Rapid Cyber Risk Scorecard

Rapid Cyber Risk Scorecard

NormShield makes it easy to identify the security posture of third-party vendors and cyber insurance subscribers.

With NormShield’s Rapid Cyber Risk Scorecards, companies don’t have to use old-school Excel files and lengthy questionnaires to measure third-party risk. Rapid Cyber Risk Scorecard (RapCard) is an affordable, faster and more modern way for cyber insurance providers and third-party risk managers to obtain a real-time, on-demand assessment of cybersecurity risks.

NormShield Rapid Cyber Risk Scorecards deliver:

  • Instant cyber risk scores, generated in fewer than 60 seconds
  • 10 risk categories and 250+ control items
  • User-interface or API-based and fully automated
  • Risk scores that can be instantly used for cyber insurance, M&A due diligence, and evaluating potential suppliers
  • Availability as-a-service, with volume licenses for large organizations

Rapid Cyber Risk Scorecard Categories

NormShield’s Rapid Cyber Risk Scorecard identifies potential supply chain risk by scanning the target company's domain name using OSINT (open-source intelligence) techniques to identify the risks posed by third-party vendors without the need to touch the target company’s internal assets. A more cost-effective, faster and easier method for cyber insurers and third-party risk management, Rapid Cyber Risk Scorecards evaluate a company in up to ten different categories. Each category provides specific information about an aspect of the target company’s cybersecurity posture.

  • Patch Management

    We collect details related to the version number of your systems and software from internet-wide scanners like Censys, Shodan, Zoomeye, etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect any unmitigated known vulnerabilities.

  • DNS Health

    We generate a DNS health report from 40+ control items that are collected from online services such as IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker’s footprints from the DNS servers.

  • IP/Domain Reputation

    Asset reputation score is based on the number of IPs or domains that are blacklisted or used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, and more.

  • Attack Surface

    Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength and any misconfigurations. This information is gathered from Censys & Shodan database and service / application versions are correlated with Passive Vulnerability Scan results.

  • Web Ranking

    Cisco, Alexa and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 Parsing Compliance Findings.

  • Brand Monitoring

    Brand monitoring is a business analytics process that involves monitoring various channels on the web or media to gain insights about the company, brand, and anything explicitly connected to the cyberspace.

  • Email Security

    We collect vulnerabilities related to potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, and SMTP ‘Verify’ vulnerabilities from online services including MxToolbox and eMailSecurityGrader.

  • Leaked Credentials

    There are more than five billion hacked emails/passwords available on the internet in underground forums. Our scan cross references these known databases of compromised credentials against the target organizations’ and shows any leaked or hacked emails and passwords from these constantly updated databases.

  • Fraudulent Domains

    Fraudulent domains and subdomains are extracted and cross referenced from the domain registration database. The registered domains database holds more than 300M records.

  • Digital Footprint

    A digital footprint is determined by a target website’s open ports, services, and application banners. This information is gathered from NormShield crawlers, Censys, VirusTotal, Robtext, Alexa, Shodan, and others.

  • Information Disclosure

    Company employees may disclose local IPs, email addresses, version numbers, whois privacy records, or even misconfigure a service in a way that may expose sensitive information to the internet.

The Methodology

Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system's [in]ability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs). CTSA consists of the following steps:


Product Methodology

To generate the scorecard, NormShield needs only the company domain. The engine collects the related information from VirusTotal, Passive DNs servers, web search engines and other Internet wide scanners as well as NormShield's proprietary databases which holds more than 10 billion historic items. The engine searches the database in order to find all IP address ranges and domain names that belong to the company. NormShield uses what is called Open Source Intelligence (OSINT) that is shown below to gather information.

Schedule time with one of our Information Security Specialist to chat about
your specific needs and see NormShield in action!
Fill out the form and we will get in touch with you soon.