Your partners, vendors and other key 3rd parties have access to your sensitive networks and data. How confident are you that they're managing their cyber security? This short presentation looks at why you need to view information security as an ecosystem and how you can get intelligence on the big picture.

1. NormShield
Ecosystem Cyber
Risk Scorecard
How do your partners
compare?

2. We live in a hacker’s world
Cybersecurity is IT’s problem
You have probably been hacked
Customer data is at risk
Then
Cybersecurity is a business risk
You are being hacked right now
Everything is at risk. Trade
secrets/IP hacking alone costs
us $400 billion*
Now
*Office of the Director of National Intelligence

3. HIGH COST TO COMPANIES
PricewaterhouseCoopers estimates
Company payments for
cyber insurance
Damage from breaches
2020
$2.75b
$7.5b
2015
1 in 3 breached companies
lost 20% of revenue
1 in 4 lost customers
1 in 4 lost business
opportunities
Cisco Cyber Security Report 2017

4. A COMPANY’S
ECOSYSTEM
MULTIPLIES RISK
Distribution
Customer
support
R&D
Customers
Facilities
Legal
Insurance
Logistics
Technology
Franchisees
Sourcing
Marketing
Joint
venture
Organization
cyber risk
Ecosystem members have
access to confidential
information, intellectual property,
or critical systems.
Your sensitive data is only as
secure as these partners’
cyber security capabilities.
Ecosystem
cyber risk
HR

5. CONSEQUENCES OF ECOSYSTEM RISK
$2-50 million in fines and
direct compensation
+ reputational damage
An additional 4-5% return on
equity
+ competitive advantage
Managing 3rd party risk?
Outperform peers
Not managing 3rd party risk?
Be penalized
Deloitte Third Party and Risk Management Report

6. NOW EASILY MANAGE ECOSYSTEM RISK
NormShield Ecosystem Scorecard
20 risk categories for
a robust risk profile
Get a robust view of technical
risk for each 3rd party partner
Letter grade format
for rapid prioritization
Set vendor policies on
minimum grade levels
For example, a vendor with a
’D’ on vulnerabilities needs to
achieve a ’B’ to receive a
contract

7. NOW EASILY MANAGE ECOSYSTEM RISK
NormShield Ecosystem Scorecard
From a leader in Risk
& Compliance
NormShield recognized by
Momentum CYBERScape report
for Risk & Compliance
Fits any vendor
approval process
Results available within 24 hours
No vendor credentials required
Up to 200 scorecards per day

8. Ecosystem Scorecard
Categories

9. Attack Surface
Attack surface is determined by using open ports, services and application service versions.
This information is gathered from Censys database and service / application versions are
correlated with Passive Vulnerability Scan results.
SMTP Controls
Potential SMTP misconfigurations like open relay, unauthenticated logins, restricted relay,
SMTP 'Verify' by using MxToolbox and eMailSecurityGrader.
SSL Strength
SSL configuration and vulnerabilities are provided by several 3rd party companies. These
results are from Qualys SSL Labs scanner.
DNS Health
DNS Report is generated from IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS
queries are recursive it is almost impossible to detect a hacker footprints from your DNS
servers.
Passive Vulnerability
Scan
Censys attack surface results are correlated with NIST NVD and MITRE CVSS databases to
detect any unmitigated known vulnerabilities.
Application Security
Censys attack surface results are correlated with Shodan and SecurityHeaders databases to
detect any unmitigated known application level vulnerabilities.
Leaked Emails
There are 5 billion hacked e-mail / password available on the internet and underground
forums. This report shows your leaked or hacked emails & passwords.
20 RISK CATEGORIES COVERED 1/3

10. 20 RISK CATEGORIES COVERED 2/3
Fraudulent Domains
Fraudulent Domains and subdomains are extracted from the domain registration database. Our
registered domains database holds more than 250M records.
Asset Reputation
Asset reputation score is based on whether IPs or domains are blacklisted or they are used for
sophisticated APT attacks. We collect reputation feeds from VirusTotal, Cymon, Firehol,
BlackList DNS servers, etc
Reputation History
Asset reputation score is based on whether IPs or domains are blacklisted or they are used for
sophisticated APT attacks. We collect previous reputation feeds from VirusTotal, Cymon,
Firehol, BlackList DNS servers, etc.
Data Leakage
Sometimes employees develop code or scripts and publish them on sourcecode repositories on
the internet and unintentionally include sensitive data like username, password, local network
information, API key, etc.
Hacktivist Shares
Hackers publicize their targets in underground forums or darkweb. NormShield collects
information from hundreds of dark forums, criminal sites and hactivist sites.
Fraudulent Apps
Fraudulent or pirate mobile or desktop applications are used to hack / phish employee or
customer data. Possible fraudulent or pirate mobile/desktop apps on Google Play, App Store
and pirate app stores are provided.
Social Network
Hackers publicize their targets or even victims on social network sites to motivate other hackers
to attack the same target. The results are filtered from billions of social media content.

11. AUTOMATICALLY SEE, PRIORITIZE, ACT
Candan Bolukbas
candan.bolukbas@normshield.com