It is now very easy to identify the security posture of 3^rd party vendors and cyber insurance subscribers.

Cyber Risk Score! You don’t have to use old-school excel files and questionnaires for 3rd-party risk management. Rapid Cyber Risk Scorecard (RapCard) is an affordable, faster and next-generation tool for cyber insurance providers and 3rd-party risk management. 

• Instant cyber risk score generated under 60 seconds
• 10 risk categories and 250+ control items
• User interface or API based and fully automated
• Perfect for cyber insurance, M&A, and suppliers
• Available with volume license

Rapid Cyber Risk Scorecard Categories

It is now very easy to identify the risk values of 3rd party providers or cyber insurance subscribers. The scorecard identifies how risky a company is by looking only at the target company's domain name in as little as 60 seconds. Instead of risk analysis by sending out old-fashioned excel files, you can use OSINT techniques to identify the risks posed by 3rd party vendors without touching the target company assets. A more cost-effective, faster and easier method for cyber insurers and 3rd party risk management. Rapid Cyber Risk Scorecard evaluates a company in many different categories. Each category provides specific information about an aspect of a firm’s cyber security posture.

• Patch Management

  We collect details related to the version number of your systems and software from internet-wide scanners like Censys, Shodan, Zoomeye etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect and approximate any unmitigated known vulnerabilities.

• DNS Health

  We generate DNS health report from 40+ control items which are collected from online services like IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker footprints from the DNS servers.

• IP/Domain Reputation

  Asset reputation score is based on the number of IPs or domains are blacklisted or they are used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, etc.

• Attack Surface

  Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength and any misconfigurations. This information is gathered from Censys & Shodan database and service / application versions are correlated with Passive Vulnerability Scan results.

• Web Ranking

  Cisco, Alexa and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 parsing compliance findings.

• Brand Monitoring

  Brand monitoring is a business analytics process concerned with monitoring various channels on the web or media in order to gain insight about the company, brand, and anything explicitly connected to the cyber space.

• Email Security

  We collect vulnerabilities related to potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, SMTP ‘Verify’ vulnerabilities from the online services like MxToolbox and eMailSecurityGrader.

• Leaked Credentials

  There are more than 5 billion hacked email / password available on the internet and underground forums. This section shows the leaked or hacked emails & passwords.

• Fraudulent Domains

  Fraudulent Domains and subdomains are extracted from the domain registration database. The registered domains database holds more than 300M records.

• Digital Footprint

  Digital Footprint is determined by open ports, services and application banners. This information is gathered from NormShield crawlers, Censys, VirusTotal, Robtext, Alexa, Shodan etc.

• Informance Disclosure

  Company employees may disclose Local IPs, email addresses, version numbers, whois privacy records or even misconfigure a service in a way that it may expose sensitive information to the internet.