Security Rating

The FortifyData Platform analyzes the cyber risk exposures across thousands of unique data points, primarily focused on live assessment data of an organization’s attack surface and their vulnerabilities providing a more accurate view of cyber risk.  

The platform uses trusted qualitative and quantitative risk assessment methodologies, providing holistic risk insights across the organization’s entire threat landscape. The platform performs comprehensive, automated attack surface and threat intelligence assessments to inform risk scenarios for organizations. These assessments are not limited to network infrastructures, web applications, or cloud security settings. Similar assessments are performed on third-party vendors.

FortifyData starts with a transparent risk scoring model leveraging an empirical statistical model and NIST Risk Management Framework (RMF). This allows our customers to understand the value of the score they are provided.

Configurable Scoring Model

FortifyData’s patented configurable scoring model presents a direct indication of breach susceptibility that considers the likelihood of threat scenarios, asset classifications and risk impact tot the organization. Clients can assign and modify weights attached to each cybersecurity risk category when calculating custom scores. This enables users to increase/decrease the relative impact of individual cybersecurity risks compared to the impact of these risks producing a more accurate view of the organization’s risk profile than using open source intelligence data.

300

900

How It Works

Our technology performs the following three levels of assessments to quantify cyber risk exposure for any organization:

First Level | Automated Assessment

We perform full assessments across various aspects of your organization, including external and internal infrastructure, web applications, patching performance, security and compliance control gaps, and compromised data-sets on the open and dark web. This provides complete insight on all vulnerabilities, security gaps and exposed threats present within your organization’s resources, all in one place.

Second Level | Risk Impact Analysis

We believe risk is truly defined as the intersection of the likelihood and impact of a threat event occurring. We automatically correlate threat events to your resources based on susceptibility and provide configurability to adjust the likelihood and impact associated with your external and internal technologies, and administrative and personnel risks.

Third Level | Quantified Cyber Score

Using our empirical scoring model leveraging machine learning, the risk register is quantified into a cyber risk score—a true representation of holistic cyber risk exposure associated with your organization’s resources. Additionally, an ROSI can easily be calculated based on the quantified risk data report, helping you demonstrate how much financial loss your organization could avoid due to security investment.

FortifyScore Methodology

Learn the factors that the FortifyScore identifies, analyzes and calculates from the FortifyData platform assessments in our post, Cyber Risk Scoring – The FortifyData Scoring Methodology.