In this article:
What is IP attribution (Digital Footprint) in SecurityScorecard?
At a high level, IP attribution is a SecurityScorecard automated process that:
-
Continuously queries publicly-available addressing (e.g., Domain Name System or DNS) information for hundreds of thousands of internet-based systems, computers, services, and applications.
-
Inventories (i.e., attributes) public IP addresses, and DNS registrations for all observed digital assets
-
Builds and maintains a digital footprint database that associates a business entity with all related digital assets for the corresponding entity
A vendor’s digital footprint provides the primary index for all downstream analyses within the SecurityScorecard solution. To view a vendor’s digital footprint select the “Digital Footprint” tab within the Vendor’s factor level scorecard as shown below:
When selected, a digital footprint inventory will display all IP addresses and associated DNS names for each asset mapped for the vendor.
Why is a company’s digital footprint important?
A company’s digital footprint is important because it provides the foundation for mapping observed SecurityScorecard issues (including one or more findings as it relates to a specific security issue found on the company’s digital assets) to a specific business or company. Using a company’s digital footprint as the basis, SecurityScorecard automates connecting all observed security issues for a company’s digital assets recorded using their digital footprint. In turn, SecurityScorecard logically connects security issues across a company’s digital footprint for all subsequent SecurityScorecard analyses.
It is important that a company’s mapped digital footprint is accurate. By reviewing the digital footprint, companies are able to get a more contextualized view of their cybersecurity posture and can confirm the IP assets which should be attributed to them. Users that believe a mapping in a company’s digital footprint includes incorrect IP addresses or IP addresses which may be owned by customers or other entities can request corrections through a workflow integrated into the platform which is discussed in a subsequent section of this knowledge base article.
How does SecurityScorecard determine IP attribution for a company’s digital footprint?
SecurityScorecard utilizes a patented IP attribution algorithm to build the SecurityScorecard digital footprint mappings. At a high-level, the SecurityScorecard builds its digital footprint database by:
-
Observing multiple IP and DNS related data sources (e.g., whois, reverse whois, SSL certificates, and other sources)
-
Normalization and correlation of the data from these sources, and mapping of connections between related vendor digital assets
-
Advanced patented machine learning algorithms to ensure accuracy in digital footprint assignments
-
Manual oversight for correcting erroneous digital footprints
How do I validate my company’s digital footprint?
The SecurityScorecard interface provides a user-driven workflow where users can submit requested adjustments to a company’s current digital footprint. There are two types of IP attribution correction requests that a user can submit from the SecurityScorecard dashboard:
Adding a digital asset that is not currently listed in a company’s digital footprint:
Users can request adding one or more digital assets for the specific digital footprint. To make this request, a user can select the “+ ADD ASSET” button from within the Digital Footprint user interface:
After selecting this option, the user must enter the IP address for the new asset:
Removing a misattributed digital asset that is currently listed in a company’s digital footprint:
Users can request that one or more digital assets are removed for a specific digital footprint. To make this request, a user can select the “Remove” link for a specific asset from within the Digital Footprint -> IP Inventory user interface:
After selecting this option, the user must confirm to remove the digital asset:
Once an asset is approved for removal, you will receive a notification from our support team confirming this action. Any finding associated with that asset to be removed will automatically drop from the scorecard after a period of 2-5 days.