UpGuard Blog

#RSAC: Put Your Money Where Your Mouth Is

Written by UpGuard | Mar 2, 2016 8:25:28 PM

RSA 2016 is underway with the tagline "Where The World Talks Security," but for the most part it’s just that—a lot of talk. Attendees, speakers and vendors have come from all over the world to share insight and new products with their security-minded peers, and there will certainly be a few novel takeaways as in years past, but who is serious about security and who is just putting on a show for potential clients and investors?

Enter UpGuard

A few miles down the road from the event here at UpGuard, we recently introduced a new Digital Reputation web scan tool. This scanner takes a look at the externally accessible footprint of a company and analyzes it for a number of factors such as basic web security, secure email communication, and even their CEO's favorability rating among employees. You can read more about its methodology here, but suffice it to say, all of these factors contribute in a non-trivial way toward the company's future risk of a data breach or other detrimental incident. Our Digital Reputation scores are given on a scale from 0 to 950 and can be thought of as similar to a credit score for web security. And to take the tool for a spin, we put the URLs of companies sponsoring and exhibiting at RSA through the ringer.

As anyone remotely involved in security can imagine, the externally accessible scores are just the tip of the iceberg and by no means a full evaluation of a company, but can still be a useful indicator of potential problems under the hood. We do provide an internal, comprehensive scan of devices and servers, but for the purposes of this piece we're focusing solely on the external Digital Reputation score.

External Scanning as the Canary in the Coal Mine

Does the following list suggest any given company can or cannot be trusted with customer data? Certainly not—this is by no means a declaration of their internal security practices. But by the same coin, many of these enhancements such as SSL or SPF are cheap and/or relatively easy to implement as well as highly visible to potential customers and partners, so it is not easily understood how so many of them managed to skip something so simple. Indeed, the lack of something so ubiquitous in 2016 as the SSL padlock can be particularly glaring to a potential customer.

Something we found interesting during this research is that there’s really no correlation between things such as market share, company size, and company value to their basic web security score. In fact, many of the worst performers are some of the largest, highest-valued companies while smaller and lesser known firms are often among the top scorers. This gives credence to the idea that basic web security across the board isn’t limited to those with a large budget or excess manpower—it’s either something companies care to do, or they don’t.

The following scores were calculated on February 26, 2016 and may change.

Sponsor/Exhibitor URL Reputation Score
5nine Software 314
Absolute 646
Acunetix 551
ADLINK Technology 409
Advantech 371
Agari 884
Akamai Technologies 884
AlgoSec 361
Allegro Software 646
Allot Communications 542
Alta Associates 361
American Portwell Technology Inc. 504
APCON 656
Appthority 732
Arbor Networks 399
Area 1 Security 836
Arellia 504
Arxan Technologies 646
Attivo Networks 694
Audit Square 789
Auth0 931
Avira Operations GmbH & Co. KG 361
Basis Technology 361
Bastille 741
Bay Dynamics Inc. 504
Behaviosec 504
BeyondTrust 741
Big Switch Networks 599
Bitdefender 456
BittWare 447
Bivio Networks 504
Bluecoat 694
BlueTalon 551
BluVector 836
Boldon James 456
Bricata 352
Brinqa 504
Bromium 779
Bundesdruckerei GmbH 789
Cambridge Intelligence 551
Capgemini 836
Carbon Black 836
Carr & Ferrell LLP 456
Centre for Secure Information Technologies 551
Centripetal Networks Inc. 551
Checkmarx 741
Cigital 884
Cisco 599
Clearswift 456
Cloud Security Alliance 779
CloudPassage 836
Cloudpath Networks 456
Colopoint GmbH 694
Comodo Group 846
Confer Technologies 694
CORE Security 551
CoSoSys 409
Covata 732
CrowdStrike 494
Cryptzone 741
Cybera 551
CYBERBIT 352
Cybereason 504
Cylance 836
Cyphort 551
CYREN 494
D3 Security 779
Damballa 684
Daon 304
DarkMatter 732
DataBlink Inc. 447
DataLocker Inc. 418
DB Networks 456
Dell Security 361
DHS/Cybersecurity & Communications 836
Dispersive Technologies 789
Distil Networks 599
Dome9 Security 694
Duo Security 836
Early Warning 409
eco 884
Egis Technology Inc. 314
EgoSecure 599
Elastica 836
Endgame 884
ENTERSEKT 741
eSentire Inc. 722
Exabeam 409
Executive Women's Forum 314
F5 Networks 694
Fastly Inc. 884
Federal Reserve Bank of San Francisco 551
Fidelis Cybersecurity 646
FireEye 836
Fireglass 646
Flexera Software 456
Flowmon Networks 589
Forcepoint 884
ForeScout Technologies 741
Fox-IT 551
Garner Products 494
GB&Smith 551
Geninetworks 504
German Pavilion / TeleTrusT 352
Global Learning Systems 399
GlobalSCAPE 836
GlobalSign 846
Great Bay Software 456
GreeNet 409
GuruCul 456
Happiest Minds Technologies 551
Heat Software 694
Hexadite Inc. 551
Hexis Cyber Solutions 741
HID Global 447
Hitachi ID Systems 694
Hobsoft 257
Huawei Technologies Co. Ltd. 409
Hypori Inc. 551
IAPP 884
IBM Corporation 542
Idappcom Ltd. 361
IDenticard 551
Identity Finder 504
IEEE Computer Society 361
Illumio 836
Illusive Networks 551
Infoblox 836
InfoGard 409
INSIDE Secure 456
Intel Security 456
IntelliGo Networks LLC 361
Interface Masters Technologies 409
International Systems Security Association 314
Interrmedia.net Inc. 836
Invincea 836
Invotas International 456
ISACA 637
iSIGHT Partners 551
IXIA 599
Jiransoft 361
Juniper Networks 504
Kaspersky Lab 599
KOTRA 314
L.J. Kushner & Associates LLC 409
LANDESK 219
Lastline 637
LastPass Enterprise 760
Level 3 Communications 276
Lieberman Software 456
LightCyber 494
Linoma Software 304
Lockheed Martin 361
LogRhythm 789
Luxar Tech 409
Malwarebytes 836
Manage Engine 884
ManagedMethods 504
Menlo Security 836
Messageware 466
MetricStream 475
Microsoft 361
MobileIron 551
Napatech 551
National Security Agency 646
Negev Telcom 361
Netronome 304
Netsparker 884
Neustar 751
Nexcom 409
Norse 504
NRI SecureTechnologies 456
Ntrepid 551
NXP Semiconductors 361
OASIS 694
ObserveIT 504
Office of the Comptroller of the Currency 380
Okta 884
OneLogin 884
Onspring 646
OpenDNS 836
Optiv 589
Palamida Inc 361
Palo Alto Networks 741
Peach Fuzzer 551
Penn State Univerisity 504
PFP Cybersecurity 409
Phantom 789
PhishLabs 732
Pindrop 836
PivotPoint 551
Plixer 779
Pradeo 456
Prelert 551
Prevalent Inc. 456
Prevoty 694
PrimeKey Solutions 646
Prosoft Systems Intl. 409
ProtectWise 684
Protiviti 456
Pwnie Express 836
Qosmos 314
QuintessenceLabs 504
Radiant Logic Inc. 361
Radware 418
Raytheon Foreground Security 409
Red Hat 504
RedVector 741
Reservoir Labs 646
Return Path 789
RiskSense 789
Rogue Wave Software 352
Rohde & Schwarz 694
Rook Security 779
RSA 836
Safe-T 542
SailPoint Technologies 646
SANS Institute 551
SAP SE 456
SAVIYNT 456
SecuGen Corp. 551
SecureAuth 770
SecureLink Inc. 789
SecureNinja 694
SecurEnvoy 646
Security Compass 551
Security First Corp. 789
Security Mentor 551
Securonix 361
SecuTech Solutions 884
SentinelOne 836
ServiceNow 551
Shavlik 219
Siemplify 456
Silobreaker 551
Skybox Security 789
Skycure 836
Software Engineering Institute, CMU 361
Soha Systems Inc. 304
Solarflare 399
SONATYPE 599
Sophos 741
SOTI 551
Sparkle Power 551
Spirent 314
Splunk 456
SS8 836
Surevine 884
Swivel Secure 361
Symantec 836
Syncplicity 779
SynerComm 741
Synopsys 456
TaaSera 789
TeachPrivacy 646
Telecom Brokers 494
TeleSign Corporation 551
Tenable Network Security 504
Terranova WW Corporation 646
Thales 656
The Media Trust 836
The Open Group 504
ThreatQuotient 646
ThreatSTOP 504
Thycotic 694
TICTO 409
Titania 409
TITUS 466
TrapX Security 447
Trend Micro 599
Tripwire 542
Tufin 475
TUViT 646
tyntec 523
UNICOM Engineering 314
University of Maryland University College 504
Untangle 456
Utimaco Inc. 789
Varonis Systems 789
Veracode 456
Verint 456
Verisign 523
ViaSat Inc. 836
Votiro 504
VSS Monitoring 361
Vysk Communications 646
Watchful Software 646
WEBROOT 447
Wheel Systems 504
WhiteSource 409
WireX 456
Wombat Security 646
Zenedge Inc. 884
Zentera Systems 504
ZeroFOX 494
Ziften 741
Zimperium 694
Zix Corporation 789
Zscaler 741

Give the tool a shot for yourself and check out some of the sites you frequent. (We keep surprising ourselves with what we find.)