Security services vendor SecurityScorecard rolled out a free security assessment tool yesterday that scans weaknesses and vulnerabilities across an organization’s network and delivers a status report with a snapshot of security flaws within the infrastructure.
The security assessment includes a "security rating" and "posture score" based on Internet traffic to and from an organization. An organization’s security rating is based on on several factors including end-of-life products, hacker chatter, social engineering, patching frequency, dorking, and malware.
The assessment process monitors and classifies risks associated with the application, network, and password security for any third- and fourth party vendors as well. The goal of the assessment is to provide companies insight into how secure their organization is compared with competitors in their vertical industry.
"It's not practical to completely rely on questionnaires and penetration tests to determine the security posture of 3rd party vendors," said Michael Belloise, director of information security at TriNet, which uses SecurityScorecard’s service. “In addition to questionable accuracy, it only provides us with a point in time assessment and may not accurately reflect the true cybersecurity risk of doing business with someone.”
Read more about the Free SecurityScorecard assessment here.