OneTrust Third-Party Risk Exchange Now Provides SecurityScorecard Cybersecurity Rating

The increase in third-party related security attacks has been felt acutely by organizations globally. Each third party creates additional vulnerabilities by expanding the number of entry points into an organization.   

To help organizations handle these cyber concerns, OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings on thousands of third parties to provide greater insight into their cyber risk posture. The new out-of-the-box Cybersecurity Ratings are in addition to the existing integration, which enables OneTrust customers to automatically take action when a third party’s score changes. 

What is the SecurityScorecard Cybersecurity Rating?       

SecurityScorecard is a global leader in cybersecurity ratings, used by thousands of organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting. All of this leads to a solution that encourages cyber resilience in the face of an ever-growing threat landscape.   

The company’s Cybersecurity Rating uses an objective rating system through dynamic assessments, doling out grades from A to F based on a business’s cyber security posture. That score can then be used as a baseline for other companies to make informed decisions about your organization’s risk management and cyber standing.      

That score comes from an evaluation of 10 criteria, including:   

Network Security
The Network Security module checks public datasets for evidence of high risk or insecure open ports within the organization network   

DNS Health  
The DNS Health module measures the health and configuration of an organization’s DNS settings. It validates that no malicious events occurred in the passive DNS history of the organization’s network.  
 
Patching Cadence  
The Patching Cadence module analyzes how quickly an organization installs security updates to measure vulnerability risk mitigation practices.  
 
Endpoint Security   
The Endpoint Security module tracks identification points that are extracted from metadata related to the operating system, web browser, and related active plugins.  
 
IP Reputation  
The IP Reputation and Malware Exposure module makes use of the SecurityScorecard sinkhole infrastructure as well as a blend of OSINT malware feeds and third-party threat intelligence data-sharing partnerships.  
 
Application Security  
The Application Security module uses incoming threat intelligence from known exploitable conditions identified via: whitehat CVE databases, blackhat exploit databases, and sensitive findings indexed by major search engines.  
 
Cubit Score   
The Cubit Score module measures a variety of security issues that an organization might have. For example, we check public threat intelligence databases for IP addresses that have been flagged.  
 
Hacker Chatter  
The Hacker Chatter module is an automated collection and aggregation system for the analysis of multiple streams of underground hacker chatter.  
 
Information Leak  
This Information Leak module makes use of chatter monitoring and deep web monitoring capabilities to identify compromised credentials being circulated by hackers.  
 
Social Engineering  
The Social Engineering Module is used to determine the potential susceptibility of an organization to a targeted social engineering attack.  

What is the OneTrust Third-Party Risk Exchange? 

The OneTrust Third-Party Risk Exchange is a collaboration and information sharing platform that brings businesses and their third parties together into a single community to share  information and build mutual trust. Thousands of organizations and their third parties participate in the Exchange to collectively centralize and share critical information about their security, privacy, ethics and compliance, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties.   

The Exchange streamlines vendor risk assessments by giving third parties the ability to share assessment answers with the click of a button. Meanwhile, assessment requesters can view the results via the Exchange, which are automatically analyzed to generate risk analytics and control gap reports.  

Additionally, third parties that join the Exchange get access to valuable capabilities, including the ability to build and share their free Trust Profile, a shareable profile that third parties use to aggregate key information about their security, privacy, ethics, and ESG programs. Third parties also have the ability to create a library of assessment answers and use that information to autocomplete any new ones they receive.

SecurityScorecard is a Silver Sponsor at TrustWeek from May 23-26. As a result of the partnership, all OneTrust members can take advantage of a complimentary SecurityScorecard Enterprise License that enables you to monitor your organization as well as up to five vendors.

Learn more about the OneTrust Third-Party Risk Exchange and the partnership with SecurityScorecard by requesting a demo here.