Guest Network and Honeypot Exclusion Ingrid Guest networks can frequently generate security events due to their open and dynamic nature. Many organizations manage this risk by strictly segmenting guest networks from the organization’s networks. To better reflect controls like these, the impact of guest networks can be removed from the rating with no loss of attack surface visibility. The exclusion lasts for a renewable 1-year period. Before the end of the 1 year exclusion period, Admins are notified to review the exclusions and renew the attestation. Excluded guest networks show vulnerability and findings, but they are excluded from the rating. Keep attack surface visibility into guest networks without impacting your rating and ensure a secure and reliable network environment. Continue to identify potential threats in guest networks. Remediate and mitigate any issues and threats arising from guest networks. Reduce the risk from a relatively uncontrolled guest network. Identifying Guest Networks Ratings Tree: Any entity with a Guest Network Exclusion is indicated (with the node expanded) with a Yes in the Guest Network Exclusion field. Findings Table: Identify findings in the Findings Table related to excluded guest networks by using the Impacts Risk Vector Grade filter with No: Guest Network Exclusion selected. Self-Attesting Guest Networks for Exclusion To self-attest IP addresses that serve as exit points for guest networks: How to remove guest networks Enter the IP addresses into the attestation form (you must be signed in to access this file). Have the form signed by a C-level official or Director of IT or similar role. Send the form to Bitsight Support. Guest Network Validation There is a validation process to ensure that the observed events on these IP addresses align with typical guest network behavior. Validation occurs on a case by case basis and considers feedback and additional context. Criteria: There haven't been any open port events in the past 6 months. There are no signs of domain hosting in the past 6 months. The exclusion is a /24 CIDR block or smaller. Honeypots A cybersecurity honeypot is a decoy system or resource set up to attract and detect attackers by mimicking a real target. Honeypots can generate realistic-looking findings in the Bitsight platform due to their nature as deception devices. Bitsight will remove honeypot assets from the rating if an organization attests to the location of the honeypots by IP or hostname. Findings on these assets will not appear in the system or impact the rating. The exclusion lasts for a renewable 1-year period. Before the end of the 1 year exclusion period, Admins will be notified to review the honeypot exclusions and renew the attestation. Self-Attesting Honeypots for Exclusion To self-attest IP addresses and domains that serve as honeypots: How to remove honeypots Enter the IP addresses and domains into the attestation form (you must be signed in to access this file). Have the form signed by a C-level official or Director of IT or similar role. Send the form to Bitsight Support. April 23, 2025: Published. July 28, 2025: Honeypots added. Related articles Finding Behavior Guest Network Exclusion – April 23, 2025 Impacts Risk Vector Grade Marsh McLennan Study: Correlation Between Bitsight Analytics and Cybersecurity Incidents Verifying That a Finding Is Remediated Feedback 0 comments Please sign in to leave a comment.