Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:00 PM
Dark Reading
Dark Reading
Products and Releases

UpGuard, Formerly ScriptRock, Unveils First FICO-Like Score for Cybersecurity and Compliance

CSTAR Creates First Actionable Score for Businesses and Insurance Carriers to Accurately, Easily Measure Cyber Risk

Tuesday, January 26, 2016 – Mountain View, Calif. – UpGuard (www.upguard.com), formerly ScriptRock (www.scriptrock.com), today unveiled its Cybersecurity Threat Assessment Report (CSTAR), the industry’s first and only comprehensive and actionable cybersecurity preparedness score for enterprises. UpGuard’s CSTAR is a FICO-like score that allows businesses to measurably understand the risk of data breaches and unplanned outages due to misconfigurations and software vulnerabilities, while also offering insurance carriers a new standard by which to more effectively assess risk and compliance profiles.

Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption and network damage; however, many companies forego available policies due to perceived high cost and uncertainty that their organizations will suffer an attack. With CSTAR, insurance carriers can make smarter underwriting decisions while accelerating the availability of comprehensive and cost-effective cybersecurity insurance policies for businesses.

“It’s impossible for businesses to get a clear picture of their systems – and put simply, they can’t even begin to fix what they don’t understand. That shortcoming has led to many high-profile data breaches making headlines and has also left the bulk of the global economy uninsured,” said Mike Baukes, co-CEO and co-founder of UpGuard. “CSTAR aims to be the standard upon which companies re-evaluate security practices and for insurance carriers to sharpen evaluation methods and broaden coverage policies.”

Introducing The First Comprehensive, FICO-Like Standard For Cybersecurity

UpGuard’s expertise in configuration anomaly and vulnerability detection allows for a complete picture of an organization’s cybersecurity preparedness. An organization’s CSTAR represents a company’s aptitude in the areas of compliance, integrity and security across all servers, network devices and cloud applications. UpGuard customers can trace changes in their CSTAR evaluation down to the smallest building blocks of information technology and use the full report to then remediate potential risks, creating a safer environment for customer data and lowering insurance costs. Thousands of customers worldwide already use UpGuard’s technology to validate mission-critical infrastructure and continuously detect potential risks.

The CSTAR reflects three distinct assessment categories:

·  Compliance measures an organization’s ability to maintain its systems in a resilient state. A high score in this category indicates the organization ensures their servers, network devices, and cloud services are maintained properly and correctly configured.

·  Integrity measures an organization’s ability to determine whether changes are authorized or unauthorized. UpGuard documents every change within its auditable system of record, then performs a number of policy-based checks to determine how many of those changes are expected.

·  Security measures an organization’s ability to detect and remediate vulnerabilities. UpGuard maintains an updated database of information about known software vulnerabilities from top security organizations, as well as integrates with multiple vulnerability assessment tools, to determine which systems and software packages may be at risk. The number and severity of vulnerabilities, along with the frequency of scans, determine this category’s score.

Just as FICO became a global standard for measuring risk in the financial industry through establishing an accurate and reliable number lenders trust to make credit decisions, UpGuard envisions a similar path for CSTAR to be the single score for measuring risk that insurance providers and businesses alike rely on to make cyber risk decisions.

“The market for cyberinsurance is still developing, because the risks underlying the coverage are difficult to quantify from an actuarial standpoint. With no standard set of actuarial tables, insurers are often left to their own underwriting standards and creativity when offering cyberinsurance policies. The lack of actuarial data and the diversity of IT risks that are not presently covered, as well as the increased price, make cyberinsurance less desirable to companies seeking coverage,” notes Gartner, Inc. in Understanding When and How to Use Cyberinsurance Effectively, John A. Wheeler, March 12, 2015.

Giving Rise To The Cybersecurity Insurance Industry

The White House expects by 2020 for cybersecurity insurance to be as common as product liability coverage and other basic policies – and yet, only a few dozen insurers globally currently offer it. UpGuard has worked with major industry players, including CRC Insurance Services, Inc. and Corona Underwriters, to deeply understand challenges unique to the underwriting and decision-making process. Rather than write policies based on ballpark estimates or conjecture, CSTAR enables carriers to measure cyber risk for companies at an individualized operational level, and write policies based on concrete security data. It provides a much-needed industry standard that allows carriers to finally understand cybersecurity risk and to act on that information.

“UpGuard takes an altogether different approach to an issue that’s long hindered the cyber insurance industry. Such an easy-to-understand score and scalable solution will greatly enhance our ability to assess the cybersecurity of our clients,” said Garrett Koehn, president, Northwestern Region for CRC Insurance Group, a leading commercial insurance wholesaler.

To see how it works, or to get your CSTAR rating, visit www.upguard.com.

About UpGuard

UpGuard is the company behind CSTAR, the world’s only comprehensive and actionable cybersecurity preparedness score for enterprises. The FICO-like score allows businesses to understand the risk of breaches and unplanned outages due to misconfigurations and software vulnerabilities. It also offers insurance carriers a new standard by which to effectively assess client risk and compliance profiles. Thousands of companies, including ADP, E*TRADE and Cisco Systems, use UpGuard to validate infrastructure, continuously detect risks and procure cybersecurity insurance. UpGuard is headquartered in Mountain View, CA with offices in Portland, OR. To see how UpGuard works, or to get your CSTAR rating, visit www.upguard.com.

Subscribe to the UpGuard blog: www.upguard.com/blog

Follow UpGuard on Twitter: @UpGuard

Follow UpGuard on LinkedIn: www.linkedin.com/upguard

Follow UpGuard on Facebook: www.facebook.com/upguard

Media Contact

Jane Hainze



Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.