We aim to balance fairness, transparency, and objectiveness in our Security Rating service. Since related findings are crucial to understanding an organization’s security posture, we offer the following policy and a contextualization feature set to empower you to have the most constructive dialogue with your third parties and internal teams, while ensuring our ratings can remain trusted in the marketplace.
As an external observer of network traffic, we’re unable to determine the purpose of some of your network traffic. Therefore, your full set of IP addresses will always remain as part of your company’s Bitsight Security Rating in those cases.
- If you have events that are coming from a network with non-malicious activity (uncompromised system), we recommend adding context for your security rating.
- Some malware testing traffic may involve communication with our sinkholes that looks different than actual malicious activity. We strive to ensure the results from these tests are not captured in your Security Rating. Traffic whose behavior can be appropriately distinguished from real malicious traffic will be removed. If you believe that you have conducted a test whose communication pattern can be distinguished from that of actual malware, please contact Bitsight Support with your evidence for review, as outlined in the requirements and best practices for an appeal.
January 4, 2019: Published.
Feedback
0 comments
Please sign in to leave a comment.