NormShield's Cyber Risk Scorecard analyzes your security posture using externally accessible data that does not require permission to acquire. It enables you to measure the risk level of a company and prioritizes the data it generates into an actionable, letter-grade, and color-coded report.
UpGuard takes a combined approach using security ratings and risk assessments to provide a holistic overview of an organization's security risk. As you know, it's hard to get time-poor vendors to complete a questionnaire, but when they do, they provide valuable information that security ratings alone cannot. Namely, internal security issues and controls.
With that said, questionnaires are often subjective and rendered inaccurate over time as new security issues emerge. That's why UpGuard uses security ratings too.
Security ratings provide a data-driven, instantaneous, and always up-to-date measurement of an organization's external security posture. Together, risk assessments and security ratings offer an excellent overview of an organization's internal and external security performance.
According to Gartner, cybersecurity ratings will become as important as credit ratings when assessing the risk of existing and new business relationships…these services will become a precondition for business relationships and part of the standard of due care for providers and procurers of services. Additionally, the services will have expanded their scope to assess other areas, such as cyber insurance, due diligence for M&A, and even as a raw metric for internal security programs.
And Forrester expects cybersecurity ratings to become a de facto standard in the boardroom by 2025. Investors and traditional debt ratings agencies will include cybersecurity as a risk factor for rating the ability to repay company debt (influenced in part by the cybersecurity ratings market).
Read our full guide on security ratings to understand all their use cases.
- NormShield: Provides a risk rating from A to F, like a report card.
- UpGuard: Provides a FICO-like score between 0 and 950 along with the following letter grades, A: 801-950, B: 601-800, C: 401-600, D: 201-400, F: 0-200. You can request your free security rating by clicking here.
Risk assessment methodology
Each service relies on a different risk assessment methodology to assess the potential risk of an IT vendor.
NormShield bases its Cyber Risk ratings on ten risk categories and 250+ control items. It gathers data through open-source intelligence tools and techniques hackers use like data collectors, crawlers, honeypot, as well as continuous scanning of databases, reputation sites, cyber events, hacker shares, and public vulnerability databases like CVE.
At UpGuard, we agree that the standardization of security assessment practices against recognized security frameworks is a good thing. It helps remove bias, save money, and increase trust in the supply chain.
But we take it one step further than NormShield by making it easy for our customers to publish completed security assessments, supporting documentation, and their security rating to the UpGuard Security Profile.
Additionally, we also provide real-time critical risk monitoring capabilities, data leak detection, leaked credential detection, integrated vendor processes, and accessibility to provide businesses with a complete solution.
- NormShield: Based on ten risk categories and 250+ control items
- UpGuard: Augments point-in-time risk assessments with security ratings to ensure information is always up-to-date. Our security ratings algorithm runs hundreds of individual checks including email security and email spoofing risks (SPF, DKIM, and DMARC), website network security (SSL, HSTS, header exposure), phishing and malware risk, explicit checks for 200 services across thousands of ports (mail, app, user auth, file sharing, voice, administration, database, unidentified, and open ports), domain hijacking risk (DNSSEC and domain registry issues), reputational risks (CEO rating and employee rating), credential management (exposure to known data breaches and data leaks detected by our data leak detection engine). We give each identified issue a risk prioritization category, so you know what represents the highest risk.
As you know, even small vendors can lead to large data breaches, e.g., the HVAC vendor that eventually led to Target's exposure of credit card and personal data on more than 110 million consumers.
Not every solution provides the same level of coverage. If your organization employs small specialist vendors, make sure the solution covers them. As you know, any vendor that handles sensitive data is a potential risk that you must monitor continuously.
- NormShield: Unknown
- UpGuard: 2,000,000 organizations scanned daily, and customers can automatically add new vendors