Skip to main content

Validate your Digital Footprint

Mark Glinski
  • Updated

 

This article is about the 2.0 version of Digital Footprint, which is in Early Access release for a limited group of SecurityScorecard customers. If you would like access to this version of the feature, contact your Customer Success Manager.

 

SecurityScorecard creates a Digital Footprint of all your company’s internet-facing assets as it collects and analyzes cybersecurity signals and calculates your scorecard rating. The footprint is highly accurate, but may have gaps or include assets that are not part of your company. It also changes over time as your assets change. 

Watch a video about Digital Footprint

Watch a video to learn what you can do with Digital Footprint.

Why validate your Digital Footprint?

By reviewing, validating, and maintaining your Digital Footprint, you can benefit your company and business partners in several ways:

  • A comprehensive, correct footprint means your scorecard rating will more precisely reflect your security posture to companies that work with yours.
  • Maintaining your Digital Footprint is a foundational step toward improving your score. By assessing your inventory, you may find critical security issues that negatively impact your score.
  • In the validation process, you may discover assets you were not aware of, or decommissioned assets that you no longer need.
  • If you validate your footprint on a repeating basis, you can keep track of changes in your network that could introduce new security issues.

Validating your Digital Footprint involves four actions:

Understand what a Digital Footprint is

A key feature of your scorecard, your Digital Footprint is a visualization of all the assets that SecurityScorecard attributes to your company, organized by IP addresses, IP ranges, domains, and geographic distribution. It also includes useful information, such as the number of dynamic IP addresses at any given time.

Because SecurityScorecard scans the entire IPv4 internet every 3 days, it continuously compiles and updates this asset data to keep the security assessment current.

Review your Digital Footprint

By using certain tools and best practices to review your Digital Footprint, you can find assets that you want to claim or ask SecurityScorecard to remove. You can also spot gaps in the inventory that you can correct by adding assets.

Use Digital Footprint tools and best practices to expedite your review.

Step 1: Start with a high-level view

Scan the Overview page to gain a broad view of your inventory, and spot areas that need closer attention or investigation:

  • See the total number of IPs and domains in your footprint, including those you have yet to claim. Click a section of one of the vertical bars to view assets with that status. For example, you might want to view assets...
    • that SecurityScorecard has attributed to your organization to determine whether to claim them
    • that are under review after you requested their removal
    • that are dynamic, which are short-lived IPs provided by cloud services
      Tip: Due to their ephemeral nature, dynamic assets are not worth claiming or removing, but they give an indication how parts of your Digital Footprint fluctuates.


      df-ovu-ips-domains-claimed-attributed.png
  • See the geographic distribution of your assets, for additional context about IP locations. Use the map, where you can click a country to view assets in that location...

    df-ovu-map.png

    ... or the Location tab of the Discovery section, where you can click a location to view assets there. If the display area does not fit all the locations, use the scroll bar to view more.

    df-ovu-discovery-location.png
  • Also in the Discovery section, review the detection methods and sources that SecurityScorecard uses to attribute assets to your organization. This is helpful for verifying attributions that you question.
    • Click any detection method or source to view assets that were attributed with it.
    • If the display area does not fit every item, use the scroll bar.

      df-ovu-discovery.png

SecurityScorecard uses the following attribution sources and detection methods:

Detection method Sources
DNS lookup
for subdomains related to the examined domain and IP address, and the timestamp of the sighting		 DNS record
(Referred to as A record in the Digital Footprint)
Port Scan SecurityScorecard's Cloud Scanner
Published Data
provided by an owner of an IP address range, such as a service provider

Amazon Web Services

CloudFlare

Comcast

Google Compute Engine

Microsoft Azure
SSL Certificate 
related to the examined domain and IP address, and the timestamp of the certificate sighting		 SecurityScorecard 's proprietary data engine, ThreatMarket, which collects threat data from multiple intelligence feeds across the internet 
Research Data that SecurityScorecard gathers for manual attribution
Security Scorecard Login

Attribution from users logging into the SecurityScorecard platform, which helps attribute IPs of office locations.

Note: This process excludes temporary and mobile addresses by only attributing IPs after several unique logins from the same IP over a period of time.

 
Third-party Third-party feeds that correlate the examined IP address and domain
WHOIS
records related to the examined domain and IP address

APNIC (Regional Internet Registry administering IP addresses for the Asia Pacific)

ARIN (American Registry for Internet Numbers)

IRINN (Islamic Republic of Iran News Network)

KRNIC (Korea Network Information Center)

LACNIC (Regional Internet registry for the Latin American and Caribbean regions)

RADB (The Internet Routing Registry)

RIPE NCC (Réseaux IP Européens Network Coordination Centre, )

TWNIC (Taiwan Network Information Center)

 

Step 2: Drill down from domains to IPs

Every IP in your digital footprint is part of a domain. Since domains typically group IPs by business units or initiatives, the domain view in your digital footprint enables you to review IPs in logical subsets.

Prioritize or highlight certain domains

Click the Domains Inventory tab to view attributed domains.

df-domains-table.png

If you have a high number of domains, you can limit your view to prioritize certain domains or just break your review down into manageable stages:

  • Sort domains
  • Filter IPs

Sort domains by different column headings to prioritize your review in different ways, as in the following examples:

Sort by...

to prioritize domains that...

Domains

(names)

have particular significance, such as those with sensitive assets or those with assets that may be decommissioned or less important

Status

are attributed but not yet claimed (if you want to determine which to claim)

IPs

contain particularly important assets or

contain questionable IP ranges

Issues

have IPs with high numbers of issues, especially if the assets are sensitive

Findings

have IPs with high numbers of findings, especially if the assets are sensitive

Impact

have IPs with the greatest average impact on your security rating

 

For a domain view that more precisely matches your needs, filter domains using the column headings as criteria. For example, only display domains with the .net extension that have been observed for longer than one year and have IPs with more than 30 issues collectively.

  • Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. Filters are joined by the OR operator. 
  • Select the ALL toggle produces only results that match the criteria of all of the filters. It is the more restrictive option, yielding more limited results. Filters are joined by the AND operator.

    df-domain-filter.png

Prioritize or highlight certain IPs

With a tailored view of domains that are more important to you, start reviewing IPs to determine which to claim or request for removal, and whether there are gaps that require you to add IPs.

Click the IP Inventory  tab to view attributed IPs.

df-ip-table.png

You can limit your view to prioritize certain IPs or just break your review down into manageable stages:

  • Sort IPs
  • Filter IPs

Sort IPs by different column headings to prioritize your review in different ways, as in the following examples:

Sort by...

to prioritize IPs that...

IP address

are particularly sensitive

Issues

have high numbers of issues, especially if the assets are sensitive

Findings

have high numbers of findings, especially if the assets are sensitive

Impact

have the greatest average impact on your security rating

For an IP view that more precisely matches your needs, filter IPs using the column headings as criteria. For example, only display IPs with the .net extension and have IPs with more than 30 issues collectively.

  • Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. Filters are joined by the OR operator. 
  • Select the ALL toggle produces only results that match the criteria of all of the filters, so it is most restrictive and with more limited results. Filters are joined by the AND operator.

    df-ip-filter.png
Tip: Although you cannot search or filter on Source or Detection, you can find IPs with those criteria by using the Discovery section of the Overview page.

Claim assets 

Note: Claiming an asset does not change your score, and it does not generate requests to our Support team.

Claiming an IP or domain simply means agreeing that it should be attributed to your organization. While not required, it is a recommended practice that enables you to isolate assets that you know belong to you, so that you can focus on keeping them secure.

This is especially helpful for multiple teams collaborating in a large organization. If you see that an asset has already been claimed, you do not have to verify whether it belongs to your organization.

You can claim assets two ways:

How claiming works with IPs and domains

  • You can only claim an IP or domain on your own scorecard.
  • You cannot claim a subdomain, which inherits its status from the parent domain. By claiming the parent domain you also claim any subdomain.
  • By claiming a domain, you do not claim the IPs in it. Claim IPs separately.
  • Claims require no approval and take effect immediately.

Select assets to claim

  1. In the Domain Inventory or IP Inventory table, click assets that you want to claim.
  2. Click Claim.|

    df-ip-select.png

  3. In the dialog, review your action and click Claim.

    df-ip-claim.png
    The asset's displayed status immediately changes from Attributed to Claimed.

Provide a list of assets to claim

If you want to use your own internally managed inventory of domains or IP addresses to claim assets, you can do the following instead of selecting from the inventory tables:

  • Upload a .csv file of those assets instead of reviewing the assets displayed in your footprint You can upload domain and IP .csv files separately.
  • Manually enter IP addresses.

Identify your asset column by giving it the heading ip or domain. Otherwise, SecurityScorecard uses the value in the first column by default.

Note: If you upload an asset that is not currently in the Digital Footprint, it is not added as part of the Claim operation. Use the Add operation for assets that are not in the Digital Footprint yet.
  1. In the Domain Inventory or IP Inventory table, click Claim without selecting any assets.
  2. In the Claim assets dialog, do one of the following:
    • Click the button to upload a .csv from your hard drive
    • Copy a comma-separated list of IPs or domains and paste it into the text box.
  3. Click Claim.

    df-claim-comma-separated.png

Any Digital Footprint assets with an Attributed status change to Claimed if they are in the list that you provided.

Ask SecurityScorecard to remove assets

You can request removal of assets for one of the following reasons:

  • They do not belong to you. For example, they are part of an Amazon Web Services (AWS) infrastructure. 
  • They are associated with a domain that does not belong to you: This could apply to a parked domain, which is not associated with any web site or service and is being reserved for later use.

How removal requests work

  • After you submit a request, SecurityScorecard reviews it. If we agree with the reason, we remove the asset(s) and change their displayed status to Removed.
  • All IP addresses associated with removed domains are also removed automatically.
  • You cannot directly remove a subdomain, which inherits its status from the parent domain. To have a subdomain removed, have the parent domain removed.
  • After assets are approved for removal, changes to your Digital Footprint are processed during the next score update, so it may take several days before your score is amended.

Select assets to request for removal

  1. In the Domain Inventory or IP Inventory table, click assets that you want to have removed.
  2. Click Remove.|

    df-ip-select-remove.png

  3. In the dialog, select a reason for requesting removal.
  4. Click Remove.

    df-ip-remove-selected.png

The status of the assets you indicated changes to Under Review. Assets approved for removal are marked Removed. Assets that are not approved for removal revert back to a status of Attributed.

Upload or manually enter assets to remove

If you want to use your own internally managed inventory of domains or IP addresses to request removal, you can do the following instead of selecting from the inventory tables:

  • Upload a .csv file of those assets instead of reviewing the assets displayed in your footprint. You can upload domain and IP .csv files separately.
  • Manually enter IP addresses.

Identify your asset column by giving it the heading ip or domain. Otherwise, SecurityScorecard uses the value in the first column by default.

  1. In the Domain Inventory or IP Inventory table, click Remove without selecting any assets.
  2. In the Remove assets dialog, do one of the following:
    • Click the button to upload a .csv from your hard drive.
    • Copy a comma-separated list of IPs or domains and paste it into the text box.
  3. Select a reason for requesting removal.
  4. Click Remove.

    df-ip-remove-list.png

Add assets

If you find gaps in your Digital Footprint during your review, you can add IPs or domains in one of two ways:

  • Upload a .csv file of assets you want to add. You can upload domain and IP .csv files separately.
  • Manually enter IP addresses of assets you want to add.

This ensures that you are tracking security issues for all important assets in your organization.

Identify your asset column by giving it the heading ip or domain. Otherwise, SecurityScorecard uses the value in the first column by default.

How adding assets works

  • SecurityScorecard reviews your additions. Upon approval, we display them in your digital footprint.
  • Assets that we approve for addition are marked as Claimed.
  • You cannot add subdomains individually. We detect them when you add or claim their parent domains.
  • Adding a domain does not cause its associated IPs to be added as well. You need to add IPs separately. Our subsequent attribution scans will associate your added IPs with your added domains in the Digital Footprint. 

To add assets:

  1. On the Overview page, click the button for adding assets.

    df-ovu-add.png
    or
    On the IP Inventory or Domain Inventory page, click Add.

    df-domain-add.png

  2. If you accessed the Add Assets page from the Overview page, select whether you are adding IPs or domains. Otherwise, go to the next step.
  3. Do one of the following:
    • Click the button to upload a .csv from your hard drive.
    • Copy a comma-separated list of IPs or domains and paste it into the text box.
  4. Click Add and claim.

    df-add-assets.png

Approved additions appear in your Digital Footprint. The review process may take several days.

FAQ

What is a Digital Footprint?

Your Digital Footprint is a visualized database of all the assets that SecurityScorecard attributes to your company, organized by IP addresses, IP ranges, domains, and geographic distribution.

How are assets attributed to my Digital Footprint?

At a high level, SecurityScorecard builds a Digital Footprint database by:

  • Observing multiple IP- and DNS-related data sources, such as WHOIS queries, reverse WHOIS queries, and SSL certificates
  • Normalizing and correlating the data from these sources and mapping connections between related vendor digital assets
  • Using advanced, patented machine-learning algorithms to ensure accuracy in Digital Footprint assignments
  • Reviewing and manually correcting errors

What can I do about misattributions?

Since attribution is a primarily automated process, misattributions can happen due, for example, to miscalculations in the algorithm, the fluidity of dynamic or cloud-based assets, or other causes. Validating your Digital Footprint by reviewing, claiming, adding, and requesting removal of assets helps reduce misattributions for a more accurate inventory.

Does claiming assets affect my score?

Claiming assets does not impact your score in any way. It is a good practice for helping you prioritize your assets from a security perspective and keeping your Digital Footprint accurate. 

Which assets affect my score?

Except for removed assets, all assets impact your score, even short-lived dynamic assets. This is why it is important to help keep your Digital Footprint up to date. By claiming assets that you know about on a regular basis, you can better identify opportunities for improving your score more effectively.

Get Help 

If you need help or have more questions, submit a Support request.

Related articles