What is SecurityScorecard, and Why Should MSPs Care About Vendor Scores?

How does an MSP trust a solutions provider to do and provide the things they promise? Marketing buzzwords like ‘best-in-class,’ ‘leading,’ and everyone uses ‘industry-standard,’ so who actually stands out among the rest? Look for credible, independent experts to vet organizations on an even playing field to give MSPs unbiased insight into their products and claims. In recent SecurityScorecard evaluations, for example, Axcient earned consistently high cybersecurity ratings compared to competitors and average industry scores, and have scored as high as 98.

In this article:

  • Understand the value of these scores.
  • See how vendor scores compare in a snapshot in time.
  • Keeping an eye on these scores can boost confidence in vendors’ commitment to cybersecurity.

What Do the Ratings Mean on a SecurityScorecard?

SecurityScorecard uses data from publicly available commercial and open-source feeds across the internet to get an “outside-in, hacker perspective of a company’s cybersecurity posture.” With over 1.5 million companies scored and counting, SecurityScorecard data is valid and reliable. A score is a moment-in-time capture of the security profile of a company. Want to take a deeper dive?

“The biggest takeaway for MSPs is, according to SecurityScorecard, companies with consistently better ratings are more resilient. For example, companies that receive a spectrum of ‘B’ ratings are 2.6x more likely to suffer a data breach versus those with a trendline of ‘A’ ratings, and companies with a ‘C’ rating trend are 4.3x more likely to get hit.”

SecurityScorecard analyzes vendor data to discover 79 cybersecurity issue types that are topically organized into 10 risk factors. The security issues are measured by the assigned risk factor, severity-based weight, update cadence, and age-out window to determine the end score. Multiple scores should be considered together to get a picture of a trendline of security performance.

Risk factors are defined by SecurityScorecard as follows:

  1. Network Security: Checks datasets for evidence of high-risk or insecure open ports within the organization network.
  2. DNS Health: Measures the health and configuration of an organization’s DNS settings and validates that no malicious events occurred in the passive DNS history of the organization’s network.
  3. Patching Cadence: Analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
  4. Endpoint Security: Tracks identification points extracted from metadata related to the operating system, web browser, and related active plugins.
  5. IP Reputation and Malware Exposure: Makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
  6. Application Security: Uses incoming threat intelligence from known exploitable conditions identified via white hat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.
  7. Cubit Score: Measures a variety of security issues, for example, public threat intelligence databases for flagged IP addresses.
  8. Hacker Chatter: Analyzes multiple streams of underground hacker chatter through an automated collection and aggregation system.
  9. Information Leak: Identifies compromised credentials being circulated by hackers.
  10. Social Engineering: Determines the potential susceptibility of an organization to a targeted social engineering attack.

Look for Positive Trends in Security Scores

As you can see above, Axcient scored an A again in July 2023 and November 2023.  The most recent full-score comparison report shows Axcient was again A-rated. While a single score is good, what’s more important is to demonstrate a commitment to security over time.  Looking at a trend can give you confidence a company is maintaining basic good security “hygiene”, while also pursuing improvements in their security posture.  A single dip in scores in not necessarily cause for alarm, but several months of downward scores may be a yellow flag that prompts questions to the individual vendor.

In recent previous evaluations with SecurityScorecard, Axcient earned a 95, 96, 94, 85, 92 and a 94 rating. In our most recent risk assessment in November of 2023, our score was 94 – Axcient is consistently the highest scorer or shares the highest score with a single other competitive vendor participating in SecurityScorecard ratings at that time. In the chart below you can see how we compare to competitors in a recent July 2023 review.

Why Trust a SecurityScorecard Rating?

Just like Axcient relies on independent companies like SecurityScorecard to test our cybersecurity posture, SecurityScorecard also relies on third parties to prove their effectiveness in rating organizations. The Forrester New Wave™: Cybersecurity Risk Rating Platforms, Q1 2021 report recognized SecurityScorecard as a leader in cybersecurity risk ratings. They earned the highest rating possible, a differentiated rating, in the following evaluation criteria:

  1. Data accuracy
  2. Process transparency
  3. Dispute resolution
  4. Integration
  5. Breadth of use case
  6. Commercial strategy

Additionally, SecurityScorecard was named a 2021 Gartner Peer Insights Customers’ Choice for IT Vendor Risk Management (VRM) Tools. See all the SecurityScorecard awards and mentions by external parties to learn more about their standing in the cybersecurity industry.

Using Third-Party Ratings for Cybersecurity Confidence

These results aren’t just good news for Axcient; it’s a win for our MSP partners and their SMB clients. MSPs have a variety of choices when it comes to compiling a solutions stack, and it’s overwhelming to wade through the benefits of each. Axcient will continue to monitor our SecurtyScorecard rating and work to keep it among the best. We hope this rating and other third-party testing give you and your clients peace of mind. Utilize these scores with clients to emphasize your own commitment to cybersecurity by choosing the highest-rated vendor available. After all, how could you justify using anything else?

Learn more about how Axcient provides a security-first approach to business continuity and disaster recovery (BCDR) during Your Free 14-Day Trial! Then, compare our solutions to what you’re currently using – we think you will sleep better knowing your clients’ data is secure with Axcient.

Author


Related posts


8 Tips for Optimizing Your Disaster Recovery Strategy

If disaster strikes, how will your organization respond?

How well could you sleep with reliable cloud-based backups and recovery?

Take a deep dive into Axcient’s proprietary, automated security features to see how we’re ensuring uninterrupted business continuity — no matter what: