Third Party Risk Management - Consultancy, Assessment & Advisory

Rapid Cyber Risk Scorecards

Easily identify the security posture of third-party vendors & cyber insurance subscribers.

Identifying your weakest links

With Black Kite Rapid Cyber Risk Scorecards, companies don’t have to use old-school Excel files and lengthy questionnaires to measure third-party risk. Rapid Cyber Risk Scorecard (RapCard) is an affordable, faster and more modern way for cyber insurance providers and third-party risk managers to obtain a real-time, on-demand assessment of cybersecurity risks.

Black Kite Rapid Cyber Risk Scorecards deliver:

– Instant cyber risk scores, generated in fewer than 60 seconds

10 risk categories and 250+ control items

Fully automated user-interface or API-based access

– Risk scores that can be instantly used for cyber insurance, M&A due diligence, and evaluating potential suppliers

As-a-service availability, with volume licenses for large organisations

Request your free scorecard

Black Kite Rapid Cyber Risk Scorecards identifies potential supply chain risk by scanning the target company’s domain name using OSINT (open-source intelligence) techniques to identify the risks posed by third-party vendors without the need to touch the target company’s internal assets.

A more cost-effective, faster and easier method for cyber insurers and third-party risk management, Rapid Cyber Risk Scorecards evaluate a company in up to ten different categories. Each category provides specific information about an aspect of the target company’s cybersecurity posture.

Request a Demo of YOUR Rapid Cyber Risk Scorecard Today.

Rapid Cyber Risk Scorecard Categories

  • Patch Management
    We collect details related to the version number of your systems and software from internet-wide scanners like Censys, Shodan, Zoomeye, etc. These version numbers are converted into the corresponding common platform enumeration number (CPE-ID) and are correlated with NIST NVD and MITRE CVSS databases to detect any unmitigated known vulnerabilities.
  • DNS Health
    We generate a DNS health report from 40+ control items that are collected from online services such as IntoDNS, Robtex, Netcraft and HackerTarget. Since DNS queries are recursive, it is almost impossible to detect a hacker’s footprints from the DNS servers.
  • IP/Domain Reputation
    Asset reputation score is based on the number of IPs or domains that are blacklisted or used for sophisticated APT attacks. The reputation feeds are collected from VirusTotal, Cymon, Firehol, BlackList DNS servers, and more.
  • Attack Surface
    Attack surface is the technical analysis of open critical ports, out-of-date services, application weaknesses, SSL/TLS strength and any misconfigurations. This information is gathered from Censys & Shodan database and service / application versions are correlated with Passive Vulnerability Scan results.
  • Web Ranking
    Cisco, Alexa and Majestic track web sites and rank them according to popularity, back-links, references, etc. This subcategory shows Alexa and Majestic trends, Google Page insight speed test results as well as Web Content Accessibility Guidelines (WCAG) 2.0 Parsing Compliance Findings.
  • Brand Monitoring
    Brand monitoring is a business analytics process that involves monitoring various channels on the web or media to gain insights about the company, brand, and anything explicitly connected to the cyberspace.
  • Email Security
    We collect vulnerabilities related to potential email servers and SMTP misconfigurations like open relay, unauthenticated logins, restricted relay, and SMTP ‘Verify’ vulnerabilities from online services including MxToolbox and eMailSecurityGrader.
  • Leaked Credentials
    There are more than five billion hacked emails/passwords available on the internet in underground forums. Our scan cross references these known databases of compromised credentials against the target organizations’ and shows any leaked or hacked emails and passwords from these constantly updated databases.
  • Fraudulent Domains
    Fraudulent domains and subdomains are extracted and cross referenced from the domain registration database. The registered domains database holds more than 300M records.
  • Digital Footprint
    A digital footprint is determined by a target website’s open ports, services, and application banners. This information is gathered from Black Kite crawlers, Censys, VirusTotal, Robtext, Alexa, Shodan, and others.
  • Informance Disclosure
    Company employees may disclose local IPs, email addresses, version numbers, whois privacy records, or even misconfigure a service in a way that may expose sensitive information to the internet.

The Methodology

Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system’s [in]ability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs).

To generate the scorecard, Black Kite needs only the company domain. The engine collects the related information from VirusTotal, Passive DNs servers, web search engines and other Internet wide scanners as well as Black Kite’s proprietary databases which holds more than 10 billion historic items.

The engine searches the database in order to find all IP address ranges and domain names that belong to the company. Black Kite uses what is called Open Source Intelligence (OSINT) that is shown below to gather information.

It takes less than a minute to generate this valuable insight into your third-party cyber risk. See for yourself – Request a demo of Your Rapid Cyber Risk Scorecard Today.

Call today 0161 476 8700

or Submit a Contact Form

Why choose us?

We are specialists in Third Party Risk Management with over 20 years of experience in Cyber Security and Governance, Risk & Compliance and a dedicated team of experienced IT Security Assurance Consultants.
We are a vendor agnostic, managed service provider that is able to focus on delivering a TPRM program built around your specific risk-based, organisational and regulatory requirements.
We are a Shared Assessments Program member and recognised Assessment Firm with certified IT Security Assurance Consultants able to deliver a comprehensive service based on industry standards and best practice.