For more than 20 years, Thru has protected sensitive data while transferring files for businesses on a daily basis. Meeting data privacy regulations and guarding against the increasing number of cybersecurity threats means we must continually scrutinize our security posture. To assist us in doing so, we engage with trusted third parties, such as SecurityScorecard, to perform a security-related analysis.
Continue reading for a quick overview of SecurityScorecard and to learn results of our evaluation.
Who Is SecurityScorecard?
Evaluating Security Posture of Organizations
To reveal the possible presence of common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers and other types of cybersecurity flaws of varying severity, SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Additionally, it operates one of the largest networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.
After scanning and measuring a single organization’s vulnerabilities, the average for an organization of that size is calculated in terms of standard deviations. This is known as a z-score and provides a valid number for comparisons between organizations of different sizes.
Calculating Cybersecurity Ratings
Score | Grade |
---|---|
≥ 90 | A |
80 to 90 | B |
70 to 80 | C |
60 to 70 | D |
< 60 | F |
Ten Factors for Scoring Security Posture
Issue types are topically grouped into the following 10 categories:
- Network Security: Open ports (such as SMB and RDP), insecure or misconfigured SSL certificates, database and IoT vulnerabilities.
- Application Security: Vulnerabilities, misconfigurations and best practices on publicly detected web apps.
- IP Reputation: Sinkhole system ingests millions of malware signals and maps infected IP addresses back to impacted organizations.
- Endpoint Security: Exploitability of laptops, desktops, mobile devices and BYOD devices on the network.
- Patching Cadence: Frequency of updates for an organization’s identified services, software and hardware.
- DNS Health: Misconfigurations like Open Resolvers and recommended configurations for DNSSEC, SPF, DKIM and DMARC.
- Hacker Chatter: Underground and dark web discussions about targeted orgs and IP addresses.
- Information Leak: Credentials exposed by a data breach or leak, keylogger, Pastebin and database dumps and other information repositories.
- Social Engineering: Corporate accounts in social networks, financial accounts and marketing lists.
- Cubit Scores: Critical security and configuration issues, like exposed administrative control panels.
Thru’s Complete Results in Security Report
In addition to receiving the breakdown of Factor Scores, we were provided with a list of action items detailing the detected issues along with recommendations for remediation.
securityscorecard.pathfactory.com/security-ratings/how-does-scoring-work#page=1