SecurityScorecard, a cybersecurity ratings specialist, has launched two threat intelligence solutions to give organizations a deep look at their cyber risk exposure.
These new offerings, Attack Surface Intelligence (ASI) and Cyber Risk Intelligence (CRI), provide security teams with contextual intelligence, summarized views, and enriched remediations, SecurityScorecard said in a prepared statement.
Simon Hunt, chief product officer of SecurityScorecard, described the intended impact of the new offerings:
“Adding sophisticated cyber and attack surface intelligence is a natural progression for our customers’ security programs. Our robust contextualized and attribution intelligence, built by expert cyber threat researchers, has powered our security ratings for over a decade and, combined with the services of our intelligence team, enables customers who want to go deeper and have greater visibility to understand the ‘why’ and ‘how’ of even the most complex threats.”
Attack Surface Intelligence (ASI) Explained
SecurityScorecard’s Attack Surface Intelligence (ASI) empowers users with a search engine built within the SecurityScorecard ratings platform, the company said. This allows customers to understand the threat actor’s next steps, confidently make informed decisions and reduce disruption.
SecurityScorecard describes how its Attack Surface Intelligence components address the challenges that cybersecurity teams face:
- Threat Investigations consolidate existing intelligence sources to gain the contextual information behind threats, vulnerabilities, leaked credentials, and more through API or in-platform use.
- Vendor Risk Management enhances the view of threats and critical vulnerabilities that impact supply chain security.
- M&A Due Diligence quickly validate the security posture and risks associated with merger & acquisition targets.
- Cyber Insurance Policy Holder Reviews identify active threats and risks associated with policy holders.
- Regulators and government agencies monitor active threats at the national and geographic level, protect critical infrastructure, and essential services.
Cyber Risk Intelligence (CRI) Advantage
SecurityScorecard also offers its Cyber Risk Intelligence (CRI) service that uses human analysis, coupled with deep intelligence sources, to provide organizations with clarity and tailored advice on mitigation controls. CRI arms threat intelligence teams with board-ready reports to proactively inform strategic decision-makers and prioritize risk controls, the company said.
CRI includes two offerings:
- CRI Core proactively illuminates an organization’s risk exposure to external cyber threats that aren’t detected by internal security controls, including leaked credentials, imposter domains, hacker chatter, and signs of advanced persistent threats (APT) reconnaissance.
- CRI’s Custom Investigations enables organizations to partner with SecurityScorecard’s STRIKE Team to meet their threat intelligence needs. Examples of custom investigations include malicious email analysis, leaked data and code discovery, malware analysis, investigation of cyber bullying, hacktivism, botnet tracking, and more.
Striking Back at Hackers
SecurityScorecard’s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) team is the company’s team of cybersecurity experts who have varying backgrounds and experiences working with intelligence services, special operations units, and Fortune 50 cyber threat intelligence teams.
Ran Sherstobitoff, senior vice president of Threat Research and Intelligence at SecurityScorecard, described the STRIKE team’s mission:
“The combination of CRI and ASI provide a critical advantage for organizations looking to constantly stay one step ahead of threat actors. By partnering with SecurityScorecard’s STRIKE team, organizations will have an extension of their threat intelligence teams, and significantly reduce their cyber risk while better defending their networks from active and emerging threats.”
ASI gives customers access to SecurityScorecard’s industry-trusted and robust data lakes to investigate threats. CRI layers in research and analysis from SecurityScorecard’s STRIKE team to help meet specific needs and inform the business of critical threats that could negatively impact operations and brand reputation.
SecurityScorecard Buys LIFARS
SecurityScorecard acquired digital forensics and incident response services provider LIFARS, MSSP Alert reported in February 2022. LIFARS' 50 employees operate as a new Digital Forensics and Incident Response (DFIR) practice within SecurityScorecard’s Professional Services group.