- June 9, 2021: Linked to Bitsight Academy.
- November 14, 2019: Published.
When subscribing, you have the option to subscribe to the primary, the Bitsight curated, or one of the self-published ratings of a company. Learn how to subscribe to companies.
A self-published rating has its own Bitsight Security Rating Report. Self-published companies consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight.
The distinction between “self-published” and “Bitsight curated” ratings is marked with a Self Published label in their Company Details page or with an
SP indicator in their Ratings Tree. Any self-published companies in your portfolio are also marked as such.
Self-published company ratings help communicate a company’s most relevant information to executives within their organization and with their customers. For consumers of ratings, the availability of self-published ratings can enhance risk management processes.
- Self-published companies help separate business units within a company. A company may want to communicate differences in services and associated Security Ratings to ratings consumers.
Example: Break out services and isolate them from other services.
- Some companies loan out hardware or IP addresses to their customers, such as service providers (Amazon AWS, Rackspace). These types of companies may want to communicate these separated assets to provide clarity between the company’s security rating and the activities of its customers.
- Communicate network segmentation; corporate Wi-Fi networks, guest Wi-Fi networks, and other various levels of control. The advantages of using a self-published company over annotations in this situation include access to ongoing monitoring, rating change alerts, and all the other benefits of a full security rating report. However, annotations (or tags) are an invaluable asset for response teams and should still be used accordingly.
Once a self-published company is created:
- Publishers can choose to highlight one of the self-published companies in a ratings bundle as that curated company's primary.
- Subscribers may choose to purchase a subscription to it; like any other company, it will then appear in the portfolio. The report is read the same way as any other company report.
The creation of self-published reports does not change the rating or letter grades of the original Bitsight curated company, unless additional IPs or domains are provided in the process of creating the self-published company. Those new IPs and domains will be included in the Bitsight curated parent company. The self-published report is based on a subset of the parent infrastructure. Any events that occur on self-published reports will continue to affect the parent Bitsight report. Creating self-published reports simply provides a more accurate representation of a company’s security posture.
Learn how the security ratings of a parent-subsidiary relationship are calculated.
Privately Published
Self-published companies do not need to be publicly visible; you may request to have self-published companies created and have them visible only to users within your organization. Privately self-published companies do not appear in searches performed by other companies.
Privately published ratings are created by an organization for internal use and are not available for other organizations to monitor.
A private status for the rating is indicated in the Ratings Tree with the following Private indicator:
| You have access to this privately self-published company. | |
| You do not have access to this privately self-published company. |
Creating private self-published companies is an excellent way to monitor the security rating of divisions, offices, business units, and so forth, that belongs to your organization, without publicly disclosing these segments, internal strategies, or hierarchy through names of those units.