Self-Published Companies

Self-published ratings are a type of rating that consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight.

A self-published rating has its own Bitsight Security Rating Report.

• Communicate the most relevant company information.
• Enhance risk management processes for consumers of ratings.
• Separate business units within a company. A company may want to communicate differences in services and associated Security Ratings to ratings consumers.

  Example: Some companies loan out hardware or IP addresses to their customers, such as service providers (Amazon AWS, Rackspace). These types of companies may want to communicate these separated assets to provide clarity between the company’s security rating and the activities of its customers.

• Communicate network segmentation of corporate Wi-Fi networks, guest Wi-Fi networks, and other various levels of control. The advantages of using a self-published company over annotations in this situation include access to ongoing monitoring, rating change alerts, and all the other benefits of a full security rating report. However, annotations (or tags) are an invaluable asset for response teams and should still be used accordingly.

Self-published companies are marked with a Self-Published label in search results, the My Company List, and in their Company Details page.

See Removing a Self-Published Report if you no longer need a self-published report.

Once a self-published company is created:

• Publishers can choose to highlight one of the self-published companies in a ratings bundle as that curated company's primary.
• Subscribers may choose to purchase a subscription to it; like any other company, it then appears in the portfolio. The report is read the same way as any other company report.

Ratings Inclusion

The creation of self-published reports does not change the rating or letter grades of the original Bitsight curated company, unless additional IPs or domains are provided in the process of creating the self-published company. Those new IPs and domains are included in the Bitsight curated parent company. The self-published report is based on a subset of the parent infrastructure. Any events that occur on self-published reports continue to affect the parent Bitsight report. Creating self-published reports simply provides a better representation of a company’s security posture.

Learn how the security ratings of a parent-subsidiary relationship are calculated.

Privately Published

Self-published companies do not need to be publicly visible; you may request to create self-published companies that are only visible to users within your organization. Private self-published companies do not appear in searches performed by other companies.

Privately published companies are created by an organization for internal use and are not available for other organizations to monitor. Creating private self-published companies is an excellent way to monitor the security rating of your company’s divisions, offices, business units, and other hierarchies without publicly disclosing them by name.

Privately published companies are marked with a Private label in the My Company List and in their Company Details page.

A private status for the rating is indicated in the Ratings Tree with the following Private indicator:

You have access to this privately self-published company.

You do not have access to this privately self-published company.

Low Confidence

Can a Self-Published rating be flagged as Low Confidence?

The rating is flagged as Low Confidence if assets provided for the Self-Published rating do not meet the high confidence criteria. A Low Confidence Self-Published report is visible in the ratings tree to only the users of the organization and is not visible to the public.