- December 1, 2023: Linked to finding lifetime resource.
- April 19, 2023: 2023 Ratings Algorithm Update.
- November 30, 2021: Impact of ongoing infections.
The Compromised Systems risk category accounts for 27% of a company’s Bitsight Security Rating. The total letter grades of all Compromised Systems risk vectors and event duration are factored into the entire Compromised Systems risk category, and then normalized to account for company size:
Each risk vector receives an individual letter grade based on frequency, duration, and severity. The letter grade is relative to all other companies. Individual grades are calculated and refreshed daily.
The volume of events that appear in given sets of time.
Since malware families communicate with different frequencies, the impact of multi-day infections are reduced so that only 1 out of 3 days is counted. The First Seen and Last Seen dates are not affected.
Unique IP addresses, malware family, number of days, and connection tracking information are taken into consideration when classifying observations as an event:
Number of Days:
Multi-day with Gaps:
|Gamarue was observed 7 times in xxx.xxx.12.345 and 2 times in xxx.xxx.54.321 (different IP), the 9 observations are considered as 2 events.|
|Conficker and Rammit were observed any number of times in xxx.xxx.12.345 on January 1st, each type of malware is considered as a separate event.|
The time between when the system was first observed to be compromised and when it was last observed. Longer lasting events have a larger impact than shorter events.
Example: If a Botnet Infection is first observed in one machine on June 1, is seen again from the same machine on June 2, and then not seen subsequently, the duration is 2 days.
Frequently Asked Questions
When do Security Ratings Improve?
Compromised Systems events are refreshed daily and are based on events that occur over the past 180 days. The letter grade of a particular risk vector will improve over time after the event’s end date, assuming no new events occur.
Learn more about finding lifetime.
How do Ongoing Infections Impact Bitsight Security Ratings?
All infections have the same raw weight/impact. An infection of a particular family on a given IP only counts against the rating once in a three-day period.
The ratings algorithm is based on relative rankings of companies. This means that the output ratings does not directly match the raw impact.
In practice, what happens is that the first few events have a higher impact because the first few events push the company to a lower rank relative to many other companies - this is because Botnet Infections are rare occurrences. As the number of Botnet Infection findings increases, the ratings impact gets smaller since there are fewer companies with that many findings.