Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Mobile Software Findings

Ingrid

The Mobile Software risk vector is part of the Diligence risk category. It determines if mobile device software is supported or out-of-date. Mobile devices are smartphones and tablets in a company's network that access the Internet. Outgoing communications from mobile devices include metadata about the device's operating system, device description, browser version, and description of applications (endpoint data).

SPM App: menu-findings-spm.png Findings ➔ Findings Table

CM App:

  1. Select a company from your Companies List.
  2. Go to menu-vendor-risk.png Vendor Risk ➔ Findings

Insurance App:

  1. Select a company from your Companies List.
  2. Go to menu-client-risk.png Client Risk ➔ Findings

Bitsight API: GET /v1/companies/company_guid/findings?risk_vector=mobile_software

Finding Details

The details include the data in Findings, Diligence details, and also the following information:

❖ This field can be included in the table from the columns.png Customize Columns option.

Operating system (OS) and Browser Information

EOL
The end-of-life date for the version.
EOL Status
The end-of-life status of the current version.
Family

The family of the detected OS or browser.

  • OS
  • Browser
Grade

An assessment of the detected OS or browser based on the version’s support status.

  • OS Grade
  • Browser Grade
Launch
The launch date of the current version.
Support Status

The support status of the current OS or browser version.

  • OS Support
  • Browser Support
Version

The current version of the detected OS or browser.

  • OS Version
  • Browser Version

Observations

Observed Devices
The number of observed devices based on visible web activity.
[Sample Observations] Source IP
The source IP address of the connection when the evaluated desktop made an outbound request. This is typically an IP address associated with a firewall. The source IP and user-agent string are used to determine the OS and browser version.
[Sample Observations] Target Host

The host that the browser connected with (if available). If we were able to collect target host information, it is useful for searching the firewall logs to determine which internal host made the connection. Search for the egress IP in the source IP field, the target host, and representative timestamp.

Available in the SPM application.

[Sample Observations] User Agent
The user-agent string as sent by the browser.
[Sample Observations] Timestamp
The date and time (in UTC) when the traffic was observed.

Remediation

Remediation Instructions
Information for how to resolve a negative finding.
  • October 29, 2024: Findings Table navigation instructions moved from Risks to a new Findings section in the menu.
  • October 16, 2024: Target host information might not always be available.
  • August 30, 2024: Terminology – “Host IP” → “Source IP” & “Host domain” → “Target host.”

Related articles

Feedback

0 comments

Please sign in to leave a comment.