SecurityScorecard creates a Digital Footprint of your organization's internet-facing assets by collecting cybersecurity signals to calculate your scorecard rating. While highly accurate, footprints change over time as your network evolves. Regular validation ensures your score reflects your true security posture.
What is a Digital Footprint?
Your Digital Footprint is a real-time visualization of all IP addresses and domains attributed to your organization. Because SecurityScorecard scans the entire IPv4 internet on a frequent basis, this inventory is continuously updated to keep your security assessment current.
Why validate your Digital Footprint?
Regularly reviewing, validating, and maintaining your Digital Footprint helps ensure your Scorecard accurately represents your organization’s true security posture and gives you better control over your score.
Validating your footprint provides several key benefits:
-
More accurate scoring
A comprehensive and correct footprint ensures your Scorecard rating reflects only the assets that truly belong to your organization, giving partners and customers a more accurate view of your security posture.
-
Stronger foundation for score improvement
Maintaining your Digital Footprint is a critical first step toward improving your score. Reviewing your asset inventory can uncover security issues that may be negatively impacting your rating.
-
Reduced or eliminated score impact
By qualifying how specific IPs or domains relate to your organization, such as tenant networks or parked domains, you can reduce or remove the impact of issues associated with those assets.
-
Improved asset visibility
The validation process may reveal unknown assets or highly decommissioned assets that no longer need to be monitored.
-
Ongoing risk awareness
Validating your digital footprint on a recurring basis helps you track network changes over time and identify new assets or configurations that could introduce security risks.
Validating your Digital Footprint involves four key actions:
- Reviewing the footprint
- Claiming assets
- Managing assets or requesting their removal
- Adding missing assets
Understand how Digital Footprint elements are related
Understanding how domains, IPs, and issues relate to one another helps you manage your Digital Footprint more efficiently and make changes that have the greatest impact.
These relationships are established through a series of dependent processes:
- We continuously scan the internet to identify exposed IP addresses.
- Using trusted industry methods, such as DNS lookups and TLS certificates, we associate IP addresses with domains, and domains with Scorecards.
- Using data collected by our scanners, web crawlers, honeypots, and other in-house tools, we identify issues in these assets.
Because each step builds on the previous one, changes made at higher levels (such as domains) affect everything connected to them.
Manage your Digital Footprint in the right order
To work efficiently and avoid unnecessary rework, manage your Digital Footprint in the following sequence:
-
Validate and categorize domains first.
Domains are the highest-level assets. Validating them determines which subdomains and IPs are included in your Scorecard.
-
Review and categorize IP addresses.
After confirming which domains belong to your organization, review associated IPs to optimize scoring or refute assets that do not belong to you.
-
Address issue findings last.
Once you are confident that the assets in your Digital Footprint belong to your organization, focus on resolving issue findings, knowing they represent real risk.
FAQ
Q. How are assets attributed to my Digital Footprint?
At a high level, SecurityScorecard builds a Digital Footprint database by:
- Observing multiple IP- and DNS-related data sources, such as WHOIS queries, reverse WHOIS queries, and SSL certificates
- Normalizing and correlating the data from these sources and mapping connections between related vendor digital assets
- Using advanced, patented machine-learning algorithms to ensure accuracy in Digital Footprint assignments
- Reviewing and manually correcting errors
Q. What can I do about misattributions?
Since attribution is primarily automated, misattributions can occur due to algorithmic miscalculations, the fluidity of dynamic or cloud-based assets, or other factors. Validating your Digital Footprint by reviewing, claiming, adding, managing, and requesting the removal of assets helps reduce misattributions and improve inventory accuracy.
Q. Does claiming assets affect my score?
Claiming assets does not impact your score in any way. It is a good practice to help you prioritize your assets from a security perspective and keep your Digital Footprint accurate.
Q. Which assets affect my score?
Except for removed assets, all assets impact your score. This is why it is important to help keep your Digital Footprint up to date. By claiming assets that you know about on a regular basis, you can better identify opportunities for improving your score more effectively.