Vendor Summary, Enhanced Risk Profile and Enhanced Port Scanning
  • New Vendor Summary: When you look up a vendor, the first page you see is now a new Vendor Summary. This provides a management-level view of the vendor, and can also be exported as a pdf.
  • Enhanced Risk Profile: We’ve made a number of improvements to the Risk Profile page, including the ability to filter by risk category (e.g. website risks, email risks, etc.)
  • Websites & APIs is now called Domains and IPs
  • Greatly enhanced port scanning: We now explicitly check for nearly 200 services running across thousands of ports. We also report any services that we can’t identify, and any open ports where no services are detected.
  • We’ve made some changes to our scoring algorithm:
    • Updated email security checks: this includes a new check for the DMARC policy (which fails if p=none). For information on email security, see https://www.upguard.com/blog/email-security
    • Improved checking for open ports/services: As part of enhancing our port scanning capability, we have reviewed and updated the severity of risks associated with open ports / services.
    • The HSTS checks now include a check against the Chromium preload list. If a domain is on the preload list, all HSTS checks pass for that domain and all its subdomains
    • Updated domain status checks for .au domains: We no longer check for clientTransferProhibited or serverRenewProhibited on .au domains, as they are not applicable
  • Changes to open ports can now be reflected in CyberRisk sooner, by pressing the “RESCAN” button. When a port is closed, manually requesting a rescan of the website will now detect the change to the port sooner (usually within a day).
  • WHOIS lookup within Typosquatting: When you view a registered permutation of a domain you are monitoring for typosquatting, you can now see that permutation’s WHOIS information
  • New Questionnaires: We have added questionnaires for PCI DSS, CPPA, and Modern Slavery.