Get a hackers-eye view with Blackfoot’s Cyber risk scorecards

Why you need cyber risk scorecards

Visual board reporting

Our cyber risk scorecards give an easy-to-understand one-page guide to current and historical external security events to inform your leadership board

Analyse your critical suppliers and partners

Our cyber risk scorecards deliver a consistent way of measuring cyber-risk in your supply chain

See what your attackers can see

Our cyber risk scorecards give you a hackers-eye view of your organisation’s web-facing assets

Blackfoot’s cyber risk scorecards provide a clear overview of your organisation’s cybersecurity risk exposure, helping you prioritise and manage your most critical risks and enhance the organisation’s security posture.

Our Accreditations

What is a cyber risk scorecard

Cyber risk scorecards are a useful tool in providing a hackers-eye view of your organisation.

They work by using open source intelligence (OSINT) techniques to collect data from 400+ OSINT resources across a span of internet-wide scanners, without ever touching your organisation’s assets.

By assessing, quantifying and communicating your organisation’s digital footprint, our cyber risk scorecards provide valuable insights in a structured and visual manner.

Our method

Blackfoot’s cyber risk scorecards employ Cyber-Threat Susceptibility Assessment (CTSA) methodology.

CTSA is a methodology for evaluating the susceptibility of a system to cyber-attacks developed by MITRE. CTSA quantitatively assesses a system’s ability to resist a cyber-attack over a range of catalogued attack tactics, techniques and procedures (TTPs).

To generate the cyber-risk rating, Blackfoot needs only company domain information.

Our scorecard engine collects information from VirusTotal, Passive DNS servers, web search engines and other internet-wide scanners, as well as proprietary databases, which hold more than 10 billion historic items. The engine searches the databases to find all IP address ranges and domain names that belong to the company.

The resulting map shows how hackers can leverage attack vectors using OSINT resources like hacker forums, social networks, Google, leaked database dumps and paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan or Google Safe Browsing.

Blackfoot’s cyber risk scorecards compile this data into a simple, understandable report with letter-grade scores to help identify and mitigate potential security risks.

The platform identifies known vulnerabilities (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS) and attack patterns (CAPEC/FIPS-199 impact level).

We also classify the findings into FISMA Cyber Security Framework area and maturity level, NIST 800-53 control family, FIPS-200 area and NIST 800-37 process step.

All this is achieved without scanning or modifying any of the organisation’s business assets.

Why companies trust Blackfoot

Attack surface detection
Blackfoot’s cyber risk scorecards help you understand your attack surface from a hacker’s perspective and gain unique insights to protect your organisation.
Comprehensive risk intelligence
We assess your environment against 20 threat categories including email security control, dark web searches, compromised credentials and more.
APi integration
Our seamless API integration enables extensive technical, compliance-related and financial cyber risk scorecards.
Fast scan results
Our cyber risk scorecards deliver rapid results you can rely on using just company domain information.
Centralised dashboard
We focus on making it easy for you to monitor your cyber-risks through a centralised dashboard, providing the visibility you need to manage your risks effectively.
Prioritised findings
Our transparent reporting presents findings in a clear, accessible way prioritised according to risk, ensuring you can focus remediation where it’s most needed.

Speak to an Expert

Call us on +44 (0) 203 393 7795

We value what our customers think of us

Blackfoot are authentic, hard-working, flexible and committed. Finding a partner who has our best interests at heart, one who tries to find solutions that work for us as a customer is like gold-dust. I now consider Blackfoot as part of my trusted partner network for any future projects.

"As our business has expanded so quickly, we have had to learn and implement new policies, processes, controls internally and externally, upskill staff and manage 3rd parties differently, it’s been a heck of a learning curve. During the onboarding and kick off meetings the support exceeded what I was expecting. The support from Blackfoot was amazing."

I was very impressed with your project managers persistence and attention to detail. She clearly understood the technical side of the testing and was very patient and polite when chasing up due to slow / delayed responses on our side. Overall, the approach gave me confidence that the testing was being planned carefully and that Blackfoot were helping us get the best out of the plan.

"I’m pleased to have seen the account progress, I know your consultants have dedicated a lot of time to the project and I’m excited to report back to their transformation director in the new year around their latest level of data security and privacy maturity based on the investment they have made"

“ I would like to add my thanks as in previous years you have really supported us and helped us to renew our certification and the entire process has been smooth and painless, we are most grateful."

Get in touch

*Fill in the fields below

Get the Latest Industry News

We’ll keep you informed about potential risks and vulnerabilities that could impact your digital assets.