What is SecurityScorecard, and Why Should MSPs Care About Vendor Scores?
How does an MSP trust a solutions provider to do and provide the things they promise? Marketing buzzwords like ‘best-in-class,’ ‘leading,’ and everyone uses ‘industry-standard,’ so who actually stands out among the rest? Look for credible, independent experts to vet organizations on an even playing field to give MSPs unbiased insight into their products and claims. In recent SecurityScorecard evaluations, for example, Axcient earned consistently high cybersecurity ratings compared to competitors and average industry scores, and have scored as high as 98.
In this article:
- Understand the value of these scores.
- See how vendor scores compare in a snapshot in time.
- Keeping an eye on these scores can boost confidence in vendors’ commitment to cybersecurity.
What Do the Ratings Mean on a SecurityScorecard?
SecurityScorecard uses data from publicly available commercial and open-source feeds across the internet to get an “outside-in, hacker perspective of a company’s cybersecurity posture.” With over 1.5 million companies scored and counting, SecurityScorecard data is valid and reliable. A score is a moment-in-time capture of the security profile of a company.
The biggest takeaway for MSPs is, according to SecurityScorecard, companies with consistently better ratings are more resilient. For example, companies that receive a spectrum of ‘B’ ratings are 2.6x more likely to suffer a data breach versus those with a trendline of ‘A’ ratings, and companies with a ‘C’ rating trend are 4.3x more likely to get hit.
SecurityScorecard analyzes vendor data to discover 79 cybersecurity issue types that are topically organized into 10 risk factors. The security issues are measured by the assigned risk factor, severity-based weight, update cadence, and age out window to determine the end score. Multiple scores should be considered together to get a picture of a trendline of security performance.
Risk factors are defined by SecurityScorecard as follows:
- Network Security: Checks datasets for evidence of high risk or insecure open ports within the organization network.
- DNS Health: Measures the health and configuration of an organization’s DNS settings and validates that no malicious events occurred in the passive DNS history of the organization’s network.
- Patching Cadence: Analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.
- Endpoint Security: Tracks identification points extracted from metadata related to the operating system, web browser, and related active plugins.
- IP Reputation and Malware Exposure: Makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.
- Application Security: Uses incoming threat intelligence from known exploitable conditions identified via white hat CVE databases, blackhat exploit databases and sensitive findings indexed by major search engines.
- Cubit Score: Measures a variety of security issues, for example, public threat intelligence databases for flagged IP addresses.
- Hacker Chatter: Analyzes multiple streams of underground hacker chatter through an automated collection and aggregation system.
- Information Leak: Identifies compromised credentials being circulated by hackers.
- Social Engineering: Determines the potential susceptibility of an organization to a targeted social engineering attack.
July 12, 2021 Axcient moved up 5 points from a 91 to 96
March 3, 2022 Axcient moved up 2 points from 96 to 98
Look for Positive Trends in Security Scores
As you can see above, Axcient scored an A in March 2022. While a single score is good, what’s more important is to demonstrate a commitment to security over time. Looking at a trend can give you confidence a company is maintaining basic good security “hygiene”, while also pursuing improvements in their security posture. A single dip in scores in not necessarily cause for alarm, but several months of downward scores may be a yellow flag that prompts questions to the individual vendor.
In recent previous evaluations with SecurityScorecard, Axcient earned a 96, 94, 85, and a 92 rating. In our most recent risk assessment, we increased that score to a 98 – the highest score achieved by channel vendors participating in SecurityScorecard ratings at that time. In the chart above you can see how we compare to competitors in this recent review.
Why Trust a SecurityScorecard Rating?
Just like Axcient relies on independent companies like SecurityScorecard to test our cybersecurity posture, SecurityScorecard also relies on third parties to prove their effectiveness in rating organizations. The Forrester New Wave™: Cybersecurity Risk Rating Platforms, Q1 2021 report recognized SecurityScorecard as a leader in cybersecurity risk ratings. They earned the highest rating possible, a differentiated rating, in the following evaluation criteria:
- Data accuracy
- Process transparency
- Dispute resolution
- Breadth of use case
- Commercial strategy
Additionally, SecurityScorecard was named a 2021 Gartner Peer Insights Customers’ Choice for IT Vendor Risk Management (VRM) Tools. See all the SecurityScorecard awards and mentions by external parties to learn more about their standing in the cybersecurity industry.
Using Third-Party Ratings for Cybersecurity Confidence
These results aren’t just good news for Axcient; it’s a win for our MSP partners and their SMB clients. MSPs have a variety of choices when it comes to compiling a solutions stack, and it’s overwhelming to wade through the benefits of each. Axcient will continue to monitor our SecurtyScorecard rating and work to keep it among the best. We hope this rating and other third-party testing give you and your clients peace of mind. Utilize these scores with clients to emphasize your own commitment to cybersecurity by choosing the highest-rated vendor available. After all, how could you justify using anything else?
Learn more about how Axcient provides a security-first approach to business continuity and disaster recovery (BCDR) during Your Free 14-Day Trial! Then, compare our solutions to what you’re currently us
More Great Stuff From Our Blog:
Check out some other interesting pieces from our blog: MSP-friendly resources and tools to learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR., we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, and hear our CEO David Bennett explain why the current cybersecurity landscape means traditional backup is dead.
About the Author:
Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in behavioral and physical healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?