Continuous Security Monitoring

Dual Security Rating Services provide real-time external visibility into every vendor's security posture without relying on questionnaires.

UpGuard Integration

UpGuard provides comprehensive external security ratings across four key categories, giving you a validated outside-in view of your vendors' security posture on a 0–950 scale.

  • Website security analysis
  • Email security posture (SPF, DKIM, DMARC)
  • Network security evaluation
  • Data leak exposure monitoring
  • Letter grades A through F with configurable thresholds
  • Historical score tracking and trend analysis
Grade A (Excellent) 850–950
Grade B (Good) 700–849
Grade C (Average) 500–699
Grade D (Poor) 300–499
Grade F (Critical) 0–299

Shodan Integration

The Shodan SRS engine performs deep internet intelligence scanning with a proprietary five-category scoring system that evaluates vendor infrastructure from the attacker's perspective.

  • TLS/Crypto analysis (versions, ciphers, certificates, HSTS)
  • Network security (open ports, exposed databases, attack surface)
  • Application hardening (security headers, server disclosure)
  • Vulnerability exposure (CVE detection, CVSS severity scoring)
  • Email security (SPF, DMARC, DKIM validation)
  • Subdomain discovery with up to 20 subdomains and 25 IPs
TLS/Crypto Category 1
Network Security Category 2
Application Hardening Category 3
Vulnerability Exposure Category 4
Email Security Category 5

Tier-Based Auto-Rescoring

Vendors are automatically rescored on a schedule matched to their risk tier.

Vendor Tier Risk Level Rescore Interval Typical Vendors
Tier 1 Critical Every 30 days Cloud infrastructure, payment processors, core SaaS
Tier 2 Standard Every 90 days HR platforms, CRM systems, collaboration tools
Tier 3 Low-Risk Every 365 days Marketing tools, office supplies, non-data vendors

Advanced Monitoring Capabilities

Features designed for real-world security operations.

Risk Waivers

Exclude specific findings per subdomain when a risk is accepted or represents a false positive. Waivers include documented reasons and are tracked in the audit log.

Traffic Light Ratings

Green (80%+ positive), Yellow (50–80%), Red (<50%) at-a-glance ratings make it easy for non-technical stakeholders to understand vendor security posture.

On-Demand Rescans

Trigger immediate Shodan rescans when you need fresh data outside the automatic schedule. Results are available within minutes with full finding detail.

Configurable Signal Weights

Admin-customizable point values per scoring category let you tune the Shodan engine to match your organization's risk appetite and security priorities.

📊

Score History & Trends

Chart.js-powered visualizations show score history over time. Identify improving or degrading vendor security postures at a glance with trend lines.

CVE & CVSS Detection

Shodan's vulnerability category detects known CVEs on vendor infrastructure, with scaled penalties based on CVSS severity. Maximum penalty for CVSS 9.0+.

WAF & CDN Awareness

The Shodan integration intelligently handles vendors behind web application firewalls and content delivery networks, avoiding false positives from infrastructure that doesn't belong to the vendor.

  • Cloudflare, Imperva, Incapsula, and Fastly detection
  • Special handling for proxied infrastructure
  • Email security only flagged when SMTP ports are actually open
  • Subdomain-level granularity for accurate attribution
Cloudflare Detected
Imperva Detected
Incapsula Detected
Fastly Detected
Max Subdomains Scanned 20
Max IPs Resolved 25

Monitoring Is Just One Phase

See how continuous scoring fits into the complete vendor lifecycle from onboarding to annual review.

Explore Vendor Lifecycle