#RSAC: Put Your Money Where Your Mouth Is

Posted by UpGuard

RSA Sponsors and Exhibitors CSTAR Roundup

RSA 2016 is underway with the tagline "Where The World Talks Security," but for the most part it’s just that—a lot of talk. Attendees, speakers and vendors have come from all over the world to share insight and new products with their security-minded peers, and there will certainly be a few novel takeaways as in years past, but who is serious about security and who is just putting on a show for potential clients and investors?

Enter UpGuard

A few miles down the road from the event here at UpGuard, we recently introduced a new Digital Reputation web scan tool. This scanner takes a look at the externally accessible footprint of a company and analyzes it for a number of factors such as basic web security, secure email communication, and even their CEO's favorability rating among employees. You can read more about its methodology here, but suffice it to say, all of these factors contribute in a non-trivial way toward the company's future risk of a data breach or other detrimental incident. Our Digital Reputation scores are given on a scale from 0 to 950 and can be thought of as similar to a credit score for web security. And to take the tool for a spin, we put the URLs of companies sponsoring and exhibiting at RSA through the ringer.

As anyone remotely involved in security can imagine, the externally accessible scores are just the tip of the iceberg and by no means a full evaluation of a company, but can still be a useful indicator of potential problems under the hood. We do provide an internal, comprehensive scan of devices and servers, but for the purposes of this piece we're focusing solely on the external Digital Reputation score.

External Scanning as the Canary in the Coal Mine

Does the following list suggest any given company can or cannot be trusted with customer data? Certainly not—this is by no means a declaration of their internal security practices. But by the same coin, many of these enhancements such as SSL or SPF are cheap and/or relatively easy to implement as well as highly visible to potential customers and partners, so it is not easily understood how so many of them managed to skip something so simple. Indeed, the lack of something so ubiquitous in 2016 as the SSL padlock can be particularly glaring to a potential customer.

Something we found interesting during this research is that there’s really no correlation between things such as market share, company size, and company value to their basic web security score. In fact, many of the worst performers are some of the largest, highest-valued companies while smaller and lesser known firms are often among the top scorers. This gives credence to the idea that basic web security across the board isn’t limited to those with a large budget or excess manpower—it’s either something companies care to do, or they don’t.

rsa2016distribution.png

CSTAR Score vs. Alexa Global RankCSTAR Score vs. Number of Employees

The following scores were calculated on February 26, 2016 and may change.

Sponsor/Exhibitor URL Reputation Score
5nine Software
314
Absolute
646
Acunetix
551
ADLINK Technology
409
Advantech
371
Agari
884
Akamai Technologies
884
AlgoSec
361
Allegro Software
646
Allot Communications
542
Alta Associates
361
American Portwell Technology Inc.
504
APCON
656
Appthority
732
Arbor Networks
399
Area 1 Security
836
Arellia
504
Arxan Technologies
646
Attivo Networks
694
Audit Square
789
Auth0
931
Avira Operations GmbH & Co. KG
361
Basis Technology
361
Bastille
741
Bay Dynamics Inc.
504
Behaviosec
504
BeyondTrust
741
Big Switch Networks
599
Bitdefender
456
BittWare
447
Bivio Networks
504
Bluecoat
694
BlueTalon
551
BluVector
836
Boldon James
456
Bricata
352
Brinqa
504
Bromium
779
Bundesdruckerei GmbH
789
Cambridge Intelligence
551
Capgemini
836
Carbon Black
836
Carr & Ferrell LLP
456
Centre for Secure Information Technologies
551
Centripetal Networks Inc.
551
Checkmarx
741
Cigital
884
Cisco
599
Clearswift
456
Cloud Security Alliance
779
CloudPassage
836
Cloudpath Networks
456
Colopoint GmbH
694
Comodo Group
846
Confer Technologies
694
CORE Security
551
CoSoSys
409
Covata
732
CrowdStrike
494
Cryptzone
741
Cybera
551
CYBERBIT
352
Cybereason
504
Cylance
836
Cyphort
551
CYREN
494
D3 Security
779
Damballa
684
Daon
304
DarkMatter
732
DataBlink Inc.
447
DataLocker Inc.
418
DB Networks
456
Dell Security
361
DHS/Cybersecurity & Communications
836
Dispersive Technologies
789
Distil Networks
599
Dome9 Security
694
Duo Security
836
Early Warning
409
eco
884
Egis Technology Inc.
314
EgoSecure
599
Elastica
836
Endgame
884
ENTERSEKT
741
eSentire Inc.
722
Exabeam
409
Executive Women's Forum
314
F5 Networks
694
Fastly Inc.
884
Federal Reserve Bank of San Francisco
551
Fidelis Cybersecurity
646
FireEye
836
Fireglass
646
Flexera Software
456
Flowmon Networks
589
Forcepoint
884
ForeScout Technologies
741
Fox-IT
551
Garner Products
494
GB&Smith
551
Geninetworks
504
German Pavilion / TeleTrusT
352
Global Learning Systems
399
GlobalSCAPE
836
GlobalSign
846
Great Bay Software
456
GreeNet
409
GuruCul
456
Happiest Minds Technologies
551
Heat Software
694
Hexadite Inc.
551
Hexis Cyber Solutions
741
HID Global
447
Hitachi ID Systems
694
Hobsoft
257
Huawei Technologies Co. Ltd.
409
Hypori Inc.
551
IAPP
884
IBM Corporation
542
Idappcom Ltd.
361
IDenticard
551
Identity Finder
504
IEEE Computer Society
361
Illumio
836
Illusive Networks
551
Infoblox
836
InfoGard
409
INSIDE Secure
456
Intel Security
456
IntelliGo Networks LLC
361
Interface Masters Technologies
409
International Systems Security Association
314
Interrmedia.net Inc.
836
Invincea
836
Invotas International
456
ISACA
637
iSIGHT Partners
551
IXIA
599
Jiransoft
361
Juniper Networks
504
Kaspersky Lab
599
KOTRA
314
L.J. Kushner & Associates LLC
409
LANDESK
219
Lastline
637
LastPass Enterprise
760
Level 3 Communications
276
Lieberman Software
456
LightCyber
494
Linoma Software
304
Lockheed Martin
361
LogRhythm
789
Luxar Tech
409
Malwarebytes
836
Manage Engine
884
ManagedMethods
504
Menlo Security
836
Messageware
466
MetricStream
475
Microsoft
361
MobileIron
551
Napatech
551
National Security Agency
646
Negev Telcom
361
Netronome
304
Netsparker
884
Neustar
751
Nexcom
409
Norse
504
NRI SecureTechnologies
456
Ntrepid
551
NXP Semiconductors
361
OASIS
694
ObserveIT
504
Office of the Comptroller of the Currency
380
Okta
884
OneLogin
884
Onspring
646
OpenDNS
836
Optiv
589
Palamida Inc
361
Palo Alto Networks
741
Peach Fuzzer
551
Penn State Univerisity
504
PFP Cybersecurity
409
Phantom
789
PhishLabs
732
Pindrop
836
PivotPoint
551
Plixer
779
Pradeo
456
Prelert
551
Prevalent Inc.
456
Prevoty
694
PrimeKey Solutions
646
Prosoft Systems Intl.
409
ProtectWise
684
Protiviti
456
Pwnie Express
836
Qosmos
314
QuintessenceLabs
504
Radiant Logic Inc.
361
Radware
418
Raytheon Foreground Security
409
Red Hat
504
RedVector
741
Reservoir Labs
646
Return Path
789
RiskSense
789
Rogue Wave Software
352
Rohde & Schwarz
694
Rook Security
779
RSA
836
Safe-T
542
SailPoint Technologies
646
SANS Institute
551
SAP SE
456
SAVIYNT
456
SecuGen Corp.
551
SecureAuth
770
SecureLink Inc.
789
SecureNinja
694
SecurEnvoy
646
Security Compass
551
Security First Corp.
789
Security Mentor
551
Securonix
361
SecuTech Solutions
884
SentinelOne
836
ServiceNow
551
Shavlik
219
Siemplify
456
Silobreaker
551
Skybox Security
789
Skycure
836
Software Engineering Institute, CMU
361
Soha Systems Inc.
304
Solarflare
399
SONATYPE
599
Sophos
741
SOTI
551
Sparkle Power
551
Spirent
314
Splunk
456
SS8
836
Surevine
884
Swivel Secure
361
Symantec
836
Syncplicity
779
SynerComm
741
Synopsys
456
TaaSera
789
TeachPrivacy
646
Telecom Brokers
494
TeleSign Corporation
551
Tenable Network Security
504
Terranova WW Corporation
646
Thales
656
The Media Trust
836
The Open Group
504
ThreatQuotient
646
ThreatSTOP
504
Thycotic
694
TICTO
409
Titania
409
TITUS
466
TrapX Security
447
Trend Micro
599
Tripwire
542
Tufin
475
TUViT
646
tyntec
523
UNICOM Engineering
314
University of Maryland University College
504
Untangle
456
Utimaco Inc.
789
Varonis Systems
789
Veracode
456
Verint
456
Verisign
523
ViaSat Inc.
836
Votiro
504
VSS Monitoring
361
Vysk Communications
646
Watchful Software
646
WEBROOT
447
Wheel Systems
504
WhiteSource
409
WireX
456
Wombat Security
646
Zenedge Inc.
884
Zentera Systems
504
ZeroFOX
494
Ziften
741
Zimperium
694
Zix Corporation
789
Zscaler
741

Give the tool a shot for yourself and check out some of the sites you frequent. (We keep surprising ourselves with what we find.)

See your website's faults before your competitors

  New Call-to-action

Topics: webscan, RSA

UpGuard Customers