About Normshield

NormShield, Inc. is the leading provider of cyber risk quantification software and has substantial experience working with large corporations to help establish and optimize quantitative risk management programs. NormShield enables enterprises to monitor their external cyber risk posture, and perform non-intrusive cyber risk assessments of their suppliers, subsidiaries, and target acquisitions. Easy to understand scorecards provide letter-grades by risk category with rich underlying data on exactly how to mitigate each risk in priority order. NormShield enables enterprises to assess and monitor their own and their supply chain’s external cyber risk posture by performing non-intrusive cyber risk assessments and converting the data into the form of a scorecard.

For more information, visit

NormShield Scanning and Data Collection Policy

One way NormShield can find devices that can be accessed by anyone is to use non-intrusive internet-wide scanning. Every day, we attempt a small number of harmless connections to every IPv4 address in the allowed IPv4 space. When we discover that a computer or device is configured to accept connections, we complete protocol handshakes to learn more about running services.

We never try to circumvent any technical hurdles, exploit security issues or otherwise access non-public services, and we follow community best practices to reduce any load on remote networks. The only data we receive is information that can be seen by anyone who connects to a specific address and port.

NormShield scans the internet from subnet, where you can allow the list or block list if you wish.

Sometimes we make follow connections from other machines on dynamic IP addresses, but blocking the addresses above is sufficient to prevent your device from appearing in our cyber risk monitoring platform. NormShield data is used by vendor risk analysts and network administrators to detect security problems and alert operators of vulnerable systems. If you block our scans, you may not receive these important security notifications.