By using certain tools and best practices to review your Digital Footprint, you can find assets that you want to claim or manage. You can also spot inventory gaps and correct them by adding assets.
Step 1: Start with a high-level view
Scan the Overview page to gain a broad view of your inventory, and spot areas that need closer attention or investigation:
-
See the total number of IPs and domains in your footprint, including those you have yet to claim. Click a section of one of the vertical bars to view assets with that status. For example, you might want to view assets...
- that SecurityScorecard has attributed to your organization to determine whether to claim them
- that are under review after you requested their removal
-
that are dynamic, which are short-lived IPs provided by cloud services
Tip: Due to their ephemeral nature, dynamic assets are not worth claiming or removing, but they give an indication how parts of your Digital Footprint fluctuate.
-
See the geographic distribution of your assets for additional context about IP locations. Use the map, where you can click a country to view assets in that location...
... or the Location tab of the Discovery section, where you can click a location to view assets there. If the display area does not fit all the locations, use the scroll bar to view more.
-
Also in the Discovery section, review the detection methods and sources that SecurityScorecard uses to attribute assets to your organization. This is helpful for verifying attributions that you question.
SecurityScorecard uses the following attribution sources and detection methods:
| Detection method | Sources | Attribution signal |
| DNS lookup | DNS record (Referred to as A record in the Digital Footprint) |
Subdomains related to the examined domain and IP address, and the timestamp of the sighting. |
| Port Scan | SecurityScorecard's Cloud Scanner | |
| Published Data |
|
Provided by an owner of an IP address range, such as a service provider. |
| SSL Certificate |
SecurityScorecard 's proprietary data engine, ThreatMarket, which collects threat data from multiple intelligence feeds across the internet | Related to the examined domain and IP address, and the timestamp of the certificate sighting. |
| User contributed | Data that SecurityScorecard gathers for manual attribution | |
| Security Scorecard Login |
Attribution from users logging into the SecurityScorecard platform, which helps attribute IPs of office locations.
|
|
| Third-party | Third-party feeds that correlate the examined IP address and domain | |
| WHOIS |
|
Records related to the examined domain and IP address. |
Step 2: Drill down from domains to IPs
Every IP in your Digital Footprint is part of a domain. Since domains often group IPs by business units or initiatives, the domain view in your digital footprint enables you to review IPs in logical subsets.
Prioritize or highlight certain domains
Click the Domains tab to view attributed domains. (You can also ingest attribution evidence via CSV export)
Note: A domain is a website's primary URL which has been registered with an entity that is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN). Its component subdomains are not registered, but are instead "created" after the parent domain is registered. In one example: marketing.thisbusiness.com, marketing is a subdomain, while thisbusiness.com is the registered domain.
If you have a high number of domains, you can limit your view to prioritize certain domains or just break your review down into manageable stages:
- Sort domains
- Filter IPs
Sort domains by different column headings to prioritize your review in different ways, as in the following examples:
| Sort by... | to prioritize domains that... |
|
Domains (names) |
have particular significance, such as those with sensitive assets or those with assets that may be decommissioned or less important |
| Status | are attributed but not yet claimed (if you want to determine which to claim) |
| IPs | contain particularly important assets |
| Issues | have IPs with high numbers of issues, especially if the assets are sensitive |
| Findings | have IPs with high numbers of findings, especially if the assets are sensitive |
| Impact | have IPs with the greatest average impact on your security rating |
For a domain view that more precisely matches your needs, filter domains using the column headings as criteria. For example, display only domains with the .net extension that have been observed for more than 1 year and have IPs with more than 30 issues in total.
- Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. The OR operator joins filters.
-
Selecting the ALL toggle produces only results that match the criteria of all of the filters. It is the more restrictive option, yielding more limited results. The AND operator joins filters.
Prioritize or highlight certain IPs
With a tailored view of domains that are more important to you, start reviewing IPs to determine which to claim or request for removal, and whether there are gaps that require you to add IPs.
Click the IP Inventory tab to view attributed IPs.
You can limit your view to prioritize certain IPs or break your review down into manageable stages:
- Sort IPs
- Filter IPs
Sort IPs by different column headings to prioritize your review in different ways, as in the following examples:
| Sort by... | to prioritize IPs that... |
| IP address | are particularly sensitive |
| Issues | have high numbers of issues, especially if the assets are sensitive |
| Findings | have high numbers of findings, especially if the assets are sensitive |
| Impact | have the greatest average impact on your security rating |
For an IP view that more precisely matches your needs, filter IPs using the column headings as criteria. For example, display only IPs with the .net extension and require IPs with more than 30 issues in total.
- Select the ANY toggle for results that match any of the filters in the set, even if they conflict. It is the more inclusive option. The OR operator joins filters.
-
Selecting the ALL toggle produces only results that match the criteria of all of the filters, so it is the most restrictive and has the most limited results. The AND operator joins filters.
Tip: Although you cannot search or filter on Source or Detection, you can find IPs with those criteria by using the Discovery section of the Overview page.
View details about an IP
Click any listed IP to see more key information about it:
- Details about its SSL certificate
- Its associated domains