When your digital infrastructure changes every second of every day, how do you keep pace? Bitsight deploys one of the largest data discovery engines in the world to continuously identify assets, relationships, and security observables that impact risk in your organization.
Our approach to continuously update a detailed view of internet-connected devices includes a diverse set of activities that, when combined with our unique attribution capability, creates an expansive view of an organization’s interconnected entities, their digital footprint, and risk posture. To do this, we categorize our discovery engine into two categories: Active and Passive Data Collection
Active Data Collection
We proactively query specific data repositories and scan internet-connected assets to deepen our understanding of risk posture
Passive Data Collection
We listen for signals that provide additional context about asset ownership, relationships among entities, and risk posture
Active Data Collection with Bitsight Groma.
Bitsight Groma sits at the center of our Active Data Collection capability. The proprietary scanner continuously monitors the entire internet to provide a near real-time view of connected assets and entities. Operating our own scanning technology – and not relying solely on third-party providers – creates the ability to:
Innovate more rapidly through greater control over the scanning process
Accelerate mean-time-to-detection for new vulnerabilities and asset updates
Respond faster to changes in customer environments
A report from Greynoise.io shows the magnitude of internet scanning that Bitsight deploys to identify changes in internet connected devices. “Bitsight dedicates a crazy amount of infrastructure to poke at internet nodes.” - Greynoise.io
Passive Data Collection
Bitsight passive data collection leverages a variety of tools and techniques
Malware Detection
Using sinkholes, malware emulators, honeypots, and similar techniques to discover ransomware precursors, worms, botnets, greyware, adware, malware distribution, malicious internet scanning, and vulnerability exploits.
Version Control
Assessing the version levels of endpoint browsers, operating systems, and desktop software.
IP Ownership
Listening to network advertisements, such as those performed by the BGP routing protocol, to determine IP address ownership.
Host and Subdomains
Analyzing WHOIS records, certificate transparency logs, DNS queries from endpoints, and related information to determine the affiliations of hostnames and subdomains.
Changes in Behaviour
Monitoring the behavior of endpoint devices, such as movements between locations, to develop baselines of normal workforce computing behavior.
Lifecycle Management
Observing the speed and effectiveness of organizations’ hardware and software lifecycle management activities.
Security Observables
Some of our most powerful passive data collection methods include leveraging sinkholes, malware emulators, honeypots, and other similar techniques. The combination of data sources creates a rich set of security observables to understand and measure risk. Some examples include:
Worms and botnets
Ransomware precursors
Malware, Adware, and Greyware
Malicious scanning and Vulnerability Exploits
Of note, Bitsight operates one of the world’s largest sinkhole infrastructures, enabling our team to intercept command and control communications from malware and botnets to analyze communication patterns about malware and track the source IP address of infected machines.
