SecurityScorecard introduces security ratings platform with OpenAI’s GPT-4 search system

SecurityScorecard announced at RSA Conference 2023 the launch of a security ratings platform that integrates with OpenAI’s GPT-4 system.

With this natural language processing capability, cybersecurity leaders can find immediate answers to high priority cyber risks. The solution was developed by ScorecardX, the innovation incubator of SecurityScorecard, which designs and builds technological solutions to critical customer challenges.

Through ScorecardX innovations, SecurityScorecard is accelerating security data analysis and improving its platform to help security decision-makers reduce their cyber risk.

As part of a series of new platform enhancements, ScorecardX developed natural language global search, enabling CISOs and practitioners to ask questions to better understand their cyber exposure and where their security gaps lie.

SecurityScorecard’s OpenAI’s GPT integration represents the first security ratings platform implementation of natural language processing capabilities with which users can directly interact.

Customers can now ask open-ended questions about their business ecosystem, including details about their vendors, and quickly obtain answers to drive risk management decisions. The AI-powered search works across monitored organizations, saving leaders significant time by reducing the manual work associated with analyzing data. The search feature will continuously learn and improve to better meet customers’ needs.

“Our team members are squarely focused on driving innovation that helps our customers increase cyber resilience in the face of global threats,” said Aleksandr Yampolskiy, CEO of SecurityScorecard. “It’s that commitment that has led us to put game-changing AI technology in our customers’ hands, enabling them to be more proactive, move faster, and be more strategic for their organizations.”

Customers can now ask open-ended questions about their business ecosystem, such as “find my 10 lowest-rated vendors,” or “show me which of my critical vendors were breached in the past year,” that will yield results that allow them to quickly make risk management decisions.

“As the world becomes more connected, the threat landscape for the many Clients and Partner Organizations of the United Nations International Computing Centre (UNICC) has evolved and become more complex,” said Alejandro Bustos, Senior Information Security Administrator, UNICC.

“To keep UNICC and our Clients safe, we rely on effective security solutions to guard against current threats as well as innovation in anticipating and preventing emerging ones. Staying ahead of the game is critical, and I trust the constant innovation of SecurityScorecard to protect our organizations better,” concluded Bustos.

“SecurityScorecard takes cybersecurity innovation to a new level with the integration of AI-powered search and the formation of ScorecardX,” said Sunil Kurkure, Managing Director at Intel Capital. “The company’s product and technology teams have a proven track record of delivering leadership solutions for security ratings data that meet the varying requirements of customers across numerous important use cases.”

In addition to the natural language global search, ScorecardX also unveiled a series of strategic product and service updates in Q1 that are now generally available to customers. These enhancements increase visibility into the drivers of cyber risk and allow security leaders to take more effective mitigating actions.

• SecurityScorecard introduced the first industry’s first services-backed security ratings Score Guarantee. Qualified customers who maintain an A grade and still suffer an incident are eligible for complimentary Digital Forensics and Incident Response services. ​
• Compliance Readiness Assessment with cloud policy provides a more efficient audit of regulatory requirements with an expanded evidence collection and simplified visual illustration of compliance readiness. In a major leap forward, cloud service providers can now be integrated to provide additional evidence of adherence to or violation of compliance requirements.
• Automatic Vendor Detection across portfolios makes it easier to search for potential issues or zero-day events across a group of companies. Organizations can now better understand and assess their exposure to systemic cyber risk. They are able to identify whether a specific product is used by a company across a group of scorecards, mitigating the potential loss of business due to supply chain disruption issues. Companies can also identify vulnerabilities faster and work with their third and fourth parties to remediate any vulnerabilities before they become a larger problem.
• Risk Control for cyber insurers is designed to create awareness of critical security issues by delivering targeted and personalized alerts to exposed organizations. Risk Control empowers insurers to prevent security incidents, even in the face of emerging threats and rapidly changing security postures.
• Attack Surface Intelligence provides a one-stop solution for multiple stakeholders to quickly and simply build queries that speed investigation and remediation times to reduce cyber risk exposure. Organizations can gain insight into their digital footprint and enrich findings by searching through hundreds of facets in a robust query engine that anyone of an experience can use. Customers can obtain attribution and context-rich threat intelligence, such as MITRE ATT&CK TTPs and leaked credentials.