Continuous monitoring has strengthened our external posture and improved cyber insurance decisions
What is our primary use case?
My main use case for SecurityScorecard is that most of the time, the customer is looking for a solution which can provide all vulnerabilities and rate, security rate, and it also performs scanning of their domain, subdomain, and IP address. Customers can easily determine what weak passwords and policy configurations exist and can easily find out vulnerabilities.
A specific example of how a customer has used SecurityScorecard to solve a problem is that I have given SecurityScorecard to multiple customers, and they were looking to understand what vulnerabilities they have and what ratings they have.
I must add that SecurityScorecard continuously monitors the cybersecurity posture of the vendor, supplier, partner, SaaS platform, and others. Most of the time, the customer does not know what ports are open and whether they are exposed to vulnerabilities or weak SSL, TLS configuration, or malware signals, or misconfigured DNS. They also do not know whether their credentials are leaked. SecurityScorecard can help with this. For external attack surface monitoring, it is very useful.
What is most valuable?
The best features SecurityScorecard offers are cyber insurance underwriting and risk scoring, which I think are the best use cases, where the customer can easily reduce underwriting time and detect sudden posture changes.
Regarding how the risk scoring and cyber insurance features help my customers, they help detect sudden posture changes and evaluate the cyber hygiene of insured entities and price policies.
I would also add that it provides value for security posture management and executive reporting. It provides simple, visual, letter grade, and easy to explain metrics and score histories. Regarding the value it provides, it converts complex security issues into business-friendly language, which helps executives and the board understand cyber risk. It supports governance and risk metrics. Compliance support and auditing provide continuous monitoring, showcasing external posture over time, detecting misconfiguration that violates standards, and help with frameworks such as NIST 800 and ISO 27001, PCI DSS, HIPAA, DORA, and SOC 2.
SecurityScorecard has positively impacted my organization and my customers by providing numerous benefits. Customers easily obtain the score, which is a use case I value greatly. Customers can easily determine what ports are open and many other things so that they can secure their DNS, applications, and networks effectively.
My customers have seen measurable outcomes and specific improvements, as they have improved compliance and security with the help of SecurityScorecard.
What needs improvement?
SecurityScorecard can be improved. As it currently stands, it does a good job monitoring public-facing devices and the internet and DNS. If SecurityScorecard could also help their customers internally by developing their tool or feature so that customer devices that are not only public-facing can be monitored, it would be more beneficial.
For how long have I used the solution?
I have been using SecurityScorecard for the last five to six years.
What do I think about the stability of the solution?
SecurityScorecard is stable.
What do I think about the scalability of the solution?
The scalability of SecurityScorecard is fine, and there is no challenge with its scalability. As of now, I have not faced any issues with the scalability of SecurityScorecard.
How are customer service and support?
Customers are getting good support 24/7 from SecurityScorecard. I would rate the customer support for SecurityScorecard nine out of 10.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, customers were sometimes using FireCompass and sometimes different tools, and some customers were net new, fresh customers using SecurityScorecard for the first time. The payback period of SecurityScorecard is less than six months from an ROI perspective. Sometimes the customer evaluates other options such as FireCompass before choosing SecurityScorecard.
How was the initial setup?
My experience with pricing, setup cost, and licensing is that pricing is acceptable as per the Indian market.
What about the implementation team?
As of now, the customer is happy, and I have not seen any complaints from the customer regarding purchasing SecurityScorecard.
What was our ROI?
When I talk about the return on investment with SecurityScorecard, the customer feedback shows that it is good from an ROI perspective. I have observed that the customer is getting 176% ROI over three years, and they are happy with it.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that pricing is acceptable as per the Indian market.
Which other solutions did I evaluate?
Sometimes the customer evaluates other options such as FireCompass before choosing SecurityScorecard.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Cybersecurity Analyst
What do you like best about the product?
Support from team. I like the likelihoods reports to help us help our customers prepare for possible attacks.
What do you dislike about the product?
There is nothing I dislike about Security Scorecard.
What problems is the product solving and how is that benefiting you?
Security Scorecard is assisting me with ensuring I advise our customers of any possible vulnerabilities or breaches that could potentially impact their foot print.
The Gold Standard for Security Ratings
What do you like best about the product?
Its interface is deceptively simple with incredible functionality. I've rolled this out in three organizations, and EVERY time, it's found THE critical gaps (e.g.- expired SSL certificates). Daily use: it is my first dashboard check in the morning. PowerPoint Integration : Easily share insights with my leadership via PowerPoint.
What do you dislike about the product?
The very first setup had to do small adjustments not to score non-critical assets. It would help to have an onboarding wizard for this.
What problems is the product solving and how is that benefiting you?
It has also done away with self-assessment “security theater.” We are now trusted by our clients when it comes to rating and sales cycles within IT security has been reduced by 30%.
Industry Benchmarking at Its Best
What do you like best about the product?
It is very rare a platform can benchmark our security posture against our peers. It was extremely easy to implement and we were up and running in less than days. Completely game changing features like monitors for compromised credentials and DNS health checking. Proactive: Support will frequently suggest optimizations
What do you dislike about the product?
Sometimes scores will vary because of things like CDN outages which may cause unnecessary alerts. Another option would be a “pause monitoring” feature for maintenance windows.
What problems is the product solving and how is that benefiting you?
Our boardroom discussions have changed, and executives now hold leaders accountable when scores dip. The platform also allowed us to discover a cloud storage bucket misconfiguration before it could be exploited.
Objective Metrics for Security Posture
What do you like best about the product?
Since SecurityScorecard does not utilize any such data, the vendor ratings are impartial. The customers think of it as a no-brainer with one neutral benchmark. Understanding customer service & user-friendliness of platform (even for non-technical stakeholders).
What do you dislike about the product?
Ratings sometimes are unfairly strong about subjects a business cannot control (e.g. shared hosting providers) — More filters in data can be helpful
What problems is the product solving and how is that benefiting you?
It allows advisors to be more objective when discussing risk with clients by presenting hard data points on top of the perception. The audit process is faster, and the reliability and confidence of stakeholders are higher than they were prior to them.
External Vulnerability Management External Attack Surface
What do you like best about the product?
tHIS TOO IS A SIMPLE man when it comes to ease of use and an insane one for the depth. I rely on it daily for our public security posture and the MS Power BI integration (thru API's) allows simple dashboarding. This is another huge one, the amount of features dark web monitoring, IP reputation checks etc really does save us hours and hours compared to doing it all manually. Unmatchable customer service, every concern is catered in hours.
What do you dislike about the product?
The initial integration work was a bit hard because of some legacy systems we have here, but their team really helped us. The only issue is that it doesn't detect all the subdomains (so you must type them manually).
What problems is the product solving and how is that benefiting you?
It identified seen assets, but right now blind spots or new asset categories such as old test envs. It has greatly reduced our attack surface, and helps us out a lot in negotiations when it comes to cyber insurance.
Essential for Third-Party Risk Management
What do you like best about the product?
Connecting our score to the fullest third-party security risk exposure view One of the things that I found most amazing was just how much you can see about a vendors security posture and not get bogged down in the weeds of all the technical analysis. Streamline the risk categorization (DNS Health, Patching cadence etc) for better focus and correct prioritization of remediation efforts. We got help and updates so you can be timely.
What do you dislike about the product?
The issue is… as positive as those scores are, we do still occasionally see some false positives related to the baked-in risk of vendors with whom we have no leverage. Once we had dialed in some compliance settings to better meet our own Risk Profiles, it was fairly straightforward to set up. As such — if reporting can be made any more flexible (which would cover the last gap), it will already be extremely similar to how we segment workflow.
What problems is the product solving and how is that benefiting you?
For vendor risk assessments, the utility use 60% time savings over manual due diligence. Yet, to keep their defenses up they can set up automatic alerts for when ratings drop and address vulnerabilities head-on so changes are made before things become dire. It is already quite critical for the compliance reporting and C-Level Risk visibility.
Security Scorecard TPRM
What do you like best about the product?
What I truly value about Security Scorecard is its comprehensive approach to vendor risk management, specifically how it excels in identifying risk factors, conducting thorough assessments, enabling continuous monitoring, and facilitating effective management of those risks.
What do you dislike about the product?
SecurityScorecard, in my opinion, is an exceptionally well-conceived solution for third-party risk management. The truth is, it causes me practically no bother at all, which speaks volumes about its great effectiveness and intuitive design. I believe they've successfully developed a tool that significantly simplifies such a critical aspect as cybersecurity with external vendors, fully meeting expectations and facilitating efficient risk management.
What problems is the product solving and how is that benefiting you?
The fundamental challenge that Security Scorecard effectively addresses is the lack of unified vendor risk management, coupled with the critical need for greater visibility into the technological security posture and proactive threat intelligence regarding third-party vendors. In today's interconnected digital landscape, organizations are increasingly reliant on a vast ecosystem of third-party providers, each representing a potential entry point for cyberattacks. Security Scorecard steps in to bridge this gap, transforming a chaotic and opaque process into a structured, insightful, and actionable one.
"Comprehensive Cybersecurity Insights with Room for Improvement"
What do you like best about the product?
SecurityScorecard provides a comprehensive view of your organization's cybersecurity posture and the security ratings of your third-party vendors, giving you the tools to manage and improve security risks effectively.
What do you dislike about the product?
While SecurityScorecard offers a lot of useful data, some users find the interface slightly overwhelming, especially if they are not very familiar with cybersecurity metrics.
What problems is the product solving and how is that benefiting you?
One issue is that the service might sometimes be too focused on broad metrics rather than providing highly detailed information. This forces me to look at other sources for deeper analysis, which can be time-consuming. However, it benefits me by keeping my focus on high-level security trends and identifying partners' general risk profiles quickly.
Excellent site analysis tool
What do you like best about the product?
You don't need to feed it anything, it starts looking for all the DNS of sites it relates to by itself, it is very easy to use and its implementation is natural, it is a tool for daily use.
What do you dislike about the product?
That sometimes you don't know why you are held responsible for some vulnerabilities that don't belong to your infrastructure, however, they are immediately removed when you let them know.
What problems is the product solving and how is that benefiting you?
SecurityScorecard comes to solve the problems of vulnerability breaches identified on the main sites of a domain. In my case, it helps me detect the vulnerabilities I have and gives me visibility to address them. Additionally, it helps me check if the actions I applied covered the vulnerability.
