Platform Overview

NormShield’s platform was built from a practitioner’s perspective to provide full visibility into a vendor’s cyber position. It enables enterprises to continuously assess third-party risks, assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and determines probable financial impact if a third-party experiences a breach. See what hackers see NormShield uses the same open-source intelligence tools and techniques hackers use – data collectors, crawlers, honeypots, etc. – to continuously collect information from internet-wide scanner databases, reputation sites, cyber events, hacker shares, and known vulnerability databases. Continuously monitor your third-parties An enterprise Cyber Risk Management program needs to look at internal security, perimeter security, data security, but must cover an organization’s overall cyber ecosystem to include everyone that is either directly connected to the network or has access to valuable assets. 3D Vendor Risk @ Scale The NormShield platform gives a 3-dimensional risk picture of a vendor through NormShield Cyber Risk Ratings that include:

• Technical Report that assigns a letter-grade with underlying technical details,
• Financial Impact Report that uses using Open FAIRTM to determine probable financial impact if a third-party is breached
• Compliance Report that determines third-party compliance with industry standards, regulations and best practices

NormShield Cyber Risk Rating

Technial Report NormShield compiles called Open-Source Intelligence (OSINT) data into a simple, readable report with letter-grade scores that help identify and mitigate potential security risks. It identifies the risks, the risk score of the corresponding vulnerabilities / weaknesses, and attack patterns based on MITRE’s Cyber Threat Susceptibility Assessment Framework. The risk assessment is provided in 20 categories with more than 400 control items. Financial Impact Report Cyber security reporting has become a critical issue between the technical team and the board. Most of the security issues get “lost in translation” when reported to the upper-level. NormShield uses the Open FAIRTM model to calculate the probable financial impact (risk) in case of a data breach. Translating the ” security language” to “business language”, Financial Impact Report has been a game-changer in security-reporting. Compliance Report Organizations can assess their vendors’ compliance level to various regulations and best-practices built-into the NormShield platform. NormShield correlates the platform’s findings to industry open standards and best practices. The cross-correlation capability measures the compliance level of a target company for different regulations based on the input given from another standard, saving effort and time both on the vendor and company side.