Data
The data that powers the SecurityScorecard platform
Customers choose SecurityScorecard because the depth of our data is unmatched. And our ability to validate that data increases with every new customer and follower. In order to make our security ratings as meaningful as possible, we conducted a study using machine learning-tuned issue-type weights, and found that organizations with an A rating are 7.7x less likely to sustain a breach than those with an F rating.
SCORING
SecurityScorecard provides A-F rating across 10 risk factor categories, including: application security, DNS health, endpoint security, and patching cadence). The aggregated information is summarized based on a standard 0 to 100 measurement metric that maps to a simple color-coded letter grade. The highest letter grade is an “A,” which indicates a low number of recent security issues, followed by “B,” “C,” “D,” and “F,” as the number of threat indicators increases.
DATA SOURCES
Our data sources include:
- IP addresses
- Exposed port mappings
- Fingerprints of services, products, libraries, operating systems, devices, and other internet-exposed resources, including version numbers
- Common Platform Enumeration (CPE) IDs
- Common Vulnerability Enumeration (CVE) Version 2 IDs
- Script output from Nmap, the open-source scanner that is one of the components of our own scanning framework.
SCANNING
We have built and maintained our own scanning infrastructure and collect 97% of our own data. We scan 4.1B IPs every 1.5 weeks across 1,400 ports globally, with honeypots in over 65 countries and 120 distinct sensors that grab hundreds of millions of active attacks every day. All of this enables us to continuously monitor over 12 million organizations, track over 10,000 high severity CVEs, and detect over 100 Billion vulnerabilities and attributions each week.
SIGNALS
SecurityScorecard monitors signals across the internet, using a network of sensors spanning three continents. Additionally, we operate one of the world’s largest networks of sinkholes and honeypots to capture malware signals and further enrich our data set with commercial and open-source intelligence sources. We supplement our data collection with external feeds from public and commercial data sources. These additional data-gathering methods help produce issue types related to leaked data.
The industry’s largest data set
With millions of companies scored, the depth and scope of our collected data is unmatched, and our ability to validate our data increases with every new customer and follower.
These numbers are updated in real time, and illustrate the expansive reach of our scoring and monitoring.
Companies Rated
Why this matters for you: The more companies we rate, the more accurate we get. Our platform processes more data than any other security ratings platform, and our algorithms provide more meaningful correlations between signals and breaches.
Unique Companies Followed
Why this matters for you: From industry, location, or company size, a greater variety of companies in our data repository improves the accuracy of our ratings, so you can make better security decisions.
Users Logged In Today
Transparency
Our customers have access to the greatest volume and quality of intelligence available. SecurityScorecard leverages data mined with the market’s leading capabilities, and relies on a global network of sensors to monitor signals across the internet. We enrich our data using commercial and open-source intelligence sources, and track over 79 security issues.
Number of Security Issues Discovered
Incidence of cybersecurity flaw vs. digital footprint
SecurityScorecard’s scoring algorithm is based on a principled statistical framework.
One of the biggest challenges to providing fair cybersecurity ratings is properly accounting for company size. Attack surface typically scales with digital footprint, which ranges from a single IP for a small company to hundreds of millions of IPs for a large tech firm. To level the playing field, SecurityScorecard measures how the incidence of cybersecurity flaws (i.e. number of issue findings) varies with company size, and evaluates companies compared to organizations of similar size.
The number of findings for exposed Microsoft’s Remote Desktop Protocol (RDP) service vs. the number of IPs (size of digital footprint).
KEY:
Dashed blue line: Corresponds to the average incidence (no. of findings). For example, an organization with 106 IPs (i.e. 1,000,000 IPs) typically has about 102 (i.e. 100) findings for exposed RDP service.
Blue dots: Each blue dot corresponds to a scored company.
Yellow band: Organizations in the yellow band receive an average score.
Green band: Companies in the green region (fewer than average findings) receive a better score, while
Red band: Those in the red region (worse than average findings) receive a worse score.
How we collect data
We have our own attribution and threat intelligence teams, who source almost all of the data we use (97%).
While this data is theoretically available to everyone, in practice one would need bespoke collection systems, special skills, or trusted access. Good examples are dark web access, internet scanning data, or bulk DNS records; there are no free repositories of this kind of data. In effect, this means the data is not “publicly” available.
We buy small amounts of data from third parties, and we use even smaller amounts of OSINT (public “open source”) data.
All of the data we use is ethically and lawfully obtained. We only collect data on entities, not on people.
You can read more here: