Third-Party Cybersecurity Rating of Thru

Share:

For more than 20 years, Thru has protected sensitive data while transferring files for businesses on a daily basis. Meeting data privacy regulations and guarding against the increasing number of cybersecurity threats means we must continually scrutinize our security posture. To assist us in doing so, we engage with trusted third parties, such as SecurityScorecard, to perform a security-related analysis.

Continue reading for a quick overview of SecurityScorecard and to learn results of our recent evaluation.

Who Is SecurityScorecard?

Founded in 2013, SecurityScorecard is the global leader in cybersecurity ratings and the only service with more than 12 million organizations continuously rated. Its scoring algorithm is based on a principled statistical framework and provides insights and a detailed analysis of the security posture of an organization.

Evaluating Security Posture of Organizations

To reveal the possible presence of common vulnerabilities and exposures (CVEs), exposed ports, weak ciphers and other types of cybersecurity flaws of varying severity, SecurityScorecard non-intrusively scans the entire IPv4 webspace at a regular cadence. Additionally, it operates one of the largest networks of sinkholes worldwide to capture malware signals emanating from an organization’s servers or end-user computers.

After scanning and measuring a single organization’s vulnerabilities, the average for an organization of that size is calculated in terms of standard deviations. This is known as a z-score and provides a valid number for comparisons between organizations of different sizes.

Calculating Cybersecurity Ratings

SecurityScorecard collects and then analyzes threat and vulnerability data across 10 major security categories, giving a Factor Score to each different category. The Total Score, calculated as the weighted average of the Factor Scores, provides the overall grade for the organization’s cybersecurity posture. Factor weights are derived using a data-driven approach. Factor and Total Scores are reported on a scale of 0 to 100 with an associated letter grade.
Score Grade
≥ 90 A
80 to 90 B
70 to 80 C
60 to 70 D
< 60 F

Ten Factors for Scoring Security Posture

Issue types are topically grouped into the following 10 categories:

  1. Network Security: Open ports (such as SMB and RDP), insecure or misconfigured SSL certificates, database and IoT vulnerabilities.
  2. Application Security: Vulnerabilities, misconfigurations and best practices on publicly detected web apps.
  3. IP Reputation: Sinkhole system ingests millions of malware signals and maps infected IP addresses back to impacted organizations.
  4. Endpoint Security: Exploitability of laptops, desktops, mobile devices and BYOD devices on the network.
  5. Patching Cadence: Frequency of updates for an organization’s identified services, software and hardware.
  6. DNS Health: Misconfigurations like Open Resolvers and recommended configurations for DNSSEC, SPF, DKIM and DMARC.
  7. Hacker Chatter: Underground and dark web discussions about targeted orgs and IP addresses.
  8. Information Leak: Credentials exposed by a data breach or leak, keylogger, Pastebin and database dumps and other information repositories.
  9. Social Engineering: Corporate accounts in social networks, financial accounts and marketing lists.
  10. Cubit Scores: Critical security and configuration issues, like exposed administrative control panels.

Thru’s Complete Results in Security Report

Thru received a 97% Total Security Score, which is an ‘A’ letter grade. In addition to receiving the breakdown of Factor Scores, we were provided with a list of action items detailing the detected issues along with recommendations for remediation.

If you are considering Thru for secure file transfer for your organization, please request our complete SecurityScorecard Report »

 

securityscorecard.com
securityscorecard.pathfactory.com/security-ratings/how-does-scoring-work#page=1

Share:

Have questions about managed file transfer?

Get answers, not a sales pitch. Our experts have analyzed, discussed and solved difficult file transfer challenges since 2002. We are here to help you.

Scroll to Top