- December 12, 2023: Linked to no findings definition.
- December 4, 2023: Finding lifetime definition link changed to Finding Lifetime section.
- April 19, 2023: 2023 RAU risk category weight adjustment.
The Domain Squatting risk vector reveals if a company has registration coverage for domains that resemble their own primary/secondary domains, which render them most susceptible to these types of attacks.
|Details & Values
|How findings behave, depending on the action taken.
|The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period.
|There are no findings for this risk vector or we are temporarily unable to collect data. A default risk vector grade is assigned.
Default: – “N/A” Letter Grade
This is an informational risk vector. It does not currently affect security ratings.
|The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.
|Automated Scan Duration
|The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations.
|User-Requested Refresh Duration
|The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated.
|Out of 70.5% in Diligence.
Domain Registration Statuses
We determine if domains are registered based on the information provided by DNS queries.
If new primary or secondary domains are added to a company, the data will be available the following week. If newly mapped companies are added to the Bitsight inventory during the nightly data collection process, findings will be available for those companies the following day.
Each domain variation is evaluated and grouped into one of the following states:
|Indicates if the company who owns the target domain (appears in its domain map) registered the variation.
Indicates if another company registered the variation. This assumes that organizations are not maliciously squatting. This helps resolve issues where Cosco legitimately has “cosco.com,” a domain variation of “cisco.com,” registered. This also captures cases where we have mapped Identity/Brand Protection companies and various companies in our inventory use these third-parties for brand protection.
Example: SBC.com and ABC.com
|This domain is registered, but not by a known organization.
|The domain is unregistered.