2 min read

How a Cybersecurity Risk Scorecard Can Help your Business Stay Safe

Featured Image

Security7-Blog Image

There's a litany of things a business owner has to be concerned with. There's so much to deal with on a daily basis that certain things can get overlooked.

One of those things is cybersecurity. We spoken a bit about how important it is to discuss cybersecurity matters at the executive level and why it may be necessary to hire an outside cybersecurity expert (like a Managed Cybersecurity Services Provider).

Both of those things might seem pretty daunting and not all that easy to accomplish. Especially if you're up to your neck with other tasks. You might even be saying you don't even know where you'd start to investigate your current cybersecurity posture.

Truth be told, it's not as difficult as you think. That's why we're offering you a FREE cybersecurity risk scorecard. We think it's a great place to start when considering your businesses' overall cybersecurity health and well being.

The Cybersecurity Risk Scorecard uses open source intelligence (meaning non-invasive) means to investigate your cybersecurity posture. The scorecard helps breakdown complex information and makes it easy to understand and ready for consumption at the executive level.

What's Included:

  • Patch Management
    Details are collected in relation to system version numbers. The scan leverages software from internet-wide vendors. like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are then correlated with NIST 
  • Email Security
    Vulnerabilities are collected relating to potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, SMTP ‘Verify’ vulnerabilities and more.
  • DNS Health
    We generate DNS health report from 40+ control items which are collected from online services like IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker footprints from the DNS servers.
  • Leaked Credentials
    There are more than 5 billion hacked email / password available on the internet and underground forums. This section shows the leaked or hacked emails & passwords.
  • IP/Domain Reputation
    Asset reputation score is based on the number of IPs or domains are blacklisted or they are used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, etc.
  • Fraudulent Domains
    Fraudulent Domains and subdomains are extracted from the domain registration database. The registered domains database holds more than 300M records.
  • Attack Surface
    Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength and any misconfigurations. This information is gathered from Censys & Shodan database and service / application versions are correlated with Passive Vulnerability 
  • Digital Footprint
    Digital Footprint is determined by open ports, services and application banners. This information is gathered from NormShield crawlers, Censys, VirusTotal, Robtext, Alexa, Shodan etc.
  • Web Ranking
    Cisco, Alexa and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
  • Exposure Monitoring
    Company employees may disclose Local IPs, email addresses, version numbers, whois privacy records or even misconfigure a service in a way that it may expose sensitive information to the internet.
  • Brand Monitoring
    Brand monitoring is a business analytics process concerned with monitoring various channels on the web or media in order to gain insight about the company, brand, and anything explicitly connected to the cyber space.

Interested in finding out more? Register today for our FREE Cybersecurity Risk Scorecard. You won't regret it.

 

Are Passkeys the Future? Apple Seems to Think So...

It's no secret that passwords are a pain in the butt. They can be difficult to remember, they're a huge target for cybercriminals, etc.

Read More

Alert: Follina aka CVE-2022-30190

A newly discovered exploit is using a flaw in Microsoft's Support Diagnostic Tool (MSDT) to remotely take over end-points via compromised Word...

Read More

Chaos/Yashma: The Torrid Tale of a GUI Based Ransomware Builder...

It used to take a good deal of coding knowledge to build a website or an application. That's not the case anymore. You can build a website in...

Read More