Continuous Risk Discovery

When your digital infrastructure changes every second of every day, how do you keep pace? Bitsight deploys one of the largest data discovery engines in the world to continuously identify assets, relationships, and security observables that impact risk in your organization.

Get a risk data demo
Data discovery hero v2

When your digital infrastructure changes every second of every day, how do you keep pace? Bitsight deploys one of the largest data discovery engines in the world to continuously identify assets, relationships, and security observables that impact risk in your organization.

Get a risk data demo

Asset Discovery Methodology

Our approach to continuously update a detailed view of internet-connected devices includes a diverse set of activities that, when combined with our unique attribution capability, creates an expansive view of an organization’s interconnected entities, their digital footprint, and risk posture. To do this, we categorize our discovery engine into two categories: Active and Passive Data Collection

Active Data Collection

We proactively query specific data repositories and scan internet-connected assets to deepen our understanding of risk posture

Passive Data Collection

We listen for signals that provide additional context about asset ownership, relationships among entities, and risk posture

Active Data Collection with Bitsight Groma.

Bitsight asset discovery time

Active Data Collection with Bitsight Groma.

BitsightGroma sits at the center of our Active Data Collection capability. The proprietary scanner continuously monitors the entire internet to provide a near real-time view of connected assets and entities.  Operating our own scanning technology – and not relying on third-party providers – creates the ability to:

  • Innovate more rapidly through greater control over the scanning process
  • Accelerate mean-time-to-detection for new vulnerabilities and asset updates
  • Respond faster to changes in customer environments

The benefits manifest into all of the Bitsight’s products and services from Continuous Vendor Monitoring and External Attack Surface Management to Cybersecurity Ratings and Bitsight can discover new assets within 2 hours of them becoming visible on the Internet according to recent study from Greynoise.io.

Bitsight Scanning in Action

Bitsight Scanning in Action

A report from Greynoise.io shows the magnitude of internet scanning that Bitsight deploys to identify changes in internet connected devices.  “Bitsight dedicates a crazy amount of infrastructure to poke at internet nodes.” 
- Greynoise.io

Data Discovery_Graphics

Passive Data Collection

Bitsight passive data collection leverages a variety of tools and techniques

Bitsight Groma

Using sinkholes, malware emulators, honeypots, and similar techniques to discover ransomware precursors, worms, botnets, greyware, adware, malware distribution, malicious internet scanning, and vulnerability exploits.

Bitsight Groma

Using sinkholes, malware emulators, honeypots, and similar techniques to discover ransomware precursors, worms, botnets, greyware, adware, malware distribution, malicious internet scanning, and vulnerability exploits.

Version Control

Assessing the version levels of endpoint browsers, operating systems, and desktop software.

Version Control

Assessing the version levels of endpoint browsers, operating systems, and desktop software.

IP Ownership

Listening to network advertisements, such as those performed by the BGP routing protocol, to determine IP address ownership.

IP Ownership

Listening to network advertisements, such as those performed by the BGP routing protocol, to determine IP address ownership.

Host and Subdomains

Analyzing WHOIS records, certificate transparency logs, DNS queries from endpoints, and related information to determine the affiliations of hostnames and subdomains.

Host and Subdomains

Analyzing WHOIS records, certificate transparency logs, DNS queries from endpoints, and related information to determine the affiliations of hostnames and subdomains.

Changes in Behaviour

Monitoring the behavior of endpoint devices, such as movements between locations, to develop baselines of normal workforce computing behavior.

Changes in Behaviour

Monitoring the behavior of endpoint devices, such as movements between locations, to develop baselines of normal workforce computing behavior.

Lifecycle Management

Observing the speed and effectiveness of organizations’ hardware 
and software lifecycle management activities.

Lifecycle Management

Observing the speed and effectiveness of organizations’ hardware 
and software lifecycle management activities.

Security Observables

Data Discovery

Security Observables

Some of our most powerful passive data collection methods include leveraging sinkholes, malware emulators, honeypots, and other similar techniques. The combination of data sources creates a rich set of security observables to understand and measure risk.  Some examples include:

Of note, Bitsight operates one of the world’s largest sinkhole infrastructures, enabling our team to intercept command and control communications from malware and botnets to analyze communication patterns about malware and track the source 
IP address of infected machines. 

Resources

Data-Driven Approach Asset Discovery Risk Measurement cover

Reports and Research

A Data-Driven Approach to Asset Discovery and Risk Measurement

Download this white paper to learn about Bitsight’s approach to data and how we stand out.
Download now

Reports and Research

Slicing through CISA’s KEV Catalog

Download now

Data Sheets

Cybersecurity Data Solutions

Download now