Skip to main content

What is Endpoint Data?

Feedback

15 comments

  • Nimitt Javeri

    Very relevant feature esp. in context of present day risk environment.  

    0
  • Andreas Tomek

    How do you determine the risk? 

     

    0
  • Betsy Ludsten

    It looks like this would include BYOD as well, is that correct? 

    0
  • Dhawal Shrivastava

    Appears to be a great addition. Looking forward for actual data and its usefulness.

    0
  • Chuck Jones

    How do you capture this information?

    1
  • David SooHoo

    Hi Chuck, 

    Great question. We have a data provider that has a vast network of sensors deployed throughout the internet that captures user-agent string data. These user-agent strings include both browser and operating system version as well as an IP address, which are then associated back to companies.

    These risk vectors do include BYOD and we believe they should. Connecting a personal device to corporate network infrastructure is a risk and adds another potential surface of attack for a threat actor to gain access to company data and sensitive information. 

    Given the recent Meltdown and Spectre vulnerabilities, we are continuing to see an increasing interest in these risk vectors as they help to identify companies who have not yet implemented patches or updates to protect against the vulnerabilities. 

    Please do let us know if you have any other questions!

    2
  • Steve Kurutz

    Not a fan of this factor.  We accommodate a guest network that uses an outbound IP address that is within our BitSight-detected block.  We don't control our guests' choice of hardware and OS, and we aren't about to assign a wholly separate (not attributed to us) IP block to them so that their endpoints don't get included in our rating.  We have controls on that network severely restrict what can happen on these networks; no connections to our nonpublic internal systems, no peer-to-peer, restricted outbound protocols, etc.  

    I have similar feelings toward the "desktop browser" and "desktop OS" ratings, although the volume of managed (internal) endpoints helps us keep the impact of guests minimal.

    Perhaps BitSight should consider allowing those of us who subscribe to the service to designate "guest" IP ranges that are treated separately?  

    8
  • jason abbott

    I completely agree with @Steve Kurutz, this factor for Mobile and Desktop software doesn't take into account the way we segregate and secure our guest networks.  There has to be a way to fix this factor to take these mitigating controls under consideration.  

    I can't force guests to use current software or hardware, but I can keep them from accessing my internal devices.

    3
  • Betsy Ludsten

    Also, being unable to identify which device is being scanned is wholly unhelpful-- anything on the guest network may never come back again, whereas with anything that is company owned, how are we supposed to find it? We use a standard image, which means that any given time we have dozens to hundreds of very similar machines that access the network via the same visible ip addresses. Yes, they should all be up to date, but sometimes a scheduled browser upgrade push comes (far) behind an emergency zero day patching effort.

    3
  • John Umman

    what is the decay off period for this issue type ?

    0
  • Bhumika Anand

    Will an MDM resolve this? Additionally, plus one on separate guest network part, visitors actually connect via this and these will definitely contribute to a ratings downgrade.

    0
  • Permanently deleted user

    Information related to Compromised (Botnet, Torrent, etc) findings is misleading with regards to companies that provide GuestNet access. Guest Networks are in effect, public and segregated from the main corporate network. Public, in that anyone can connect; there are no security control requirements around GuestNet access; and Segregated, In that, these networks are complete isolated from the main corporate business network. The inability to suppress GuestNet access creates misleading and inaccurate results. The negative affect is a loss of credibility of your entire platform altogether. Happy to help improve this perception.

    0
  • Brian Mulligan

    Hi Ainsley,

    Thanks for the feedback, we do not want rating to be misleading. We've presently included guest wireless networks in the rating for a number of philosophical reasons. 1) We cannot externally validate the efficacy of the segmentation/segregation between guest networks and corporate networks. 2) Employees often join guest wifi networks specifically to circumvent security controls in place on corporate wifi and before rejoining the corporate wifi. To the extent that happens, the employee machines and data may be exposed to a security issues in the guest wifi.  We are looking at ways we can enhance our communication of guest wifi information in the platform, please reach out to me, brian.mulligan@bitsighttech.com if you'd like to discuss further.

    0
  • Elaine Tiller

    Hi Brian,

    We have the same concern with the usage of the guest network.  How do you propose that companies offer a guest network and not get a bad rating in this category?  In order for us to efficiently do business with third party visitors, we need to offer this service.  It appears that those who have commented are nearly all in agreement.

    Thank you, 

    Elaine T.

    0
  • Brian Mulligan

    Hi Elaine, 

    Many organizations create a self published company that excludes the infrastructure for their guest networks and designate it as their Primary Rating.  We  introduced the Primary Rating capability since the comment above (and in response to feedback like this) and it has become a popular way to improve communication around these kinds of issues. 

     

    0

Please sign in to leave a comment.