In this article:
SecurityScorecard creates a Digital Footprint of all your organization's internet-facing assets as it collects and analyzes cybersecurity signals and calculates your scorecard rating. The footprint is highly accurate, but may have gaps or include assets that are not part of your organization. It also changes over time as your assets change.
Why validate your Digital Footprint?
By reviewing, validating, and maintaining your Digital Footprint, you can help your organization and business partners in several ways:
- A comprehensive, correct footprint means your Scorecard rating will more precisely reflect your security posture to organizations that work with yours.
- Maintaining your Digital Footprint is a foundational step toward improving your score. By assessing your inventory, you may find critical security issues that negatively impact your score.
- By qualifying how certain IPs or domains are associated with your organization, such as tenant networks or parked domains, you can reduce or erase the score impact of issues found on these assets.
- In the validation process, you may discover assets you were not aware of, or decommissioned assets that you no longer need.
- If you validate your footprint on a repeating basis, you can keep track of changes in your network that could introduce new security issues.
Validating your Digital Footprint involves four actions:
- Reviewing the footprint
- Claiming assets
- Managing assets or requesting their removal
- Adding missing assets
Understand what a Digital Footprint is
A key feature of your Scorecard, your Digital Footprint is a visualization of all the assets that SecurityScorecard attributes to your organization, organized by IP addresses, domains, and geographic distribution. It also includes useful information, such as the number of dynamic IP addresses at any given time.
Because SecurityScorecard scans the entire IPv4 internet on a frequent, repeating basis, it continuously compiles and updates this asset data to keep the security assessment current.
Understand how Digital Footprint elements are related
Understanding how domains, IPs, and issues are related is helpful toward managing your Digital Footprint efficiently. The relationship results from a set of interdependent operations:
- We scan the internet regularly, collecting information about all exposed IP addresses.
- Using trusted industry methods such as DNS lookups and TLS certificates, we attribute IPs to domains and domains to Scorecards.
- Using data collected by our scanners, web crawlers, honeypots, and other in-house tools, we flag issue findings on these assets.
Because of this interdependency, it is generally helpful to review and manage Digital Footprint data in a sequential way:
- For maximum efficiency, start with validating and categorizing domains because that action affects all subdomains and IPs associated with each domain.
- After validating which domains belong to your organization and Scorecard, address any IPs that you want to categorize for optimal scoring or that you want to refute as not belonging to your organization.
- Once you have high certainty that the assets in your Digital Footprint belong to you, start addressing issue findings on the IPs, since you know that they introduce risk to your organization.
Review your Digital Footprint
By using certain tools and best practices to review your Digital Footprint, you can find assets that you want to claim or manage. You can also spot gaps in the inventory that you can correct by adding assets.
Step 1: Start with a high-level view
Scan the Overview page to gain a broad view of your inventory, and spot areas that need closer attention or investigation:
- See the total number of IPs and domains in your footprint, including those you have yet to claim. Click a section of one of the vertical bars to view assets with that status. For example, you might want to view assets...
- that SecurityScorecard has attributed to your organization to determine whether to claim them
- that are under review after you requested their removal
-
that are dynamic, which are short-lived IPs provided by cloud services
Tip: Due to their ephemeral nature, dynamic assets are not worth claiming or removing, but they give an indication how parts of your Digital Footprint fluctuate.
-
See the geographic distribution of your assets for additional context about IP locations. Use the map, where you can click a country to view assets in that location...
... or the Location tab of the Discovery section, where you can click a location to view assets there. If the display area does not fit all the locations, use the scroll bar to view more.
-
Also in the Discovery section, review the detection methods and sources that SecurityScorecard uses to attribute assets to your organization. This is helpful for verifying attributions that you question.
SecurityScorecard uses the following attribution sources and detection methods:
Detection method | Sources |
DNS lookup for subdomains related to the examined domain and IP address, and the timestamp of the sighting |
DNS record (Referred to as A record in the Digital Footprint) |
Port Scan | SecurityScorecard's Cloud Scanner |
Published Data provided by an owner of an IP address range, such as a service provider |
Amazon Web Services CloudFlare Comcast Google Compute Engine Microsoft Azure |
SSL Certificate related to the examined domain and IP address, and the timestamp of the certificate sighting |
SecurityScorecard 's proprietary data engine, ThreatMarket, which collects threat data from multiple intelligence feeds across the internet |
User contributed | Data that SecurityScorecard gathers for manual attribution |
Security Scorecard Login |
Attribution from users logging into the SecurityScorecard platform, which helps attribute IPs of office locations. Note: This process excludes temporary and mobile addresses by only attributing IPs after several unique logins from the same IP over a period of time.
|
Third-party | Third-party feeds that correlate the examined IP address and domain |
WHOIS records related to the examined domain and IP address |
APNIC (Regional Internet Registry administering IP addresses for the Asia Pacific) ARIN (American Registry for Internet Numbers) IRINN (Islamic Republic of Iran News Network) KRNIC (Korea Network Information Center) LACNIC (Regional Internet registry for the Latin American and Caribbean regions) RADB (The Internet Routing Registry) RIPENCC (Réseaux IP Européens Network Coordination Centre, ) |
Step 2: Drill down from domains to IPs
Every IP in your Digital Footprint is part of a domain. Since domains often group IPs by business units or initiatives, the domain view in your digital footprint enables you to review IPs in logical subsets.
Prioritize or highlight certain domains
Click the Domains tab to view attributed domains. (You can also ingest attribution evidence via CSV export)
Note: A domain is a website's primary URL which has been registered with an entity that is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). Its component subdomains are not registered, but are instead "created" after the parent domain is registered. In one example: marketing.thisbusiness.com, marketing is a subdomain, while thisbusiness.com is the registered domain.
If you have a high number of domains, you can limit your view to prioritize certain domains or just break your review down into manageable stages:
- Sort domains
- Filter IPs
Sort domains by different column headings to prioritize your review in different ways, as in the following examples:
Sort by... |
to prioritize domains that... |
Domains (names) |
have particular significance, such as those with sensitive assets or those with assets that may be decommissioned or less important |
Status |
are attributed but not yet claimed (if you want to determine which to claim) |
IPs |
contain particularly important assets |
Issues |
have IPs with high numbers of issues, especially if the assets are sensitive |
Findings |
have IPs with high numbers of findings, especially if the assets are sensitive |
Impact |
have IPs with the greatest average impact on your security rating |
For a domain view that more precisely matches your needs, filter domains using the column headings as criteria. For example, only display domains with the .net extension that have been observed for longer than one year and have IPs with more than 30 issues collectively.
- Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. Filters are joined by the OR operator.
-
Select the ALL toggle produces only results that match the criteria of all of the filters. It is the more restrictive option, yielding more limited results. Filters are joined by the AND operator.
Prioritize or highlight certain IPs
With a tailored view of domains that are more important to you, start reviewing IPs to determine which to claim or request for removal, and whether there are gaps that require you to add IPs.
Click the IP Inventory tab to view attributed IPs.
You can limit your view to prioritize certain IPs or just break your review down into manageable stages:
- Sort IPs
- Filter IPs
Sort IPs by different column headings to prioritize your review in different ways, as in the following examples:
Sort by... |
to prioritize IPs that... |
IP address |
are particularly sensitive |
Issues |
have high numbers of issues, especially if the assets are sensitive |
Findings |
have high numbers of findings, especially if the assets are sensitive |
Impact |
have the greatest average impact on your security rating |
For an IP view that more precisely matches your needs, filter IPs using the column headings as criteria. For example, only display IPs with the .net extension and have IPs with more than 30 issues collectively.
- Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. Filters are joined by the OR operator.
-
Select the ALL toggle produces only results that match the criteria of all of the filters, so it is most restrictive and with more limited results. Filters are joined by the AND operator.
Tip: Although you cannot search or filter on Source or Detection, you can find IPs with those criteria by using the Discovery section of the Overview page.
View details about an IP
Click any listed IP to see more key information about it:
- Details about its SSL certificate
- Its associated domains
Any issue findings on that IP
Lorem ipsum
Claim assets
Note: Claiming an asset does not change your score, and it does not generate requests to our Support team.
Claiming an IP or domain simply means agreeing that it should be attributed to your organization. While not required, it is a recommended practice that enables you to isolate assets that you know belong to you, so that you can focus on keeping them secure.
This is especially helpful for multiple teams collaborating in a large organization. If you see that an asset has already been claimed, you do not have to verify whether it belongs to your organization.
You can claim assets two ways:
- Select them in the inventory tables and then claim them.
- Provide a list of assets to claim by uploading a .csv file or manually entering them.
How claiming works with IPs and domains
- You can only claim an IP or domain on your own scorecard.
- You cannot claim a subdomain, which inherits its status from the parent domain. By claiming the parent domain you also claim any subdomain.
- By claiming a domain, you do not claim the IPs in it. Claim IPs separately.
- Claims require no approval and take effect immediately.
Select assets to claim
- In the Domain Inventory or IP Inventory table, select assets that you want to claim.
-
Click Claim.|
-
In the dialog, review your action and click Claim.
The asset's displayed status immediately changes from Attributed to Claimed.
Provide a list of assets to claim
If you want to use your own internally managed inventory of domains or IP addresses to claim assets, you can do the following instead of selecting from the inventory tables:
- Upload a .csv file of those assets instead of reviewing the assets displayed in your footprint You can upload domain and IP .csv files separately.
- Manually enter IP addresses.
Identify your asset column by giving it the heading ip or domain. Otherwise, SecurityScorecard uses the value in the first column by default.
Note: If you upload an asset that is not currently in the Digital Footprint, it is not added as part of the Claim operation. Use the Add operation for assets that are not in the Digital Footprint yet.
- In the Domain Inventory or IP Inventory table, click Claim without selecting any assets.
-
In the Claim assets dialog, do one of the following:
- Click the button to upload a .csv from your hard drive
- Copy a comma-separated list of IPs or domains and paste it into the text box.
-
Click Claim.
Any Digital Footprint assets with an Attributed status change to Claimed if they are in the list that you provided.
Manage assets
To ensure that your assets and their issue findings have a fair and accurate score impact, help SecurityScorecard understand how they are connected to your organization, and tell us when you think they are not connected.
Qualifying how an asset is connected to you can improve your score. For example, if we know that a domain on your Digital Footprint is a parked domain, any issue finding for that domain does not impact your score.
Manage domains
Starting asset management with domains is a best practice. A given domain may have hundreds or thousands of associated IPs. By qualifying or refuting that single domain, you efficiently address all of its associated IPs.
Step 1: Select a domain and review how we attributed it to you
Tip: As a best practice, select one domain at a time. This is because each time you submit a qualification or a refute for a domain, our Support team tracks your request as a separate ticket.
- Select your Scorecard from the drop-down list.
- Click the Digital Footprint tab for the Scorecard.
- Click the Domains link for the Digital Footprint.
- Select the domain you want to qualify or refute, and then click Manage.
Note: If your selected domain includes subdomains, you will see a message indicating that subdomains are mapped to the registered parent domains. You cannot manage subdomains individually; you can only manage registered domains.
Step 2: Review our attribution evidence
Review the evidence we used for attributing the domain to your organization.
Step 3: Tell us how the domain belongs to you or if it does not
- Select a category that qualifies how the domain is connected to you, or select the option indicating that the domain does not belong to you.
Category | Explanation | Score impact |
Tenant domain | My organization does not host or manage this domain or subdomain. It belongs to a customer of ours and is hosted on their infrastructure. | All related issue findings for this subdomain do not impact the score. |
Parked domain | This domain resolves to a third-party parking service, such as GoDaddy. | All related issue findings in the Application Security factor for this domain do not impact the score. |
Other | This domain is connected to to my organization in a different way. | Score impact varies depending on how the domain is connected. |
Domain should not be linked to this Scorecard | I can demonstrate that this domain is not correctly attributed to my organization. | This domain, and all of issues found on it, are removed from your Scorecard. |
- After selecting the category, read the description and Scorecard impact of qualifying the asset this way. If the description does not apply, select a different category. Otherwise, click Continue.
- On the next page:
- Review all subdomains and IPs associated with your selected domain, so that you can confirm that your qualification or refute applies to all of these assets.
Note: If your qualification or refute does not apply, or if you are not certain, cancel the request and manage individual IPs for this domain.
- Provide a helpful explanation with more context about how this domain is connected to you, or why you think it is not connected.
Also upload any artifacts that will help illustrate your argument.
Then, click Continue.
- Review the summary of your qualification or refute and then click Submit.
Our Support team will review your submitted request. If we approve it, your Scorecard score updates within approximately 72 hours.
Manage IPs
As with domains, managing IPs involves helping SecurityScorecard understand how they are connected to your organization, and telling us when you think they are not connected.
We recommend managing one IP at a time to simplify working with Support tickets. And, for maximum efficiency, manage domains first.
Step 1: Select an IP or IP range and review how we attributed it to you
- Select your Scorecard from the drop-down list.
- Click the Digital Footprint tab for the Scorecard.
- Click the IPs link for the Digital Footprint.
- Select the IP you want to qualify or refute, and then click Manage.
Step 2: Review our attribution evidence
- To review the evidence we used for attributing the selected IP to your domain, click the IP or any associated IPs .
- Read through the attribution sources and methods to understand how we connected the IP to the domain. Then, click Manage.
- On the page that lists the selected and associated IPs, select the option to manage IPs. Then, click Continue with IP addresses.
Tip: If you have not yet managed domains in your Digital Footprint, select the Manage domains option to make the asset management process more efficient.
Step 3: Tell us how the domain belongs to you, or if it does not
- Select a category that qualifies how the IP is connected to your domain, or select the option indicating that the IP does not belong to you.
Category | Explanation | Score impact |
Guest network | This IP is a guest device on my wireless network. |
Findings on this IP for the following issue types do not impact the score:
|
Tenant IP | My organization does not host or manage this IP or CIDR range. It belongs to a customer of ours. | All related issue findings for this IP do not impact the score. |
Parked IP | This IP resolves to a third-party parking service, such as GoDaddy. | All related issue findings in the Application Security factor for this IP do not impact the score. |
Other | This IP is connected to to my domain in a different way. | Score impact varies depending on how the IP is connected. |
IP should not be linked to this Scorecard | I can demonstrate that this IP is not correctly attributed to my domain. | This IP, and all of issues found on it, are removed from your Scorecard. |
- After selecting the category, read the description and Scorecard impact of qualifying the asset this way. If the description does not apply, select a different category. Otherwise, click Continue.
- On the next page:
-
- Review the list of IPs associated with your selected IP for additional context.
- Provide a helpful explanation with more context about how this domain is connected to you, or why you think it is not connected.
Also upload any artifacts that will help illustrate your argument.
Then, click Continue.
- Review the summary of your qualification or refute and then click Submit.
Our Support team reviews your submitted request. If we approve it, your Scorecard score updates within approximately 72 hours.
Add assets
If you find gaps in your Digital Footprint during your review, you can add IPs or domains in one of two ways:
- Upload a .csv file of assets you want to add. You can upload domain and IP .csv files separately.
- Manually enter IP addresses of assets you want to add.
This ensures that you are tracking security issues for all important assets in your organization.
Identify your asset column by giving it the heading ip or domain. Otherwise, SecurityScorecard uses the value in the first column by default.
How adding assets works
- SecurityScorecard reviews your additions. Upon approval, we display them in your Digital Footprint.
- Assets that we approve for addition are marked as Claimed.
- You cannot add subdomains individually. We detect them when you add or claim their parent domains.
- Adding a domain causes its associated IPs to be added as well.
To add assets:
-
-
-
-
On the Overview page, click the button for adding assets.
or
On the IP Inventory or Domain Inventory page, click Add.
-
On the Overview page, click the button for adding assets.
- If you accessed the Add Assets page from the Overview page, select whether you are adding IPs or domains. Otherwise, go to the next step.
-
Do one of the following:
- Click the button to upload a .csv from your local drive.
- Copy a comma-separated list of IPs or domains and paste it into the text box.
-
Click Add and claim.
-
-
Approved additions appear in your Digital Footprint. The review process may take several days.
Attribution Log
Now you can get visibility into new assets which are arriving and existing assets which are departing along with the reason and timestamps
This helps in answering 'What changed in my digital footprint' and 'Why'.
Ingest Attribution Evidence via CSV Export
Now you can ingest attribution source and evidence for your domains and IPs via CSV export in your Digital Footprint
Two new columns are being added to existing CSV - Source and Evidence
This is currently available based on request as we want to avoid breaking existing CSV ingestion process for customers.
To request access, either reach out to your Customer Success Manager or fill this support form.
FAQ
What is a Digital Footprint?
Your Digital Footprint is a visualized database of all the assets that SecurityScorecard attributes to your company, organized by IP addresses, domains, and geographic distribution.
How are assets attributed to my Digital Footprint?
At a high level, SecurityScorecard builds a Digital Footprint database by:
- Observing multiple IP- and DNS-related data sources, such as WHOIS queries, reverse WHOIS queries, and SSL certificates
- Normalizing and correlating the data from these sources and mapping connections between related vendor digital assets
- Using advanced, patented machine-learning algorithms to ensure accuracy in Digital Footprint assignments
- Reviewing and manually correcting errors
What can I do about misattributions?
Since attribution is a primarily automated process, misattributions can happen due, for example, to miscalculations in the algorithm, the fluidity of dynamic or cloud-based assets, or other causes. Validating your Digital Footprint by reviewing, claiming, adding, managing and requesting removal of assets helps reduce misattributions for a more accurate inventory.
Does claiming assets affect my score?
Claiming assets does not impact your score in any way. It is a good practice for helping you prioritize your assets from a security perspective and keeping your Digital Footprint accurate.
Which assets affect my score?
Except for removed assets, all assets impact your score. This is why it is important to help keep your Digital Footprint up to date. By claiming assets that you know about on a regular basis, you can better identify opportunities for improving your score more effectively.
Get help
If you need help or have more questions, submit a Support request.