- April 19, 2023: 2023 RAU risk category weight adjustment.
- October 20, 2021: Ratings Algorithm Update 2021.
- October 12, 2021: Terminology, “grace period” changed to “finding behavior.”
⇤ How is the Diligence Risk Category Calculated?
The Domain Squatting risk vector reveals if a company has registration coverage for domains that resemble their own primary/secondary domains, which render them most susceptible to these types of attacks.
See domain registration statuses.
| Field | Description | Details & Values | |
|---|---|---|---|
| Finding Behavior | How findings behave, depending on the action taken. |
|
|
| Lifetime | The number of days a finding will impact the risk vector grade, assuming nothing changes in the future and the finding is not updated with new information. Learn why findings have a decay and lifetime period. | Not Applicable | |
| No Findings | The letter grade if there are no findings for this risk vector. |
This is an informational risk vector. It does not currently affect security ratings. |
|
| Refresh | The Bitsight platform regularly checks for new observations. Bitsight findings are updated as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated. | ||
| Automated Scan Duration | The duration of a regularly scheduled finding refresh, as the Bitsight platform checks for new observations. | 8 Days | |
| User-Requested Refresh Duration | The duration of a user-requested refresh, which initiates a refresh of eligible findings upon request. This is recommended when a change in the finding is expected, such as when a finding has been remediated. | Not Available | |
| Weight | Out of 70.5% in Diligence. | Not Applicable | |
Domain Registration Statuses
We determine if domains are registered based on the information provided by DNS queries.
If new primary or secondary domains are added to a company, the data will be available the following week. If newly mapped companies are added to the Bitsight inventory during the nightly data collection process, findings will be available for those companies the following day.
Each domain variation is evaluated and grouped into one of the following states:
| Ownership Status | Description |
|---|---|
| Own Company | Indicates if the company who owns the target domain (appears in its domain map) registered the variation. |
| Another Company |
Indicates if another company registered the variation. This assumes that organizations are not maliciously squatting. This helps resolve issues where Cosco legitimately has “cosco.com,” a domain variation of “cisco.com,” registered. This also captures cases where we have mapped Identity/Brand Protection companies and various companies in our inventory use these third-parties for brand protection. Example: SBC.com and ABC.com |
| Third Party | This domain is registered, but not by a known organization. |
| Not Registered | The domain is unregistered. |