Threat Intelligence, Channel partners, Content, Security Program Controls/Technologies

SecurityScorecard Rolls Out Third Party Cyber Risk Management Offering

Risk management and mitigation to reduce exposure for financial investment, projects, engineering, businesses. Concept with manager’s hand turning knob to low level. Reduction strategy.

SecurityScorecard, which rates companies’ security postures, has rolled out its new Managed Cyber Risk Services program to help customers improve third-party cyber risk management.

With nearly every organization engaging with at least one-third party that has been struck by a cybersecurity breach, SecurityScorecard has applied its services platform to “solve the third party cyber risk puzzle,” the company said.

"The Next Evolution of Security Ratings"

Aleksandr Yampolskiy, SecurityScorecard chief executive and co-founder, said of the offering:

“Many CISOs are challenged with manual third-party risk approaches that are inconsistent and focused on checkbox compliance. Customers consistently shared that they need a way to operationalize third- and fourth-party cyber risk management. Today, SecurityScorecard is meeting that customer need. The next evolution of security ratings will focus on operationalizing cyber risk management and threat intelligence to directly impact our customers’ ability to deliver on their mission.”

Managed Cyber Risk Services: What's Included

Managed Cyber Risk Services will be delivered by partners to achieve strategic business and security outcomes, including:

  • Discovers risk across a customer’s attack surface, including their third- and fourth-party ecosystem, to reduce the risk of a compromise. Verifies that vendors’ vulnerabilities or other security issues are remediated.
  • Works with customers or through partners to deliver the strategic and tactical capabilities needed to maximize the value of the SecurityScorecard platform.
  • Continuous monitoring, investigation, and analysis of risk indicators with centralized threat intelligence. Proactively identifies cyber threats across a customer’s unique attack surface. Manages alerts for customers.
  • Incorporates business context to drive decisions. Deploys best practices to improve security posture. Proven playbooks proactively protect customers and support incident response if an incident occurs.
  • Streamlines contract security compliance through a defensible, traceable process. Proactively manages vendor communication, questionnaires, and escalation management.
  • Measures results based on trusted analysis, timely delivery, and empowering guidance. Estimates time saved to demonstrate return on investment.
  • Communicates third-party cyber risk and benchmarks against peers. Customers also have the flexibility to run their own research, reports, and investigations.
  • Solves complex customers’ challenges by evaluating, improving, and implementing their third-party cyber risk programs.
  • Managed Cyber Risk Services are directly connected to the SecurityScorecard Platform, allowing drill down into specific portfolios, companies, findings, and issues.
  • Built on an API-first architecture, data can be directly ingested into their own security stack and reporting tools or integrate into their preferred MSSP or services provider to achieve improved security and business outcomes.

Partners that leverage the “Powered by SecurityScorecard” brand will ensure they are providing the gold standard of service based on SecurityScorecard’s decade of experience in third-party cyber risk management.

The new offering will be available to all customers by the end of the year, the company said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.