NormShield is a Software-as-a-Service (SaaS) cyber risk rating platform that leverages open-source intelligence and non-intrusive cyber reconnaissance to provide 3D Vendor Risk @ ScaleSM. It collects a wide range of information without touching the target customer and leverages advances in data science and machine learning to provide higher frequency and precise real-time risk assessments. Its timely data collection provides continuous risk monitoring of third parties so that risk ratings are kept up to date as situations on the network are always fluctuating.
NormShield’s platform was built from a practitioner’s perspective to provide full visibility into a vendor’s cyber position. It enables enterprises to continuously assess third-party risks, assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and determines probable financial impact if a third-party experiences a breach.
Its intuitive interface and reports communicate risks in qualitative, quantitative and easy to understand business terms for executives, and allows IT-security teams to drill down to the technical details in each risk category.
See what hackers see
NormShield uses the same open-source intelligence tools and techniques hackers use – data collectors, crawlers, honeypots, etc. – to continuously collect information from internet-wide scanner databases, reputation sites, cyber events, hacker shares, and known vulnerability databases.
Continuously monitor your third-parties
An enterprise Cyber Risk Management program needs to look at internal security, perimeter security, data security, but must cover an organization’s overall cyber ecosystem to include everyone that is either directly connected to the network or has access to valuable assets.
What gets measured is what gets managed so companies need to take control of their third-party exposure and implement safeguards and processes to reduce their potential exposure
3D Vendor Risk @ Scale SM
The NormShield platform gives a 3-dimensional risk picture of a vendor through NormShield Cyber Risk Ratings that include;
1. Technical Report that assigns a letter-grade with underlying technical details,
2. Financial Impact Report that uses using Open FAIRTM to determine probable financial impact if a third-party is breached
3. Compliance Report that determines third-party compliance with industry standards, regulations and best practices
NormShield Cyber Risk Rating
NormShield compiles called Open-Source Intelligence (OSINT) data into a simple, readable report with letter-grade scores that help identify and mitigate potential security risks. It identifies the risks, the risk score of the corresponding vulnerabilities / weaknesses, and attack patterns based on MITRE’s Cyber Threat Susceptibility Assessment Framework. The risk assessment is provided in 20 categories with more than 400 control items.
NormShield does all of this without scanning or modifying any of the organization’s business assets. The only information required is the domain name of the company of interest.
Financial Impact Report
Cyber security reporting has become a critical issue between the technical team and the board. Most of the security issues get “lost in translation” when reported to the upper-level. NormShield uses the Open FAIRTM model to calculate the probable financial impact (risk) in case of a data breach. Translating the ” security language” to “business language”, Financial Impact Report has been a game-changer in security-reporting.
Open FAIRTM has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk. Platform users can leverage Open FAIRTM results in prioritization of resource allocation.
Organizations can assess their vendors’ compliance level to various regulations and best-practices built-into the NormShield platform. NormShield correlates the platform’s findings to industry open standards and best practices. The cross-correlation capability measures the compliance level of a target company for different regulations based on the input given from another standard, saving effort and time both on the vendor and company side.
Through exportable regulation questionnaires, organizations can also ask a vendor to manually fill-out the control items and then import it into the platform.
Rapid Risk Rating
NormShield’s Rapid Cyber Risk Rating is an affordable, faster and more modern way for and third-party risk managers to obtain a real-time, on-demand assessment of cybersecurity risks.
NormShield Rapid Cyber Risk Rating delivers:
- Instant cyber risk assessment generated in fewer than 60 seconds
- 10 risk categories and 250+ control items
- User-interface or API-based and fully automated
- Risk scores that can be instantly used for cyber insurance, M&A due diligence, and evaluating potential suppliers
- Availability as-a-service, with volume licenses for large organizations