These are the common terms used for describing a network of web servers (infrastructure).
- Application
- A type of asset that is attributed to an organization. This type includes a publisher’s mobile application offering, as depicted by the Mobile Application Security risk vector.
- Assets
- A subset of attributions. They are the machines that are deployed on the Internet by an organization and are identified by a single IP address, CIDR block, domain, or application.
- Attributions
-
Records of the external-facing internet space attributed to an organization. It defines CIDR blocks and domains that are owned or assigned for the use of the organization.
Example:
An organization is assigned a /28 CIDR. That CIDR defines a set of 16 IP addresses that can be used by the organization. The organization assigns only 10 of those IP addresses to actual machines. The organization might not be using all of them, but they all belong to the organization from a record-keeping perspective.
Alternatively, an organization is attributed example.com as their domain. Any assets with hostnames that end with “example.com” would then be attributed to the organization.
- Bitsight Curated Rating
- Made up of the resulting network footprint, as outlined in the network mapping process.
- Classless Inter-Domain Routing (CIDR) Block
- A type of asset that is attributed to an organization. CIDR notation is a way of specifying IP addresses and the associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., 193.168.2.0/24 for IPv4, (193.168.2.0-193.168.2.255) and 2001:db8::/32 for IPv6.
- Company-Provided Infrastructure
- Infrastructure (IP addresses and CIDR blocks) provided to Bitsight by a user from the organization to define their infrastructure.
- Custom Infrastructure
- A subnet of infrastructure (IP addresses and CIDR blocks) customized by users within an organization for infrastructure tagging purposes.
- Domain
-
A type of asset that is attributed to an organization. Refer to your domain registrar’s database to get domain information, including:
- Availability
- Ownership
- Creation Details
- Expiration details
- Name Servers
Example: The
example.com
attribute associateswww.example.com
,mail.example.com
, andwizard.secure-login.example.com
as individual assets for a single organization. - End Date
-
The date when infrastructure is no longer attributed to a company. Removal is captured through an automated process and then marked with an end date (Bitsight End Date).
Possible reasons for removing infrastructure:
- Stale DNS records.
- Expired infrastructure.
- The infrastructure is identified as never having belonged to the company.
- Internet Protocol Address (IP Address)
- A type of asset that is attributed to an organization. It is depicted as a series of numbers for uniquely identifying computers connected to the Internet (e.g., 74.125.226.16 for google.com).
- Peer Group
- A group of companies that are within an industry or sub-industry, of similar or particular size.
- Primary Rating
- A self-published rating that the publishing organization believes best reflects its security posture and communicates it to third parties.
- Request Date
-
A.k.a. Start Date
The date when company-provided infrastructure is submitted.
- Start Date
- The date when infrastructure starts being attributed.
- Self-published Rating
- Consist of CIDR blocks, IP addresses, and domains that are specifically selected by the company itself, rather than curated by Bitsight (Bitsight curated). This has its own Security Rating report.
- Service Set Identifier (SSID)
- The primary name associated with a Wi-Fi network, assigned by the network administrator. It is not a unique identifier. They are commonly assigned to be easily identifiable for the users of the wireless network.
- September 25, 2024: Separated 'domain' and 'application' from the 'assets' definition.
- August 13, 2024: Updated 'end date' definition and provided examples.
- February 9, 2023: End Date, Start Date, & Request Date.
Feedback
0 comments
Please sign in to leave a comment.