Acknowledge risks
Security ratings
Use our security ratings to get a data-driven, objective, and dynamic measurement of your organization’s security posture. Our security ratings are generated through the analysis of trusted commercial, open-source, and proprietary threat intelligence feeds and non-intrusive data collection methods.
Custom notifications
UpGuard comes with a host of default notifications, and allows you to create and manage custom notifications as well. These can be used for in-app and email alerts, or webhook triggers.
- Get notified when you organization score drops
- Get notified when a vendor's score drops below a threshold
- Custom notifications can also be used to trigger webhook integrations
- Customize notifications based on labels and vendor tiers
Your security rating
Instantly understand your organization’s overall security posture.
- Easy to understand for non-technical stakeholders and senior management
- Updated multiple times a day
- Based on the analysis of each of your underlying domains and their security ratings
Domain security ratings
Explore the security posture of individual domains and drill into issues.
- Based on the analysis of hundreds of individual risks across five risk categories
Continuous security monitoring
Get real-time information about misconfigurations, understand your risk profile, and get started in minutes, not weeks, with our fully integrated solution and API. Because we use externally verifiable information, you won’t have to lift a finger to get started.
Incidents & news feed
View all of the recent security incidents or just the ones related to you and your vendors, or even view news and incidents separately.
- Stay on top of important security trends and news related to your industry and your vendors
- See incidents based on severity for you organization and your vendors
- Easily search an organization, or an incident
- Filter the incidents by company, time, threat actor, threat actor location or the type of data exposed
Risk profile
Instantly understand your risk profile and drill down into individual risks shared across your infrastructure.
- Transparent security ratings
- Intelligent risk categories
- Updated daily
- Real-time risk insights
Domains & IPs
View the domains and IPs that belong to your organization and their corresponding cyber risks.
- See the security rating of each domain and associated risks
- Automatic domain discovery, no manual input needed
- Label domains based on owner, use, or any other category
Asset Portfolios
Organize your domains and IP addresses by different use-cases into separate lists. Once setup, you can control user access for each of the portfolios.
- Easily filter, view and report the performance of individual portfolios
- Maintain and report on separate asset portfolios for different departments or groups within your organization
- Manage permissions so that users only have access to the portfolios and assets they need
Attack surface reduction
Reduce your attack surface by discovering exploitable vulnerabilities and permutations of your domains that are at risk of typosquatting.
Vulnerabilities
Discover vulnerabilities that may be exploitable in the software that is running on your websites.
- Detect vulnerabilities related to server operating systems and vendor software including the MOVEit transfer appliance, and common Javascript libraries
- Indicates high value vulnerabilities that are listed on the CISA Known Exploited Vulnerabilities (KEV) catalog
- Each vulnerability has CVE ID information and a CVSS, a numerical score between 0 and 10 that reflects the severity
Typosquatting
Monitor and identify permutations of your domains that are at risk of typosquatting.
- Prevent bait and switching, domain parking, imitators, phishing, and other typosquatting-related risks
Data protection
Failure to detect exposed data can have serious consequences on your business, from enabling corporate espionage to customer identity theft. This data provides attackers with a huge advantage: enabling reconnaissance, providing a foothold in the network for further exploration, selling data to the highest bidder, or holding data at ransom.
Data leak detection
UpGuard's proprietary Data Leak Search Engine scans every corner of the Internet, and identifies data that presents a risk. It doesn't just monitor your Internet presence but also scans every website we can find, cloud storage buckets, source code repos like GitHub, the Dark Web, pastebin, exposed databases like Mongodb, and many other sources.
- Detect sensitive documents that aren’t meant for distribution
- Protect customer data and avoid reputation, business, and regulatory damage
- Find exposed employee credentials before attackers do
- Automatically classify identified leaks
- Identify API keys from hundreds of providers, database connection strings, SSL certificates, and more
- Monitor for data exposures that occur at third-party party vendors that reference your organization
Remediate risks
Data protection
Failure to detect exposed data can have serious consequences on your business, from enabling corporate espionage to customer identity theft. This data provides attackers with a huge advantage: enabling reconnaissance, providing a foothold in the network for further exploration, selling data to the highest bidder, or holding data at ransom.
Identity breaches
Discover credentials exposed in third-party data breaches on the open, deep, and dark web and notify affected employees before their accounts are compromised.
- Notify impacted employees from inside the platform
- Archive remediated breaches
- Automated severity assessment
- Know what data has been exposed
Workflows and waivers
Simplify and accelerate how you remediate issues, waive risks, and respond to security queries. Use our real-time data to get information about risks, rely on our workflows to track progress, and know exactly when issues are fixed.
Remediation workflows
Use inbuilt workflows to remediate risks identified by the UpGuard platform.
- Fix man-in-the-middle risks
- Find insecure SSL/TLS certificates
- Understand email security
- Enforce HSTS
- Close unnecessary open ports
- Fix vulnerable software
- Prevent HTTP accessibility
- Secure cookie configuration
Remediation planner
See the potential improvement in security ratings from remediating a risk or set of risks instead of knowing the impact after the fact.
- See how specific risks impact security ratings
- Prioritize risks to be mitigated based on the improvement in rating
- Securely create and share a remediation plan with your team or your vendors within UpGuard
- Collaborate with internal teams and third-party vendors within UpGuard
- Track the progress of each remediation request in a centralized location
Risk waivers
Accept specific risks that have been identified by the UpGuard platform.
- Stop risks from appearing in your risk profile and impacting the internally-reported score of your company
- Choose which risk waivers you want to share, along with justifications
Templates
Templates lets administrators set up templates for remediation requests, risk assessments, questionnaires, and identity breach notifications emails sent from the UpGuard platform.
- Save time and ensure consistency
- Uniformity across teams and processes
- Reduce mistakes and errors caused by copying and pasting text across documents
Security profile
Eliminate security questionnaires and stop answering the same questions over and over. Create an UpGuard security profile and share it before being asked.
Security profile
Save time by proactively and securely sharing your security information in one place. This includes your security rating, industry comparison, completed security questionnaires, and supporting documents. Save time and let companies assess you without email tennis and configure who has access in a few clicks.
- Avoid responding to the same security-related queries
- Embeddable on your website
- Streamlined workflows
- An access log of who has viewed your profile
- Control who can access your profile, including sending a request to you, and having to agree to an NDA, before access is granted
- Publicly available security and privacy pages
Manage risks
Reporting and insights
The Reports Library makes it easier and faster for you to access tailor made reports for different stakeholders, all in one centralized location. See all risks–across different domains, IPs, and categories–in the UpGuard platform or extract the data directly from the API.
Executive reporting
Use our prebuilt executive reporting suite to get insights right inside the platform. With structured access to your data, you can do things such as: see your current security rating and twelve-month history, compare your organization to your competition, and breakdown your security rating into various risk categories like website security and email security.
- Summarized Breachsight Executive Summary report provides snapshot of key infomation for executives and middle-management
- Prebuilt reportings for company security rating, competitor analysis, and risk category breakdown
- Filter executive summary based on labels
- Customizable report
- Export report to PDF
Custom report templates
Ensure consistency and standardization of your reports by creating and saving custom report templates.
- Add custom commentary and configure which elements to include in your report
- Save time and create templates that can be utilized by your team to run custom reports
Business operations
Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.
Roles and permissions
Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.
- Get fine-grained control on providing specific users access to specific products and features
- Create roles, and associate permissions with these
- Grant users access to a role
- A change in permission associated with a role applies to all users with that role
Account security
Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.
- SSO options like Microsoft Azure, Okta, and Ping Identity
- SAML integration
Collaboration notes
Attach notes for your teammates on remediation requests, risk waivers, and data leaks to give them context when they jump into the platform.
Subsidiaries
Allows complex organisations with multiple subsidiaries to be able to see their entire security posture in one place.
- Entire security posture in one place
- Drill into subsidiary's security performance
- Easily navigate between subsidiaries
- Whole-of-organisation view that lets you see how individual risks affect your entire portfolio
Audit log
Keep track of important events and who performed them inside the UpGuard platform.
- Searchable
- Real-time reporting and data
- Filter by user, event type, and time
- Streamline workflows
Scheduled reports
Use the reports feature to see the status of queued reports, and download, delete or archive completed reports.
- See all exported reports in one place
- Hit export and continue working while the report gets generated in the background
- Create and manage schedules for any recurring reports
Third-party integrations
Integrate and extend the UpGuard platform with other tools with our easy to use API that can save hours of human time.
Jira integration
Quickly and easily push events and notifications from UpGuard into any Jira project, giving you the flexibility to manage workflows to address security risks promptly
- Save time by quickly creating Jira issues, prioritizing, and assigning them to the relevant person
- Ensure people receive the correct information so they can promptly investigate and remediate security risks
- Easily maintain your workflow and present only the information you want to the relevant people in your team
Slack integration
Connect UpGuard to your Slack workspace to get the notifications you need directly into a Slack channel of your choice, giving you the flexibility to display the information you need to act promptly.
- Easily integrate your Slack workplace to receive notifications from UpGuard
- Setup triggers for notifications, decide what Slack channel to send them to, and customize your messages.
- Get instantly notified on Slack, and remediate security faster
Zapier integration
Using Zapier, an automation platform that connects to thousands of apps, you can now connect UpGuard to any other app that Zapier supports.
- Automate regularly used workflows without coding
- Connect UpGuard to thousands of apps on the Zapier platform like JIRA, Trello, Google Sheets, ServiceNow and many more
- Get instant notifications on Slack, Microsoft Teams and other collaboration apps and remediate security faster
UpGuard API
Access information about your UpGuard account programmatically.
UpGuard BreachSight Datasheet
UpGuard BreachSight monitors your attack surface, prevents data breaches, discovers leaked credentials, and protects customer data.
- Key features and benefits of UpGuard BreachSight
- More info on UpGuard BreachSight and UpGuard