Mapping Data to Get "A Different Perspective" for Security Ratings

Melissa Stevens | December 11, 2013 | tag: Big Data

I'm excited to announce the release of another great BitSight Insights report! In A Different Perspective, Stephen Boyer, BitSight's CTO and Co-Founder, provides some insight into a key component of our security ratings process: our IP address based approach to analyzing security incidents. 

To derive a security rating, we start with an immense amount of event data that we've collected from globally-placed internet sensors.  BitSight’s sophisticated algorithms analyze this data for event type (malware, spam, botnet communications, DDoS, etc.), severity, frequency, duration, and confidence. The end result is a credit-score type rating that represents the security effectiveness of a particular organization.

A crucial step in the process is mapping the event data back to the network IP from which it originated. What we see when we map the data this way is represented in the figure below, which depicts Global IPV4 malicious activity over the course of one week.  The red color represents a high volume of malicious activity and blue represents a lower volume.

Security Ratings are derived from IP-mapped security event data.

Looking at IP-mapped data over time reveals fluctuations in volume, class and intensity of attack, as well as variable distribution of the networks attacks are coming from— forming the very basis of our security ratings.

In the full report, Stephen explains how this perspective helps organizations understand security risk:

The behavior of an organization as measured from this new perspective helps to us better understand what some organizations might be doing differently or better than others. Some organizations have less malware than others. Others detect and remediate at a faster pace. An address based perspective moves us toward asking better questions and understanding who is doing well and what is working for those high performers.

To learn more, download A DifferentPerspective.

Suggested Posts

Security Ratings: Quality over Quantity (but here are the numbers)

Poor information security can lead to serious, public data breaches for companies and their customers. That's why BitSight Security Ratings are used by companies to evaluate and mitigate information risk. This risk applies to a company's ...


Data Driven Security Podcast: Measurement & Security Performance

On June 22, 2014, BitSight CTO and Cofounder Stephen Boyer (@SWBoyer) joined Bob Rudis (@hrbrmstr) and Jay Jacobs (@jayjacobs) on their Data Driven Security Podcast series.  This conversation was long in the works, and something we were...


Security Ratings: A Big Data Approach to Mitigating and Measuring Risk

In the past year data breaches have become a fixture on the news cycle. The major breaches across multiple industries have also caught the attention of business leaders, with a recent study noting that CEOs and senior executives rank...


Get the Weekly Cybersecurity Newsletter.