Security Ratings Are a Dangerous Fantasy

Inaccurate Results, Lousy Data, No Predictive Power, False Confidence, False Security. How Did We Get Here, and How Can We Do Better?

In this white paper, we explore why security ratings do not predict breaches, do not help people make valuable business decisions, and do not make anyone safer. This piece explores the limitations of risk scores, including:

- High rate of false positives/misattribution: Such as when an IP range or domain name is assigned to an entity but has not been used by them in years.

- Incomplete data: Poor visibility into cloud environments, where dynamic hosting makes assets difficult to find, and multi-tenancy makes assets hard to attribute.

- Low data refresh rates: By the time you read them, security ratings are already out of date.

And looks at potential paths forward other than risk scores to help organizations improve their cybersecurity posture and drive meaningful operational outcomes.

Expanse Event Speaker

About the Speaker

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

White Paper

Protecting the World's Most Important Organizations

Department of Defense Logo cvs allergan paypal orrick Department of Energy Logo