Example, Inc.

Cyber Risk Scorecard


Rating: Average

D
Safeguard
C
Privacy
B
Resiliency
B
Reputation

How to read this report?

This report evaluates the secuirty posture for 4 main categories namely Safeguard, Privacy, Resiliency & Reputation and 20 unique sub-categories. This data is compiled into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. Each category has summary or top riskiest assets and technical details along with mitigation, compliance, standards & regulation details can be found at the bottom of the each category and the Knowledge Base.



Safeguard
i
Digital Footprint
F
Patch Management
C
Application Security
C
Website Security
F
CDN Security
Privacy
D
Leaked Credentials
D
SSL/TLS Strength
C
Information Disclosure
C
Hacktivist Shares
C
Social Network
Resiliency
D
Attack Surface
B
DNS Health
B
Email Security
B
DDoS Resiliency
B
Network Security
Reputation
B
IP/Domain Reputation
D
Fraudulent Domains
B
Fraudulent Apps
A
Brand Monitoring
C
Web Ranking

The Methodology
Cyber Risk Scorecard uses Open Source Intelligence services to collect, analyze and report security related events and findings. Security companies and hackers are always scanning publicly accessible networks and share their data on the internet. This commonly referred to as Open-Source Intelligence (OSINT).

Following mindmap shows how hackers can leverage their attack vectors by using OSINT services like hacker forums, social networks, Google, leaked database dumps, paste sites or even legitimite security services like VirusTotal, Censys, Cymon, Google Safe Browsing etc.

Cyber Risk Score Map

NormShield Cyber Risk Scorecard is a service that reporta your business’s public access methods for possible security risks, such as known but unpatched vulnerabilities or open network ports. NormShield also scans social media, darkweb forums, and other sources of information leaks, looking for information about your company such as compromised passwords, emails, or network structure details, as well as other attack methods such as fake websites or programs masquerading as legitimate sites or products of your business.

This data is compiled by NormShield into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. NormShield does all of this without scanning or modifying any of the company’s business assets.

NormShield uses what is called open-source intelligence (OSINT) to gather information. Both hackers and legitimate security companies are continually publishing to, and scanning, social media websites and networks for information on vulnerabilities. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing. NormShield’s Passive Scorecard assesses an organization in these areas using the techniques described above.

To generate the scorecard, NormShield needs only the company domain. The asset discovery engine collects the related information from VirusTotal, PassiveTotal, web search engines and other Internet wide scanners. NormShield has one of the largest IP & Domain Whois databases which holds more than 1 billion historic items. The asset discovery engine searches the database in order to find all IP address ranges and domain names that belong to the company. The result of the asset discovery engine is the company assets, which is used as the input for passive vulnerability scanner, configuration scanner, threat intelligence agent and reputation engine.


Results from the public-facing assets

Digital Footprint
# of items
i
64395
Digital Footprint is determined by open ports, services and application banners. This information is gathered from NormShield Crawlers, Censys, Shodan, VirusTotal, Alexa etc..
DNS Health
Score # of findings
B
9
The DNS Health report is generated from 40+ control items which are collected from online services like IntoDNS, Robtex, Netcraft, and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker’s footprints from the DNS servers.
Patch Management
Score # of findings
F
457
Company asset system versions are collected from internet-wide scanners like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect and approximate any unmitigated known vulnerabilities.
Application Security
Score # of findings
C
1284
The contents of each web application are collected from various internet-wide scanners and are analyzed for application level weaknesses i.e. Cross Site Request Forgery, Cross Content Mixing, Plain Text Transmission of Sensitive Information etc. The results are also correlated with MITRE CWE database to detect the severity level of each finding.
SSL/TLS Strength
Score # of findings
D
596
SSL/TLS configurations and vulnerabilities are provided by several third-party online services. The results come from various online SSL grading services like Qualys SSL Labs scanner, HTBridge, Mozilla Website Observatory etc.
Email Security
Score # of findings
B
8
Potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, and SMTP 'Verify’ vulnerabilities are collected from the online services like MxToolbox and eMailSecurityGrader.
Website Security
Score # of findings
C
2
This is a special analysis of the company’s main website. The findings are collected from the SSL/TLS Strength, Patch Management, Application Security, Web Ranking and Brand Monitoring sub-categories.
Network Security
Score # of findings
B
4
This section analyzes the network level problems and detects any open critical ports, unprotected network devices, misconfigured firewalls, and service endpoints on public-facing assets.
Attack Surface
Score # of findings
D
1672
Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength, and any misconfigurations. This information is gathered from Censys and Shodan databases and service/application versions are correlated with other sub-categories' results.


Results from cyber (hacker sites, social media, etc.)

Leaked Credentials
Score # of findings
D
54
There are 5+ billion hacked emails and passwords available on the internet and underground forums. This section shows the leaked or hacked emails and passwords that were discovered.
Fraudulent Domains
Score # of findings
D
98
Fraudulent domains and subdomains are extracted from the domain registration database. The registered domains database holds more than 300M records.
Web Ranking
Score # of findings
C
2
Cisco, Alexa, and Majestic track web sites and rank them according to popularity, back-links, references, etc. This sub-category shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.
IP/Domain Reputation
Score # of findings
B
17
The asset reputation score is based on the number of IPs or domains are blacklisted or that are used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, etc.
Brand Monitoring
Score # of findings
A
1
Brand monitoring is a business analytics process concerned with monitoring various channels on the web or other media to gain insight about the company, brand, and anything explicitly connected to the company in cyberspace.
DDoS Resiliency
Score # of findings
B
9
This section shows the result of 15 different potential DDoS checks and detects any potential DrDoS amplification endpoints. The data is collected from non-intrusive scanners and other internet-wide scanners.
Information Disclosure
Score # of findings
C
7
Misconfigured services or other public assets may disclose local IPs, email addresses, version numbers, whois privacy records, and other sensitive information to the internet.
Social Network
Score # of findings
C
12
Hackers publicize their targets or victims on social network sites to motivate other hackers to attack the same target. The results are filtered from billions of pieces of social media content.
Fraudulent Apps
Score # of findings
A
6
Fraudulent or pirate mobile or desktop applications are used to hack or phish employee or customer data. Possible fraudulent or pirate mobile or desktop apps on Google Play, App Store and pirate app stores are provided.
Hacktivist Shares
Score # of findings
C
12
Hackers publicize their targets in underground forums or on the darkweb. NormShield collects information from hundreds of darkweb forums, criminal sites, and hacktivist sites and filters the results for information pertaining to the company.
CDN Security
Score # of findings
F
140
A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers across the Internet. Companies use a CDN for online libraries like JQuery. This section analyzes the CDN content to detect possible vulnerabilities.
Compliance
Score # of Regulations
i
7
Cybersecurity standards and regulations provide policy frameworks of computer security guidance for private and public-sector organizations . They provide a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes. Major regulations within this section include NIST 800-53, GDPR, ISO 27001, PCI-DSS, HIPAA, COBIT.


Scroll to top