Mapping Data to Get "A Different Perspective" for Security Ratings

I'm excited to announce the release of another great BitSight Insights report! In A Different Perspective, Stephen Boyer, BitSight's CTO and Co-Founder, provides some insight into a key component of our security ratings process: our IP address based approach to analyzing security incidents.

To derive a security rating, we start with an immense amount of event data that we've collected from globally-placed internet sensors. BitSight’s sophisticated algorithms analyze this data for event type (malware, spam, botnet communications, DDoS, etc.), severity, frequency, duration, and confidence. The end result is a credit-score type rating that represents the security effectiveness of a particular organization.

A crucial step in the process is mapping the event data back to the network IP from which it originated. What we see when we map the data this way is represented in the figure below, which depicts Global IPV4 malicious activity over the course of one week. The red color represents a high volume of malicious activity and blue represents a lower volume.

Security Ratings are derived from IP-mapped security event data.

Looking at IP-mapped data over time reveals fluctuations in volume, class and intensity of attack, as well as variable distribution of the networks attacks are coming from— forming the very basis of our security ratings.

In the full report, Stephen explains how this perspective helps organizations understand security risk:

The behavior of an organization as measured from this new perspective helps to us better understand what some organizations might be doing differently or better than others. Some organizations have less malware than others. Others detect and remediate at a faster pace. An address based perspective moves us toward asking better questions and understanding who is doing well and what is working for those high performers.