This post is also available in: French

How Secure Are Your Cybersecurity Tools?

This post is also available in: French

Keeping your business secure as risks grow is no easy feat. But despite spending more money on security, many organizations don’t have full confidence in their ability to actually secure their environment.

More than half of the 2,000 security professionals in 17 countries surveyed by ISACA believed their organization will likely experience a cyberattack in the next 12 months. Why is that, when there’s an abundance of tools to help prevent attacks? (After all, the cybersecurity market was valued at $156.5 billion in 2019, and expected to grow at a CAGR of 10% in 2020-2027).

Unfortunately, not all security solutions are created equal.

Ensure your cybersecurity tools are secure – an oxymoron?

Before you deploy a cybersecurity solution, you should ensure that the tool you plan to use is secure itself. One easy way to do that is through third-party ratings from companies such as SecurityScorecard.

SecurityScorecard provides easy-to-understand ratings in 10 risk categories. These ratings evaluate a company’s cybersecurity risk based on data-driven insights that continuously evolve. It’s an objective view at the weaknesses in a vendor’s cybersecurity controls, as well as potential vulnerabilities. SecurityScorecard’s assessment takes a view from the outside in—looking at the company’s cybersecurity from a hacker’s perspective. It’s a great tool for evaluating any of your cybersecurity vendors.

Understanding the risk factors

Below are the 10 risk factors included in the SecurityScorecard ratings.

Network security: This factor considers vulnerabilities such as insecure or misconfigured SSL certificates or database vulnerabilities, which hackers can exploit to gain access into the network.

Endpoint security: Maintaining device security is especially critical in an increasingly distributed and remote workplace. This factor looks at the security of employee endpoints, including laptops and mobile devices.

IP reputation: Poor IP reputation indicates the company’s domain or IP may be involved in suspicious activities. To establish this score, SecurityScorecard “ingests millions of malware signals from commandeered Command-and-Control infrastructures” around the globe.

Hacker chatter: This includes underground communications among hackers, which could reveal organizations or IPs that are or were targeted.

Information leak: Leaked data from a breach, such as from a database dump, indicates a high risk of a security incident. SecurityScorecard maps the data leaks to companies that own the leaked data or associated email accounts.

Web application security: Hackers can exploit vulnerabilities such as cross-site scripting to compromise a company’s website or other web properties such as APIs. SecurityScorecard scans for common website application vulnerabilities.

DNS health: This factor looks at DNS configurations—such as DMARC, DKMI, and DNSSEC—that improve internet security and provide stronger email authentication.

Patching cadence: Unpatched systems, services, applications, and devices increase the likelihood of attackers using an exploit to breach the environment. This factor considers rating factors in out-of-date company assets that may have risks or vulnerabilities.

Social engineering: SecurityScorecard considers increased risk factors such as employees using corporate accounts for services and social networks.

Cubit score: This is a proprietary threat indicator that SecurityScorecard assigns based on issues related to exposed admin portals.

How does Dashlane rank?

The SecurityScorecard uses a scale of 0 to 100 and a rating of A-F. Dashlane’s overall score in recent SecurityScorecard ratings was 99, earning an A. Dashlane received A’s across all categories, with most of them scoring 100% each.

At Dashlane, security is at the core of our business—a commitment you can see reflected in our high score. As an industry leader in security, Dashlane uses measures such as:

  • AES 256-bit encryption—the strongest available—implemented in the most stringent way
  • Two-factor authentication—built-in by design—for authorization of new devices
  • A zero-knowledge architecture so only you can access your data

Curious how Dashlane stacks up against other password managers like 1Password, Keeper, and LastPass based on SecurityScorecard ratings? Take a look.

Your organization’s cybersecurity is only as strong as the security of your vendors and solutions. Consider this important aspect when you evaluate your security tools.

Learn how to decrease your risks and bolster cybersecurity across your organization by using a password manager. Check out Dashlane’s newest resource, A Practical Guide to Cybersecurity with a Password Manager.