SecurityScorecard Reviews & Product Details

It's nice to know that they are always watching my critical vendors and I can see how they are scoring. I also like that I can invite vendors to join SecurityScoreCard at no cost to them. Review collected by and hosted on G2.com.

No problems with SecurityScoreCard at present. Review collected by and hosted on G2.com.

You can get a real score from many different sources within minutes, this score is updated over the time so you can get real statistics from the changes in the applications or network. Review collected by and hosted on G2.com.

If the company has not been populated before, in some cases the first discovery takes up to 7 days. A 24 hours earlier report would be a good feature Review collected by and hosted on G2.com.

I think the most helpful feature of SecurityScorecard is Digital footprint and recommendation of issue Review collected by and hosted on G2.com.

The least helpful about SecurityScorecard is Comparation similiar companies Review collected by and hosted on G2.com.

The automated scanning and scoring that feeds into a portal where we can manage findings, resolutions, etc. Review collected by and hosted on G2.com.

Adjusted scoring seems to be to frequent

Patching cadence findings show in the score improvement plan generation and you cannot resolve those until the time elapses

I don't like the patching cadence logic and it is to rigid of a scoring mechanism for large organizations with multiple environments with an online presence. Review collected by and hosted on G2.com.

Consistent view to our posture, continually updated. Review collected by and hosted on G2.com.

Need better grouping for my industry for comparison. Review collected by and hosted on G2.com.

Intuitive platform. Great customer support. Review collected by and hosted on G2.com.

Not sure about all the details around how SSC determines/generates an organizational scorecard. Review collected by and hosted on G2.com.

SecurityScoreCard provides a comprehensive view of the security of an organization's digital footprint. Their team provides great support and pricing is competitive. Review collected by and hosted on G2.com.

Security ratings may be negatively impacted by non-critical assets, such as parked domains. The dynamic nature of public cloud deployments where public IP addresses and services are dynamic may lead to false positives, and it can be time consuming to trace down the reason why assets have been assigned to your company which are not part of one's current asset inventory. Review collected by and hosted on G2.com.

The ability to quickly ascertain the size of an org's digital presence and see whether or not they are addressing vulnerabilities appropriately; and whether or not they have open ports that are concerning. Review collected by and hosted on G2.com.

Attribution. I also manage our Scorecard and find myself spending a good deal of time sorting through IP lists to determine whether or not our cards are accurate. Parked domains can be problematic as far as introducing a significant amount of findings on scorecards (things like lack of https re-directs, spf records, etc.) This gives me a bit of pause when trying to analyse vendors' Scorecards because it can bring doubts as to the accuracy of their digital footprint (especially if they are inactive). Review collected by and hosted on G2.com.

We use SecurityScorecard in a variety of ways; 1) watching ourselves to ensure our Internet footprint secure & following best practices, 2) as part of 3rd party security reviews/approvals of new vendors/SaaS, etc., and 3) Industry benchmarking & Board reporting. 4) We're just beginning to look at corporate spend & map that back to a SecurityScore-based heatmap for a more corporate view. Also, the ability to quickly add previously unscored companies is a great feature. Review collected by and hosted on G2.com.

Biggest thing to me is around the lack of email notifications when user-initiatied 'offline/adhoc' processes are requested, which today requires the requestor to remember and go back & check, like: 1) requesting a new company be reviewed, which generally takes 3-5 days, 2) when security score reports have been requested, etc. Improving here would greatly improve the user experience. Review collected by and hosted on G2.com.

I appreciate the way Security Scorecard brings together publically available risk information and provides an initial risk analysis. The GUI interface makes it easy to drill deeper into areas of interest and the Historical trending allows you to materialize risk reduction. The ability to invite vendors to see their scorecard is a nice touch combined with allowing the customer to question, refute, or resolve any identified vulnerability. Review collected by and hosted on G2.com.

The tool does a great job at managing a vendor with a wealth of information but lacks tools to effectively and efficiently manage entire portfolios of hundreds of vendors. There are few options to bubble to the surface highest risk issues across and entire portfolio and recently identified and posted vulnerabilities so that risk mitigation efforts can begin. The Breach Insight feature is lacking in credibility and effectiveness. The lack of CVE numbers & CVSS security ratings can led to subjective opinion of risk by Security Scorecard versus the collaborative\standard presented by a CVE\CVSS. Review collected by and hosted on G2.com.

The Security Scorecard offers us what we need in terms of continuous assessment of the external network vulnerabilities tests. The webUI is user-friendly and built in a logical format, very easy to use and dig for information on it. Review collected by and hosted on G2.com.

There is no user option to re-launch the test, so you get confirmation that your fix really works. Claiming a fixed issue takes some time and a ticket to Security ScoreCard Support to validate it. Also, the propagation of the fix may take some time, before it gets reflected on the organization's score. Review collected by and hosted on G2.com.

The SecurityScorecard platform provides insights that an organization would otherwise not have related to security. Understanding where critical risks may exist dramatically reduces the risk posture of the third party population through coordinated remediation requests and efforts. Review collected by and hosted on G2.com.

The only downside to the use of he platform, and it is a very minor negative, would be the inability to create very granular alerts within the platform. The current alerting, while extremely beneficial, does require a little research after a notification is received to understand the underlying problem. Review collected by and hosted on G2.com.

We use SecurityScorecard for evaluating ourselves to ensure our public footprint is secure and use it as part of 3rd party security reviews in comparison to peers and new vendors to work with. It definitely provides an insight with data transparency and ease of use UI. Support team is super responsive and that's one of the key features. Review collected by and hosted on G2.com.

Continuous improvement are a part of SS but Email notification can be added, it will be great. Review collected by and hosted on G2.com.

What we like best about SecurityScorecard is the intuitive user experience and well organized content. The platform is very well layered to provide a wide audience with reporting, security risk metrics, and technical risk details to help support the needs of a well rounded Continuous Monitoring program. It enables its users to not only detect, but react and collaborate with in scope suppliers through the use of the vendor invite functionality. Additionally the Security Scorecard team has been beyond supportive in this journey helping the team to not only understand the tool, but how to develop processes and a program structure to maximize the value the tool brings. Review collected by and hosted on G2.com.

1) The team often finds themselves needing to refresh pages such as the insights dashboard, a supplier profile, ip inventory, etc. The data often doesn't load and we receive error messages advising us to refresh. 2) Inability to track and report on invited vendor engagements such as when the vendor was invited, did they accept the invite, when did they last login, etc. 3) Custom Scorecard data unavailable through the API. Review collected by and hosted on G2.com.

SecurityScorecard presents security metrics that are easy to understand and present to upper management. It has given me ammo to change some low-hanging security settings without burdening my staff. Review collected by and hosted on G2.com.

There can be some false positive when looking at the scorecards of vendors because they may use cloud resources which are shared by other companies so malware sources or IP reputation might have been affected by the other companies using the same resource. Review collected by and hosted on G2.com.

In a word: ACCESSIBILITY. Everyone makes you feel like your issues actually matter and will elevate to the appropriate people. The escalation path never feels like someone trying to satiate you. Review collected by and hosted on G2.com.

Random errors and slowdowns. It can take a LONG TIME to generate a report. Review collected by and hosted on G2.com.

Super User friendly interface

Great insight into the security posture

The detailed report analysis are best in class compared to other reporting tools Review collected by and hosted on G2.com.

Domain/IP mapping for company entities is fairly inaccurate

I would like to see improvements to the bottom three scorecard domains (Hacker Chatter, Information Leak and Social Engineering), they tend to never change Review collected by and hosted on G2.com.

Comprehensive research presented well. Quick and helpful support team! Review collected by and hosted on G2.com.

Sometimes items get misidentified a few times until the algorithm get updated. As the support team is quick in removing demonstrated incorrect entries, this isn’t a big detractor. Review collected by and hosted on G2.com.

SS interface is user friendly, easy to explain to other staffs in the bank. Review collected by and hosted on G2.com.

We have started using the platform, once we mature with time we would be in better postion to provide the feedback on dislike. Review collected by and hosted on G2.com.

I am able to review our vendors in real time to frameworks such as PCI, HIPAA and many more. We had a vendor say they were HIPAA compliant and I was able to show them they were not according to security scorecard Review collected by and hosted on G2.com.

They make so many improvements to the product at this point it would only be nitpicking Review collected by and hosted on G2.com.

Security Scorecard allows us to monitor the changing security posture of our suppliers Review collected by and hosted on G2.com.

One feature that would be great is to be able to nest portfolios. In the compliance tab having the ability to have a holistic view of all of our vendors that do not meet a certain control Review collected by and hosted on G2.com.

SecurityScorecard supports the communication with supplier by adding more focus in potential risks and the possibility to interact. Review collected by and hosted on G2.com.

Sometimes IPs/URLs impact the score even if they are unused and only reserved for a company. Review collected by and hosted on G2.com.

Very helpful team. Product is robust and accurate, we use it as a core component of our third party risk management programme and we are not dissapointed. It's great that Security Scorecard keep updating the platform and developing useful new features. Review collected by and hosted on G2.com.

Occasional false positives have caused internal and external issues Review collected by and hosted on G2.com.

The best part is that post you know the issues & breaches of a company, you can invite them to get remediation. You can help them improve Review collected by and hosted on G2.com.

The process of adding companies to portfolio need a little improvement. Sometimes the weblink inside the company does not open up. Also sometime the tool is little slow Review collected by and hosted on G2.com.