Organizations are under relentless pressure to fortify their security postures. Amid this ceaseless battle, security rating tools and services have emerged.
In our previous article, “Security Ratings: Do They Matter?”, we dove into how security ratings are calculated, their applications, and whether organizations should harness their power.
In this article, we will provide a snapshot of the security rating solution landscape and identify top contenders in the field. We will provide an overview of each vendor’s solution and explore real-world insights by drawing from Gartner Peer Insights, a reputable source of user-generated reviews and insights.
** The ratings from Gartner Peer Insights were accessed in September 2023. The list we provide below is in no particular order.
1. SecurityScorecard
Location: New York, New York, United States
Year Founded: 2013
Mission
Security Scorecard’s mission is to make the world a safer place by transforming the way organizations understand, mitigate, and communicate cybersecurity risks to their boards, employees, and vendors.
Solution Overview
SecurityScorecard helps organizations instantly rate, understand, and continuously monitor the security posture of any company worldwide. The solution assigns A-F ratings using data collected on millions of organizations across ten risk factors such as network security, IP reputation, hacker chatter, and DNS health. They offer automated and customized remediation plans to address key vulnerabilities.
Gartner Peer Insight Rating
-
4.4/5 (237 reviews)
-
Where they rated higher
-
-
- Security Scorecard rated the highest among the other options mentioned on this list for ease of “Deployment” (4.8/5). They also rated among the highest for “Timeliness of Vendor Response” (4.7/5) and “Quality of Technical Support” (4.7/5).
-
-
Where they rated lower
-
- Security Scorecard rated among the lowest for “Configurability” (4.1/5) and “Remediation and Exception Management” (4.1/5).
2. Panorays
Location: New York, New York, United States
Year Founded: 2016
Mission
Panorays is dedicated to eliminating third-party security risks so that companies worldwide can quickly and securely do business together.
Solution Overview
Panorays gives organizations a bottom-line rating of their supplier’s cyber risk. They combine automated security questionnaires calculated based on your third party’s responses with external cyber posture assessments based on tests that evaluate a vendor’s attack surface across three different layers:
- Network & IT: web, e-mail and DNS servers, TLS protocols, asset reputation, cloud solutions and other exposed services.
- Application: web applications, CMS, domain attacks, etc.
- Human: employees’ attack surface, social posture, presence of a dedicated security team, etc.
Gartner Peer Insight Rating
-
4.5/5 (58 reviews)
-
Where they rated higher
-
-
- Panorays rated the highest for “Ease of Integration using Standard APIs and Tools” (4.7/5) and “Quality of Peer User Community” (4.5/5).
-
-
Where they rated lower
-
- A few areas where Panorays fell short of the other options on this list are “Availability of 3rd-Party Resources” (4.3 /5) and “Usability and Access” (4.3 5).
3. BitSight
Location: Boston, Massachusetts, United States
Year Founded: 2011
Mission
BitSight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties.
Solution Overview
BitSight is committed to creating measurements of organizational cybersecurity performance to help companies add vendors without worrying about expanding their attack surface. BitSight leverages externally observable data from over 100 sources and then maps this data to individual organizations. They assign a score ranging in value from 250 to 900, with a higher rating equaling better cybersecurity performance. They offer program support to identify and remediate risk, implement business-driven security controls, prioritize security investments, and facilitate decision-making.
Gartner Peer Insight Rating
-
4.5/5 (249 reviews)
-
Where they rated higher
-
-
- BitSight received the highest ratings for “History and Reporting” (4.5/5) and “Timeliness of Vendor Response” (4.7/5).
-
-
Where they rated lower
-
- BitSight rated the lowest for “Pricing Flexibility” (4.2/5) and “Remediation and Exception Management” (4.2/5)
4. Upguard
Location: Mountain View, California, United States
Year Founded: 2012
Mission
UpGuard helps businesses manage cybersecurity risk. UpGuard’s integrated risk platform combines third-party security ratings, security assessment questionnaires, and threat intelligence capabilities to give businesses a complete and comprehensive view of their risk surface.
Solution Overview
UpGuard’s proprietary scanning infrastructure monitors and collects billions of data points daily, focusing on non-invasive, passive data collection. There are six categories in the current evaluation system: Network Security, Phishing and Malware, Email Security, Brand and Reputation, Website Security, and Questionnaire Risk. Each category is associated with various checks that carry fixed weights. The checks are then fed into their rating algorithm to produce a security rating out of 950. Organizations start with a rating of 950 and have points subtracted for each check they fail. The number of points deducted is based on the severity and weight of the underlying risk.
Gartner Peer Insight Rating
-
4.4/5 (153 reviews)
-
Where they rated higher
-
-
- UpGuard rated the highest for “Access and User Controls” (4.6/5) and “Quality of End-User Training” (4.5/5).
-
-
Where they rated lower
-
- UpGuard did not receive the lowest rating in any of the categories. The areas where they rated on the lower end were “Workflows and Collaboration” (4.3/5) and “Connectors and Integration” (4.2/5).
5. Black Kite
Location: Boston, Massachusetts, United States
Year Founded: 2016
Mission
Black Kite’s mission is to provide business and security professionals with a complete and true understanding of their cyber ecosystem risk.
Solution Overview
Black Kite’s solution allows organizations to scan the cyber risk posture of any of their vendors at any given time. Their assessments are based on 20 risk categories from a cyber, compliance, and financial perspective. Rather than using intrusive vulnerability scanners, their solution performs non-intrusive scans that never touch an organization’s systems or network assets. Black Kite analyzes and consolidates data from 400+ open-source intelligence (OSINT) sources into a Strategy Report. This report assigns a letter-grade rating, highlights each vendor’s current posture, creates an automated remediation plan for the vendors, and converts technical data into business concepts.
Gartner Peer Insight Rating
-
4.7/5 (79 reviews)
-
Where they rated higher
-
-
- Black Kite received the highest overall rating compared to the other options on this list. They received the highest rating in several categories including “Quality of Technical Support” (4.8/5), “Assess/Validate/Monitor Controls” (4.7/5), and “Ability to Understand Needs” (4.7/5).
-
-
Where they rated lower
-
- Black Kite received the lowest rating for “Quality of Peer User Community” (4.3 5) and was among the lowest for “History” (4.4/5).
6. Risk Recon
Location: Salt Lake City, Utah, United States
Year Founded: 2013
Mission
To make the Internet more secure by delivering a trusted and transparent view into enterprise security programs that will prompt all organizations to adhere to security best practices.
Solution Overview
RiskRecon provides comprehensive vendor security monitoring, helping organizations select vendors that align with their risk interests and policies. They continuously monitor the cybersecurity risk performance of tens of thousands of organizations through OSINT assessment techniques. Their assessments span 9 security domains built on 40+ criteria, and risks are prioritized based on severity and asset value. RiskRecon rates cybersecurity risk performance on a scale of 0.0-10 (10 being the best) with an accompanied A – F grade. RiskRecon creates a summary highlighting areas of strength, areas of weakness, and related issues that expose the organization to the greatest risk.
Gartner Peer Insight Rating
-
4.4/5 (52 reviews)
-
Where they rated higher
- Risk Recon rated the highest for “Exception Management” (5/5) and “History” (5/5).
-
Where they rated lower
-
- Risk Recon received one of the lowest overall ratings among the options on this list. The areas where they were rated the lowest were “Access and User Controls” (3.5/5), “Configurability” (3.5/5), and “Quality of End-User Training” (4.3/5).
Determining the best security rating solution for your organization
When considering the adoption of security rating solutions, there is no one-size-fits-all solution. Organizations looking to leverage security ratings should start by identifying the overall business problem they are trying to solve and why they are looking to incorporate security ratings in the first place. Once this is determined, it will make evaluating the solution’s capabilities easier and help organizations select the best solution to achieve their desired business outcomes.