data discovery hero banner

Risk Discovery

When your digital infrastructure changes every second of every day, how do you keep pace? Bitsight deploys one of the largest data discovery engines in the world to continuously identify assets, relationships, and security observables that impact risk in your organization.

Our approach to continuously update a detailed view of internet-connected devices includes a diverse set of activities that, when combined with our unique attribution capability, creates an expansive view of an organization’s interconnected entities, their digital footprint, and risk posture. To do this, we categorize our discovery engine into two categories: Active and Passive Data Collection

We proactively query specific data repositories and scan internet-connected assets to deepen our understanding of risk posture

We listen for signals that provide additional context about asset ownership, relationships among entities, and risk posture

Bitsight Groma internet asset discovery

Bitsight Groma sits at the center of our Active Data Collection capability. The proprietary scanner continuously monitors the entire internet to provide a near real-time view of connected assets and entities. Operating our own scanning technology – and not relying solely on third-party providers – creates the ability to:

  • Innovate more rapidly through greater control over the scanning process
  • Accelerate mean-time-to-detection for new vulnerabilities and asset updates
  • Respond faster to changes in customer environments

The benefits manifest into all of the Bitsight’s products and services from Continuous Vendor Monitoring and External Attack Surface Management to Cybersecurity Ratings.

A report from Greynoise.io shows the magnitude of internet scanning that Bitsight deploys to identify changes in internet connected devices.  “Bitsight dedicates a crazy amount of infrastructure to poke at internet nodes.” 
- Greynoise.io

Unique IP Internet Scanning

Bitsight passive data collection leverages a variety of tools and techniques

Bitsight Groma

Using sinkholes, malware emulators, honeypots, and similar techniques to discover ransomware precursors, worms, botnets, greyware, adware, malware distribution, malicious internet scanning, and vulnerability exploits.

Version Control

Assessing the version levels of endpoint browsers, operating systems, and desktop software.

IP Ownership

Listening to network advertisements, such as those performed by the BGP routing protocol, to determine IP address ownership.

Host and Subdomains

Analyzing WHOIS records, certificate transparency logs, DNS queries from endpoints, and related information to determine the affiliations of hostnames and subdomains.

Changes in Behaviour

Monitoring the behavior of endpoint devices, such as movements between locations, to develop baselines of normal workforce computing behavior.

Lifecycle Management

Observing the speed and effectiveness of organizations’ hardware 
and software lifecycle management activities.

Data Discovery

Some of our most powerful passive data collection methods include leveraging sinkholes, malware emulators, honeypots, and other similar techniques. The combination of data sources creates a rich set of security observables to understand and measure risk. Some examples include:

  • Worms and botnets
  • Ransomware precursors
  • Malware, Adware, and Greyware
  • Malicious scanning and Vulnerability Exploits

Of note, Bitsight operates one of the world’s largest sinkhole infrastructures, enabling our team to intercept command and control communications from malware and botnets to analyze communication patterns about malware and track the source
IP address of infected machines.