What is SecurityScorecard
SecurityScorecard is an information security company that specialized in cybersecurity rating and risk management. It offers a cybersecurity rating platform that provides a range of products and services [1] to help corporate entities identify and manage their own and third parties (i.e business partners, vendors and suppliers) cybersecurity risks.
Cybersecurity Rating and Risk Mitigation
The cybersecurity rating platform is intended to help organization to gain visibility into its cybersecurity risk profile through scored analysis of factors that represent cybersecurity risk. The 10 factor analyzes by SecurityScorecard [2] are:
Network Security
DNS Health
Patching Cadence
Endpoint Security
IP Reputation
Application Security
Cubit Score
Hacker Chatter
Leaked Credentials
Social Engineering
It employs continuous scanning across the 10 factors to provide ongoing insights into a company's potential risks and areas of improvement in near real-time. Under each factor, the SecurityScorecard platform will detail the potential findings/issues with their prevailing level of risks and provide general guidance on mitigation. With this, organization can prioritize risk mitigation [7].
Data Visualization for Risk Analysis
While the SecurityScorecard platform offers comprehensive visualizations, it's sheer amount of data can be overwhelming, especially for organizations with specific needs. Downloading the data via their API and creating custom visualizations tailored to our organization's needs can be more effective. For example, Microsoft PowerBI can be used to create a risk dashboard with the following visualizations:
1.) Overall risk profile of the company in a particular day
2.) Benchmark company's risk profile with industry
3.) Quick view on the types of issues of each risk levels
4.) Quick view of "High" severity issue types by "Factor"
5.) Detailed view of "High" severity Application Security Issues
6.) Detailed view of "High" severity Network Security Issues
Threat Intelligence Enrichment
While the SecurityScorecard platform offers comprehensive information, integrating threat intelligence feeds like Mandiant with it's data can significantly enhance a organization's cybersecurity risk management strategy. For example, CVE data can be further enriched with more information from Mandiant such as whether there is available exploit for a CVE. With this, organization can put mitigating CVEs with available exploits as a priority.
API Code
The python code for automatically downloading SecurityScorecard data and enriching CVE data with information from Mandiant can be found at here. API keys from SecurityScorecard and Mandiant are necessary for the program to work. The program can still work if organization does not have subscription to Mandiant, but the associated Mandiant API code needs to be removed or commented out.
References
Commentaires