Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Groma Internet Scanning and Data Collection Infrastructure – July 25, 2024

Ingrid

As part of our commitment to continuous data quality improvements, we have expanded the hostname coverage for our proprietary internet scanning and data collection infrastructure, Groma. Due to improved capabilities, Groma is able to scan more domain based assets on the internet and bring those findings to you in a timely fashion.

We tripled the hostname coverage for the first time in January 2024 compared to the previous year. This time, we are expanding it to reach a 54% increase in the domain based assets coverage compared to six months ago.

Affected Risk Vectors

As the Groma scan cycle (from July 25th through August) progresses, more assets and findings are added to the Bitsight inventory, particularly for the following risk vectors with domain-based findings:

Benefits

As we add new capabilities, enrich the data, and improve our scanning infrastructure performance, we are confident that it will result in faster and broader scans and refreshes, and will increase our ability to troubleshoot issues when scans cannot be completed.

  • Better visibility of domain based assets.
  • Instant access to more findings to surface the security issues.
  • Improved data quality to increase the customer experience.
  • Faster and more reliable refresh.
  • A more accurate and comprehensive evaluation of security posture.

Possible Impact

  • There might be an increase in findings, especially during the initial scan of a brand new domain in the expanded target hostname list within the Bitsight inventory. See affected risk vectors.
    • The new findings’ positive or negative impact to their respective risk vector grades (and eventually to the headline rating) is independent from Groma’s enhanced scanning capabilities.
    • If the additional findings are graded Good, there might be an improvement in the Diligence risk vector grades, especially the Web Application Header and TLS/SSL Configuration risk vectors, and in the rating.
    • If the additional findings are graded Neutral, there shouldn’t be any changes.
    • If the additional findings are graded Fair, Bad, or Warn, there might be a drop in the Diligence risk vector grades, especially the Web Application Header and TLS/SSL Configuration risk vectors, and in the rating.
  • Only operational and stable data is in production.
  • The data enhancements do not impact the network mapping process.
Was this article helpful?
4 out of 6 found this helpful
Return to top

Related articles

Feedback

0 comments

Please sign in to leave a comment.