What is IP attribution (Digital Footprint) in SecurityScorecard?
At a high level, IP attribution is a SecurityScorecard automated process that:
Continuously queries publicly-available addressing (e.g., Domain Name System or DNS) information for hundreds of thousands of internet-based systems, computers, services, and applications.
Inventories (i.e., attributes) public IP addresses, and DNS registrations for all observed digital assets
Builds and maintains a digital footprint database that associates a business entity with all related digital assets for the corresponding entity
A vendor’s digital footprint provides the primary index for all downstream analyses within the SecurityScorecard solution. To view a vendor’s digital footprint select the “Digital Footprint” tab within the Vendor’s factor level scorecard as shown below:
When selected, a digital footprint inventory will display all IP addresses and associated DNS names for each asset mapped for the vendor.
Why is a company’s digital footprint important?
A company’s digital footprint is important because it provides the foundation for mapping observed SecurityScorecard issues (including one or more findings as it relates to a specific security issue found on the company’s digital assets) to a specific business or company. Using a company’s digital footprint as the basis, SecurityScorecard automates connecting all observed security issues for a company’s digital assets recorded using their digital footprint. In turn, SecurityScorecard logically connects security issues across a company’s digital footprint for all subsequent SecurityScorecard analyses.
It is important that a company’s mapped digital footprint is accurate. By reviewing the digital footprint, companies are able to get a more contextualized view of their cybersecurity posture and can confirm the IP assets which should be attributed to them. Users that believe a mapping in a company’s digital footprint includes incorrect IP addresses or IP addresses which may be owned by customers or other entities can request corrections through a workflow integrated into the platform which is discussed in a subsequent section of this knowledge base article.
How does SecurityScorecard determine IP attribution for a company’s digital footprint?
SecurityScorecard utilizes a patented IP attribution algorithm to build the SecurityScorecard digital footprint mappings. At a high-level, the SecurityScorecard builds its digital footprint database by:
Observing multiple IP and DNS related data sources (e.g., whois, reverse whois, SSL certificates, and other sources)
Normalization and correlation of the data from these sources, and mapping of connections between related vendor digital assets
Advanced patented machine learning algorithms to ensure accuracy in digital footprint assignments
Manual oversight for correcting erroneous digital footprints
How do I validate my company’s digital footprint?
The SecurityScorecard interface provides a user-driven workflow where users can submit requested adjustments to a company’s current digital footprint. There are two types of IP attribution correction requests that a user can submit from the SecurityScorecard dashboard:
Adding a digital asset that is not currently listed in a company’s digital footprint:
Users can request adding one or more digital assets for the specific digital footprint. To make this request, a user can select the “+ ADD ASSET” button from within the Digital Footprint user interface:
After selecting this option, the user must enter the IP address for the new asset:
Removing a misattributed digital asset that is currently listed in a company’s digital footprint:
Users can request that one or more digital assets are removed for a specific digital footprint. To make this request, a user can select the “Remove” link for a specific asset from within the Digital Footprint -> IP Inventory user interface:
After selecting this option, the user must confirm to remove the digital asset:
Once an asset is approved for removal, you will receive a notification from our support team confirming this action. Any finding associated with that asset to be removed will automatically drop from the scorecard after a period of 2-5 days.