In this article:

What is IP attribution (Digital Footprint) in SecurityScorecard?

At a high level, IP attribution is a SecurityScorecard automated process that:

• Continuously queries publicly-available addressing (e.g., Domain Name System or DNS) information for hundreds of thousands of internet-based systems, computers, services, and applications.

• Inventories (i.e., attributes) public IP addresses, and DNS registrations for all observed digital assets

• Builds and maintains a digital footprint database that associates a business entity with all related digital assets for the corresponding entity

A vendor’s digital footprint provides the primary index for all downstream analyses within the SecurityScorecard solution. To view a vendor’s digital footprint select the “Digital Footprint” tab within the Vendor’s factor level scorecard as shown below:

When selected, a digital footprint inventory will display all IP addresses and associated DNS names for each asset mapped for the vendor.

Why is a company’s digital footprint important?

A company’s digital footprint is important because it provides the foundation for mapping observed SecurityScorecard issues (including one or more findings as it relates to a specific security issue found on the company’s digital assets) to a specific business or company. Using a company’s digital footprint as the basis, SecurityScorecard automates connecting all observed security issues for a company’s digital assets recorded using their digital footprint. In turn, SecurityScorecard logically connects security issues across a company’s digital footprint for all subsequent SecurityScorecard analyses.

It is important that a company’s mapped digital footprint is accurate. By reviewing the digital footprint, companies are able to get a more contextualized view of their cybersecurity posture and can confirm the IP assets which should be attributed to them. Users that believe a mapping in a company’s digital footprint includes incorrect IP addresses or IP addresses which may be owned by customers or other entities can request corrections through a workflow integrated into the platform which is discussed in a subsequent section of this knowledge base article.

How does SecurityScorecard determine IP attribution for a company’s digital footprint?

SecurityScorecard utilizes a patented IP attribution algorithm to build the SecurityScorecard digital footprint mappings. At a high-level, the SecurityScorecard builds its digital footprint database by:

• Observing multiple IP and DNS related data sources (e.g., whois, reverse whois, SSL certificates, and other sources)

• Normalization and correlation of the data from these sources, and mapping of connections between related vendor digital assets

• Advanced patented machine learning algorithms to ensure accuracy in digital footprint assignments

• Manual oversight for correcting erroneous digital footprints

How do I validate my company’s digital footprint?

The SecurityScorecard interface provides a user-driven workflow where users can submit requested adjustments to a company’s current digital footprint. There are two types of IP attribution correction requests that a user can submit from the SecurityScorecard dashboard:

Adding a digital asset that is not currently listed in a company’s digital footprint:

Users can request adding one or more digital assets for the specific digital footprint. To make this request, a user can select the “+ ADD ASSET” button from within the Digital Footprint user interface:

After selecting this option, the user must enter the IP address for the new asset:

Removing a misattributed digital asset that is currently listed in a company’s digital footprint:

Users can request that one or more digital assets are removed for a specific digital footprint. To make this request, a user can select the “Remove” link for a specific asset from within the Digital Footprint -> IP Inventory user interface:

After selecting this option, the user must confirm to remove the digital asset:

Once an asset is approved for removal, you will receive a notification from our support team confirming this action. Any finding associated with that asset to be removed will automatically drop from the scorecard after a period of 2-5 days.