Our cyber risk scorecards give an easy-to-understand one-page guide to current and historical external security events to inform your leadership board
Our cyber risk scorecards deliver a consistent way of measuring cyber-risk in your supply chain
Our cyber risk scorecards give you a hackers-eye view of your organisation’s web-facing assets
Blackfoot’s cyber risk scorecards provide a clear overview of your organisation’s cybersecurity risk exposure, helping you prioritise and manage your most critical risks and enhance the organisation’s security posture.
Cyber risk scorecards are a useful tool in providing a hackers-eye view of your organisation.
They work by using open source intelligence (OSINT) techniques to collect data from 400+ OSINT resources across a span of internet-wide scanners, without ever touching your organisation’s assets.
By assessing, quantifying and communicating your organisation’s digital footprint, our cyber risk scorecards provide valuable insights in a structured and visual manner.
Blackfoot’s cyber risk scorecards employ Cyber-Threat Susceptibility Assessment (CTSA) methodology.
CTSA is a methodology for evaluating the susceptibility of a system to cyber-attacks developed by MITRE. CTSA quantitatively assesses a system’s ability to resist a cyber-attack over a range of catalogued attack tactics, techniques and procedures (TTPs).
To generate the cyber-risk rating, Blackfoot needs only company domain information.
Our scorecard engine collects information from VirusTotal, Passive DNS servers, web search engines and other internet-wide scanners, as well as proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company.
The resulting map shows how hackers can leverage attack vectors using OSINT resources like hacker forums, social networks, Google, leaked database dumps and paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing.
Blackfoot’s cyber risk scorecards compile this data into a simple, understandable report with letter-grade scores to help identify and mitigate potential security risks.
The platform identifies known vulnerabilities (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS) and attack patterns (CAPEC/FIPS-199 impact level).
We also classify the findings into FISMA Cyber Security Framework area and maturity level, NIST 800-53 control family, FIPS-200 area and NIST 800-37 process step.
All this is achieved without scanning or modifying any of the organisation’s business assets.
Call us on +44 (0) 203 393 7795
*Fill in the fields below
We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.