- February 9, 2023: End Date, Start Date, & Request Date.
- May 27, 2021: Included Mobile Application Security asset example.
- May 4, 2021: Added “company-provided” and “custom subnet.”
These are the common terms used for describing a network of web servers (infrastructure).
- A subset of attributions. They are the machines that are deployed on the Internet by an organization and are identified by a single IP address, domain/hostname, or application.
- IP/CIDR – An organization is assigned a /28 CIDR. That CIDR defines a set of 16 IP addresses that can be used by the organization. The organization assigns 10 of those IP addresses to machines. The 10 machines that are actually assigned with a public IP address are assets.
- Domain – The “example.com” attribute associates www.example.com, mail.example.com, wizard.secure-login.example.com as individual assets for a single organization.
- Application – A publisher’s mobile application offering, as depicted by the Mobile Application Security risk vector.
- Records of the external-facing internet space attributed to an organization. It defines CIDR blocks and domains that are owned or assigned for the use of the organization.
An organization is assigned a /28 CIDR. That CIDR defines a set of 16 IP addresses that can be used by the organization. The organization assigns only 10 of those IP addresses to actual machines. The organization might not be using all of them, but they all belong to the organization from a record-keeping perspective.
Alternatively, an organization is attributed example.com as their domain. Any assets with hostnames that end with “example.com” would then be attributed to the organization.
- Bitsight Curated Rating
- Made up of the resulting network footprint, as outlined in the network mapping process.
- Classless Inter-Domain Routing (CIDR) Block
- CIDR notation is a way of specifying IP addresses and the associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 220.127.116.11/24 for IPv4, (18.104.22.168-22.214.171.124) and 2001:db8::/32 for IPv6.
- Company-Provided Infrastructure
- Infrastructure (IP addresses and CIDR blocks) provided to Bitsight by a user from the organization to define their infrastructure.
- Custom Subnet
- A subnet of infrastructure (IP addresses and CIDR blocks) customized by users within an organization for infrastructure tagging purposes.
- End Date
- The date when infrastructure is no longer attributed (inactive).
- Internet Protocol Address (IP Address)
- A series of numbers for uniquely identifying computers connected to the Internet (e.g., 126.96.36.199 for google.com).
- Peer Group
- A group of companies that are within an industry or sub-industry, of similar or particular size.
- Primary Rating
- A self-published rating that the publishing organization believes is an accurate indication of their security posture and best communicates their security posture to third parties.
- Request Date
A.k.a. Start Date
The date when customer-provided infrastructure is submitted.
- Start Date
- The date when infrastructure starts being attributed.
- Self-published Rating
- Consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight (Bitsight curated). This has its own Security Rating report.
- Service Set Identifier (SSID)
- The primary name associated with a Wi-Fi network, assigned by the network administrator. It is not a unique identifier. They are commonly assigned to be easily identifiable for the users of the wireless network.