The Seven-Dimension Risk Score, Explained

Updated April 2026 · 6 min read

Every domain you monitor in GuardHound carries a single 0-100 number that summarises how exposed it is to security and availability risk. This guide explains exactly what feeds into that number, how each dimension is weighted, and how to use the daily snapshots to track real improvement over time.

The Seven Dimensions

Instead of giving you a long list of pass/fail checks, GuardHound rolls everything into seven weighted dimensions. Each one starts at full marks and loses points based on the severity of what we observe.

• Uptime. Service-monitor results across HTTP, keyword, ping, port, DNS, and SSL-handshake checks. Outages and slow responses chip away at the score.
• Certificates. SSL/TLS expiry, weak protocol versions, untrusted chains — plus full Certificate Transparency log monitoring on Pro and above.
• DNS. Resolver health, DNSSEC status, registrar/nameserver change baselines, and SOA serial drift.
• Email Authentication. SPF, DKIM, and DMARC posture — missing or weak policies (e.g. p=none) are penalised.
• Breach Exposure. Whether your domain or its addresses appear in known breach corpora.
• Vulnerabilities. CVE fingerprinting against your HTTP response headers, cross-referenced with NVD and CISA KEV.
• Brand & Digital Risk. Active lookalike domains, suspicious certificate issuance for your brand, and abuse signals.

How the Score Is Calculated

Each finding maps to one of three severities — info, warning, and critical — with a weighted penalty per severity per dimension. Critical findings dominate; info-level findings barely move the needle. The dimension scores are then combined into the headline 0-100 number using fixed weights so trend lines stay comparable from day to day.

Your final number maps to one of three labels:

• ALL CLEAR (80-100) — nothing material to act on right now.
• HEADS UP (50-79) — one or more warnings worth addressing this week.
• UNDER THREAT (0-49) — at least one critical finding; act today.

Daily Snapshots and Top Contributors

Every domain gets a daily score snapshot. We store the headline number, the per-dimension breakdown, and the top contributing findings — the specific issues that pulled the score down most. That means you do not just see "your score dropped 12 points yesterday"; you see why.

Snapshots power the trend chart on each domain page and feed the score-drop email alert. If a deploy quietly breaks DMARC alignment or your CDN drops a cipher suite, you find out the next morning instead of weeks later.

Plan Differences

The risk-score model is the same on every plan, but the data feeding it differs:

• Free: manual scan, snapshot DNS / WHOIS, no continuous data.
• Starter ($9/mo): daily + hourly scans, expiry-only certificate transparency, lookalike read-only.
• Pro ($49/mo): service monitors at 5-minute intervals, full CT-log monitoring, full digital risk, full intel history, exports + API. Team ($79/mo) adds 60-second checks, 30 domains, and 75 service monitors.
• Unlimited ($99/mo): 30-second monitors, takedown workflow, portfolio mode for unlimited domains.

Acting on the Score

The fastest way to improve your score is to look at the top contributors and work top-down. Most domains can pick up 10-20 points in a single afternoon by fixing email authentication and SSL configuration alone. The more interesting question is what happens after the easy wins: that is where continuous monitoring earns its keep, because the score only stays high if no-one quietly regresses.