Keeping Your Reputation Safe: Why Monitoring the Attribution of IP Addresses Matters
Julia Grunewald | June 16, 2017
BitSight Security Ratings are based on security events and configurations present on a company’s digital infrastructure. As we discuss these ratings with companies, we’ve found that many of them have infrastructure registered to them that they are unaware of. With the recent WannaCry ransomware attacks (and with the increased frequency of cyber incidents overall), it is becoming critical that organizations take a more thorough look at their infrastructure. This preventative measure can help identify any vulnerabilities or malicious activity on unmonitored parts of a network, as well as confirm that accuracy of registrations.
There are several possibilities that explain why companies may not be cognizant of infrastructure associated with their brand. This happens frequently during acquisitions. Through this process, the parent company acquires all the IP addresses and domains of their new subsidiary. Some of these IP addresses may be affected by malware, botnet infections, or other harmful software. The longer these IP addresses, domains, or open ports go unattended, the worse the consequences may be if an attack ensues. It’s critical that organizations do their due diligence during and after acquisitions to see what assets they are acquiring. If they’re not aware of these new assets, they cannot take effective measures to protect them, or guard their reputation from a potentially harmful impact.
Companies also gain and forfeit IP addresses on a regular basis through Internet Service Providers (ISP) like Verizon or Comcast. Additionally, if they change service providers, the IP addresses are typically forfeited to the service provider. ISPs don’t always keep those registrations up to date, so it is the responsibility of the company to make sure their registrations are up to date when changing what infrastructure they use.
When federal agencies like the FBI investigate suspicious or illegal activity, IP address attribution is the first thing examined when nefarious activity on a certain IP address occurs. For example, if an IP address is registered to a company, but used by an attacker to launch a malware attack, the company will have to go through the process of cleaning up the registrations as part of the investigation, which is more costly from a time, resource, and reputation standpoint than making the updates proactively.
So, why does this matter? Companies should not only confirm the IP address space for their own company, but also encourage their vendors and other critical third parties to do so. More and more often, data breaches involve a company’s third parties. By knowing and confirming the IP addresses registered to them, a company can help protect their reputation and mitigate many of the above risks.
BitSight Security Ratings can clearly identify all the infrastructure belonging to your company (registered IP address and CIDR blocks, IP addresses where your domains are hosted, etc.). In most cases, there are links provided that lead straight to the registration records. BitSight can also identify the IP addresses with the largest number of problems on your network, which is a good place to prioritize efforts for security improvement. Additionally, your third parties can have access to all of their IP information if you invite them to the BitSight portal for a two week period at no cost. This enables vendors to view the details of their IP address registrations as well as their BitSight Rating and associated information. Lastly, BitSight provides contact information for all of the regional registers that leads directly to their IP address allocation departments to help you and your third parties update any outdated registrations. As always, our Customer Success and Support teams are here to help you through any step of the process.