is a great feature.
What do you dislike about the product?
Biggest thing to me is around the lack of email notifications when user-initiatied 'offline/adhoc' processes are requested, which today requires the requestor to remember and go back & check, like: 1) requesting a new company be reviewed, which generally takes 3-5 days, 2) when security score reports have been requested, etc. Improving here would greatly improve the user experience.
What problems is the product solving and how is that benefiting you?
We're in our 2nd full year of use, and improved our overall score from 73-C to 98-A. SecurityScorecard has brought to light several best practices that weren't being followed (especially around Email security & DNS (SPF/DKIM), SSL best practices, as well as, garbage collection, not to mention keeping tabs on a sprawling web presence. While it was a tremendous amount of work to clean up the environment, it's now relatively easy to keep clean, enabling us to see a drastic reduction in the number of successful web attacks, as well as, increasing the effectiveness of the advanced security capability of our email filtering capability, resulting in reductions in the number of actual phish in users' mailboxes.
Recommendations to others considering the product:
The biggest value to us is the continuous monitoring of ourselves, and taking action on score changes. From my perspective, continuous monitoring of 3rd parties hasn't been all that valuable to date - we found we didn't do anything with the alerts. We're looking into integration with ServiceNow to enhance the approval process vs. being disjointed today - hope is to streamline the process.

showing 61 - 70