SecurityScorecard Reviews & Product Details - Page 8

Intuitive platform. Great customer support. Review collected by and hosted on G2.com.

Not sure about all the details around how SSC determines/generates an organizational scorecard. Review collected by and hosted on G2.com.

SecurityScoreCard provides a comprehensive view of the security of an organization's digital footprint. Their team provides great support and pricing is competitive. Review collected by and hosted on G2.com.

Security ratings may be negatively impacted by non-critical assets, such as parked domains. The dynamic nature of public cloud deployments where public IP addresses and services are dynamic may lead to false positives, and it can be time consuming to trace down the reason why assets have been assigned to your company which are not part of one's current asset inventory. Review collected by and hosted on G2.com.

The ability to quickly ascertain the size of an org's digital presence and see whether or not they are addressing vulnerabilities appropriately; and whether or not they have open ports that are concerning. Review collected by and hosted on G2.com.

Attribution. I also manage our Scorecard and find myself spending a good deal of time sorting through IP lists to determine whether or not our cards are accurate. Parked domains can be problematic as far as introducing a significant amount of findings on scorecards (things like lack of https re-directs, spf records, etc.) This gives me a bit of pause when trying to analyse vendors' Scorecards because it can bring doubts as to the accuracy of their digital footprint (especially if they are inactive). Review collected by and hosted on G2.com.

We use SecurityScorecard in a variety of ways; 1) watching ourselves to ensure our Internet footprint secure & following best practices, 2) as part of 3rd party security reviews/approvals of new vendors/SaaS, etc., and 3) Industry benchmarking & Board reporting. 4) We're just beginning to look at corporate spend & map that back to a SecurityScore-based heatmap for a more corporate view. Also, the ability to quickly add previously unscored companies is a great feature. Review collected by and hosted on G2.com.

Biggest thing to me is around the lack of email notifications when user-initiatied 'offline/adhoc' processes are requested, which today requires the requestor to remember and go back & check, like: 1) requesting a new company be reviewed, which generally takes 3-5 days, 2) when security score reports have been requested, etc. Improving here would greatly improve the user experience. Review collected by and hosted on G2.com.

I appreciate the way Security Scorecard brings together publically available risk information and provides an initial risk analysis. The GUI interface makes it easy to drill deeper into areas of interest and the Historical trending allows you to materialize risk reduction. The ability to invite vendors to see their scorecard is a nice touch combined with allowing the customer to question, refute, or resolve any identified vulnerability. Review collected by and hosted on G2.com.

The tool does a great job at managing a vendor with a wealth of information but lacks tools to effectively and efficiently manage entire portfolios of hundreds of vendors. There are few options to bubble to the surface highest risk issues across and entire portfolio and recently identified and posted vulnerabilities so that risk mitigation efforts can begin. The Breach Insight feature is lacking in credibility and effectiveness. The lack of CVE numbers & CVSS security ratings can led to subjective opinion of risk by Security Scorecard versus the collaborative\standard presented by a CVE\CVSS. Review collected by and hosted on G2.com.

The Security Scorecard offers us what we need in terms of continuous assessment of the external network vulnerabilities tests. The webUI is user-friendly and built in a logical format, very easy to use and dig for information on it. Review collected by and hosted on G2.com.

There is no user option to re-launch the test, so you get confirmation that your fix really works. Claiming a fixed issue takes some time and a ticket to Security ScoreCard Support to validate it. Also, the propagation of the fix may take some time, before it gets reflected on the organization's score. Review collected by and hosted on G2.com.

Many times you buy a security tool and after a short onboarding period, you are on your own. The experience with SSC has been the opposite. They were there and continue to be there for us. From the sales, to support, to continuous customer care, the experience has been outstanding. SSC stands behind its product and is ready and able to engage whenever we bring our third parties to the table or have any questions. They have been very responsive to our needs (e.g. training, deployment, questions by internal teams and third parties, open to feedback, etc.) The tool is helping us assess a large number of third parties that we are discovering. Review collected by and hosted on G2.com.

Does not have enough capabilities yet to gain insight on how the tool is being used within the organization. Review collected by and hosted on G2.com.

The SecurityScorecard platform provides insights that an organization would otherwise not have related to security. Understanding where critical risks may exist dramatically reduces the risk posture of the third party population through coordinated remediation requests and efforts. Review collected by and hosted on G2.com.

The only downside to the use of he platform, and it is a very minor negative, would be the inability to create very granular alerts within the platform. The current alerting, while extremely beneficial, does require a little research after a notification is received to understand the underlying problem. Review collected by and hosted on G2.com.

We use SecurityScorecard for evaluating ourselves to ensure our public footprint is secure and use it as part of 3rd party security reviews in comparison to peers and new vendors to work with. It definitely provides an insight with data transparency and ease of use UI. Support team is super responsive and that's one of the key features. Review collected by and hosted on G2.com.

Continuous improvement are a part of SS but Email notification can be added, it will be great. Review collected by and hosted on G2.com.

What we like best about SecurityScorecard is the intuitive user experience and well organized content. The platform is very well layered to provide a wide audience with reporting, security risk metrics, and technical risk details to help support the needs of a well rounded Continuous Monitoring program. It enables its users to not only detect, but react and collaborate with in scope suppliers through the use of the vendor invite functionality. Additionally the Security Scorecard team has been beyond supportive in this journey helping the team to not only understand the tool, but how to develop processes and a program structure to maximize the value the tool brings. Review collected by and hosted on G2.com.

1) The team often finds themselves needing to refresh pages such as the insights dashboard, a supplier profile, ip inventory, etc. The data often doesn't load and we receive error messages advising us to refresh. 2) Inability to track and report on invited vendor engagements such as when the vendor was invited, did they accept the invite, when did they last login, etc. 3) Custom Scorecard data unavailable through the API. Review collected by and hosted on G2.com.