Vendor Header
At the top of the page, you'll see the Vendor Name and their primary domain.
An overall Security Score is displayed, along with its trend over the last 30 days. This gives you a quick snapshot of the vendor's security posture.
The vendor's Portfolio and Tier are also visible for quick reference.
Company Profile:
This section provides key details about the vendor.
Name: The full name of the company.
Primary Domain: The main domain of the vendor (e.g., dsalta.com).
Primary Contact: The main point of contact for this vendor within your organization.
Portfolio, Tier, Labels: These are the classifications you've assigned to the vendor to help with organization and risk management.
Notes: A space to add any relevant notes about the vendor.
Overall Risk Rating:
The large chart shows the vendor's security score trend over time. This helps you visualize whether the vendor's security posture is improving, declining, or remaining stable.
The Risk Rating (e.g., A, B, C) and a numerical score are clearly displayed, providing a quantitative measure of their risk level.
Risk Management Section:
This section offers quick links to key risk management activities for the vendor.
Compliance Controls: See how many compliance controls have been completed and which ones need attention.
Documents: Check on the status of shared documents—how many are uploaded, shared, or requested.
Security and Privacy Pages: Access the vendor's Trust Page or other security-related resources they have made available.
Domains and IPs: See a summary of the domains and IP addresses associated with the vendor.
Security Score Breakdown
This section provides a granular view of a vendor's security score by breaking it down into key risk categories.
Each category has its own letter grade, numerical score (out of 1000), and a trend indicator (e.g., +120) for the last 30 days.
Key Categories Explained:
Website Security: Evaluates the security of the vendor's website (e.g., HTTPS, HSTS, CSP headers).
Encryption: Assesses the strength of their SSL/TLS certificates and cipher strength.
IP/Domain Reputation: Monitors for malware detections, blacklists, and overall reputation.
Vulnerability Management: Looks for known vulnerabilities (CVE Checks), patch management, and updates.
Attack Surface: Analyzes exposed services, cloud storage, and potential for takeovers.
Network Security: Checks for open ports, service detection, and firewall configurations.
Email Security: Reviews SPF, DMARC, and MX records to prevent phishing and spoofing.
Data Leakage: Scans for data exposures, leaks, or breaches.
DNS Security: Evaluates DNSSEC, CAA records, and overall DNS configuration.
Brand & Reputation: Monitors for domain expiration and registrar protection issues.
How to Use This Information:
This breakdown helps you pinpoint specific areas of a vendor's security posture that may be weak or need improvement.
The trend indicators allow you to monitor progress over time and prioritize discussions with vendors to address high-risk areas.
Locating IP Addresses & Domains
This section is typically found within the Overview or a dedicated tab within a vendor's profile.
It provides two lists: one for IP Addresses and one for Domains.
The number in parentheses next to the title indicates the total count of analyzed IPs or domains.
IP Addresses:
The IP Addresses list shows all the IP addresses associated with the vendor's digital infrastructure.
This information is valuable for understanding the vendor's network footprint and for your own security monitoring.
Domains:
The Domains list shows the vendor's primary domain and any subdomains that have been identified and analyzed by DSALTA.
The "Primary" label helps you quickly identify the main domain.
This list gives you insight into the vendor's full web presence, which is an important part of assessing their attack surface.
Using This Data:
Use this information to ensure that all of the vendor's digital assets are being properly monitored.
This data can also be used for your own internal security checks and firewall configurations.
