Cybersecurity Scorecard: Help Businesses Stay Safe

by

October 25, 2018

There’s a litany of things a business owner has to be concerned with. There’s so much to deal with on a daily basis that certain things can get overlooked.

One of those things is cybersecurity. We spoken a bit about how important it is to discuss cybersecurity matters at the executive level and why it may be necessary to hire an outside cybersecurity expert (like a Managed Cybersecurity Services Provider).

Both of those things might seem pretty daunting and not all that easy to accomplish. Especially if you’re up to your neck with other tasks. You might even be saying you don’t even know where you’d start to investigate your current cybersecurity posture.

Truth be told, it’s not as difficult as you think. That’s why we’re offering you a FREE cybersecurity risk scorecard. We think it’s a great place to start when considering your businesses’ overall cybersecurity health and well being.

The Cybersecurity Risk Scorecard uses open source intelligence (meaning non-invasive) means to investigate your cybersecurity posture. The scorecard helps breakdown complex information and makes it easy to understand and ready for consumption at the executive level.

What’s Included:

  • Patch Management
    Details are collected in relation to system version numbers. The scan leverages software from internet-wide vendors. like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are then correlated with NIST
  • Email Security
    Vulnerabilities are collected relating to potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, SMTP ‘Verify’ vulnerabilities and more.
  • DNS Health
    We generate DNS health report from 40+ control items which are collected from online services like IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker footprints from the DNS servers.
  • Leaked Credentials
    There are more than 5 billion hacked email / password available on the internet and underground forums. This section shows the leaked or hacked emails & passwords.
  • IP/Domain Reputation
    Asset reputation score is based on the number of IPs or domains are blacklisted or they are used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, etc.
  • Fraudulent Domains
    Fraudulent Domains and subdomains are extracted from the domain registration database. The registered domains database holds more than 300M records.
  • Attack Surface
    Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength and any misconfigurations. This information is gathered from Censys & Shodan database and service / application versions are correlated with Passive Vulnerability
  • Digital Footprint
    Digital Footprint is determined by open ports, services and application banners. This information is gathered from NormShield crawlers, Censys, VirusTotal, Robtext, Alexa, Shodan etc.
  • Web Ranking
    Cisco, Alexa and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
  • Exposure Monitoring
    Company employees may disclose Local IPs, email addresses, version numbers, whois privacy records or even misconfigure a service in a way that it may expose sensitive information to the internet.
  • Brand Monitoring
    Brand monitoring is a business analytics process concerned with monitoring various channels on the web or media in order to gain insight about the company, brand, and anything explicitly connected to the cyber space.

Interested in finding out more? Register today for our FREE Cybersecurity Risk Scorecard. You won’t regret it.

{{cta(‘28930af3-48ef-45de-9a14-9a33518ebcf2′,’justifycenter’)}}

 

Carl Keyser is the Content Manager at Integris.

Keep reading

How Microsoft 365 management is a game-changer for law firms

How Microsoft 365 management is a game-changer for law firms

Law firms are investing in technologies for operational efficiency and to become more competitive in a crowded market. Increasingly, managed service providers (MSPs) are helping law firms with Microsoft 365 management so that law firms can operate more efficiently and...

Anchor Links Test

This is a test of using anchor links to form a TOC. Table of Contents: Header One Header Two Proin finibus euismod maximus. Vivamus non volutpat nisi. Nullam ac porta diam. Nullam id tortor a ante mattis elementum. Integer vel lorem id velit pharetra venenatis a ut...

Is DeepSeek Safe for My Company’s Systems?

Is DeepSeek Safe for My Company’s Systems?

China’s new DeepSeek AI engine Has Ushered in a New Era of Fast-Turn, Low-Cost AI Tools. But Are the Risks Worth the Rewards for US Companies? Key Takeaways: China's DeepSeek has been hailed as the nimble new competitor to US large language AI models—an alternative...