6 Top Security Rating Solutions

Corporate SecurityInformation Security

Become a Media Sonar Insider

.
First Name *
Last Name *
Email *
*
*Required Fields

Organizations are under relentless pressure to fortify their security postures. Amid this ceaseless battle, security rating tools and services have emerged.

In our previous article, “Security Ratings: Do They Matter?”, we dove into how security ratings are calculated, their applications, and whether organizations should harness their power.

In this article, we will provide a snapshot of the security rating solution landscape and identify top contenders in the field. We will provide an overview of each vendor’s solution and explore real-world insights by drawing from Gartner Peer Insights, a reputable source of user-generated reviews and insights. 

** The ratings from Gartner Peer Insights were accessed in September 2023. The list we provide below is in no particular order.

1. SecurityScorecard

Location: New York, New York, United Statessecurity scorecard ratings

Year Founded: 2013

Mission

Security Scorecard’s mission is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risks to their boards, employees, and vendors.

Solution Overview

SecurityScorecard helps organizations instantly rate, understand, and continuously monitor the security posture of any company worldwide. The solution assigns A-F ratings using data collected on millions of organizations across ten risk factors such as network security, IP reputation, hacker chatter, and DNS health. They offer automated and customized remediation plans to address key vulnerabilities. 

security scorecard security ratings
Source: Security Scorecard

Gartner Peer Insight Rating

  • security scorecard reviews4.4/5 (237 reviews) 

  • Where they rated higher

      • Security Scorecard rated the highest among the other options mentioned on this list for ease of “Deployment” (4.8/5). They also rated among the highest for “Timeliness of Vendor Response” (4.7/5) and “Quality of Technical Support” (4.7/5). 
  • Where they rated lower

    • Security Scorecard rated among the lowest for “Configurability” (4.1/5) and “Remediation and Exception Management” (4.1/5). 

2. Panorays

Location: New York, New York, United Statessecurity scorecard ratings

Year Founded: 2016

Mission

Panorays is dedicated to eliminating third-party security risks so that companies worldwide can quickly and securely do business together. 

Solution Overview

Panorays gives organizations a bottom-line rating of their supplier’s cyber risk. They combine automated security questionnaires calculated based on your third party’s responses with external cyber posture assessments based on tests that evaluate a vendor’s attack surface across three different layers:

  • Network & IT: web, e-mail and DNS servers, TLS protocols, asset reputation, cloud solutions and other exposed services.
  • Application: web applications, CMS, domain attacks, etc.
  • Human: employees’ attack surface, social posture, presence of a dedicated security team, etc.
panorays security ratings
Source: Panorays

Gartner Peer Insight Rating

  • panorays security rating reviews4.5/5 (58 reviews) 

  • Where they rated higher

      • Panorays rated the highest for “Ease of Integration using Standard APIs and Tools” (4.7/5) and “Quality of Peer User Community” (4.5/5). 
  • Where they rated lower

    • A few areas where Panorays fell short of the other options on this list are “Availability of 3rd-Party Resources” (4.3 /5) and “Usability and Access” (4.3 5). 

3. BitSight

Location: Boston, Massachusetts, United Statesbitsight security ratings

Year Founded: 2011

Mission

BitSight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties.

Solution Overview

BitSight is committed to creating measurements of organizational cybersecurity performance to help companies add vendors without worrying about expanding their attack surface. BitSight leverages externally observable data from over 100 sources and then maps this data to individual organizations. They assign a score ranging in value from 250 to 900, with a higher rating equaling better cybersecurity performance. They offer program support to identify and remediate risk, implement business-driven security controls, prioritize security investments, and facilitate decision-making. 

bit sight security rating solution
Source: BitSight

Gartner Peer Insight Rating

  • BitSight security ratings reviews4.5/5 (249 reviews) 

  • Where they rated higher

      • BitSight received the highest ratings for “History and Reporting” (4.5/5) and “Timeliness of Vendor Response” (4.7/5). 
  • Where they rated lower

    • BitSight rated the lowest for “Pricing Flexibility” (4.2/5) and “Remediation and Exception Management” (4.2/5)

4. Upguardupguard security ratings

Location: Mountain View, California, United States

Year Founded: 2012

Mission

UpGuard helps businesses manage cybersecurity risk. UpGuard’s integrated risk platform combines third-party security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a complete and comprehensive view of their risk surface.

Solution Overview

UpGuard’s proprietary scanning infrastructure monitors and collects billions of data points daily, focusing on non-invasive, passive data collection. There are six categories in the current evaluation system: Network Security, Phishing and Malware, Email Security, Brand and Reputation, Website Security, and Questionnaire Risk. Each category is associated with various checks that carry fixed weights. The checks are then fed into their rating algorithm to produce a security rating out of 950. Organizations start with a rating of 950 and have points subtracted for each check they fail. The number of points deducted is based on the severity and weight of the underlying risk.

upguard security rating criteria
Source: UpGuard.com

Gartner Peer Insight Rating

  • upguard security rating reviews4.4/5 (153 reviews) 

  • Where they rated higher

      • UpGuard rated the highest for “Access and User Controls” (4.6/5) and “Quality of End-User Training” (4.5/5). 
  • Where they rated lower

    • UpGuard did not receive the lowest rating in any of the categories. The areas where they rated on the lower end were “Workflows and Collaboration” (4.3/5) and “Connectors and Integration” (4.2/5). 

5. Black Kite

Location: Boston, Massachusetts, United Statesblack kite security ratings

Year Founded: 2016

Mission

Black Kite’s mission is to provide business and security professionals with a complete and true understanding of their cyber ecosystem risk.

Solution Overview

Black Kite’s solution allows organizations to scan the cyber risk posture of any of their vendors at any given time. Their assessments are based on 20 risk categories from a cyber, compliance, and financial perspective. Rather than using intrusive vulnerability scanners, their solution performs non-intrusive scans that never touch an organization’s systems or network assets. Black Kite analyzes and consolidates data from 400+ open-source intelligence (OSINT) sources into a Strategy Report. This report assigns a letter-grade rating, highlights each vendor’s current posture, creates an automated remediation plan for the vendors, and converts technical data into business concepts. 

black kite security rating solution
Source: Black Kite

Gartner Peer Insight Rating

  • 4.7/5 (79 reviews) black kite security ratings reviews

  • Where they rated higher

      • Black Kite received the highest overall rating compared to the other options on this list. They received the highest rating in several categories including “Quality of Technical Support” (4.8/5), “Assess/Validate/Monitor Controls” (4.7/5), and “Ability to Understand Needs” (4.7/5). 
  • Where they rated lower

    • Black Kite received the lowest rating for “Quality of Peer User Community” (4.3 5) and was among the lowest for “History” (4.4/5).

6. Risk Recon

Location: Salt Lake City, Utah, United States

Year Founded: 2013

Mission

To make the Internet more secure by delivering a trusted and transparent view into enterprise security programs that will prompt all organizations to adhere to security best practices.

Solution Overview

RiskRecon provides comprehensive vendor security monitoring, helping organizations select vendors that align with their risk interests and policies. They continuously monitor the cybersecurity risk performance of tens of thousands of organizations through OSINT assessment techniques. Their assessments span 9 security domains built on 40+ criteria, and risks are prioritized based on severity and asset value. RiskRecon rates cybersecurity risk performance on a scale of 0.0-10 (10 being the best) with an accompanied A – F grade. RiskRecon creates a summary highlighting areas of strength, areas of weakness, and related issues that expose the organization to the greatest risk. 

risk recon security rating solution
Source: Risk Recon

Gartner Peer Insight Rating

  • 4.4/5 (52 reviews) 

  • Where they rated higher

    • Risk Recon rated the highest for “Exception Management” (5/5) and “History” (5/5). 
  • Where they rated lower

    • Risk Recon received one of the lowest overall ratings among the options on this list. The areas where they were rated the lowest were “Access and User Controls” (3.5/5), “Configurability” (3.5/5), and “Quality of End-User Training” (4.3/5). 

Determining the best security rating solution for your organization 

When considering the adoption of security rating solutions, there is no one-size-fits-all solution. Organizations looking to leverage security ratings should start by identifying the overall business problem they are trying to solve and why they are looking to incorporate security ratings in the first place. Once this is determined, it will make evaluating the solution’s capabilities easier and help organizations select the best solution to achieve their desired business outcomes.

Leverage Our Expertise

Media Sonar Digital Risk Assessments provide organizations with an analyst-generated summary of identified risks and exposures.

Join Our Newsletter


Become a Media Sonar Insider

.
First Name *
Last Name *
Email *
*
*Required Fields

More Content

Digital Risk Assessments

Take Action Against Digital Footprint Risks

Follow Us On LinkedIn