Risk Reporting Metrics

Metrics being Measured

Security Posture (SP) & Threat Indicator (TI)

RankCategoryMetricDescription
1TIBlacklisted Hosts with Malware
(High Confidence)

The number of websites in the organization that have been listed on high confidence security blacklists for hosting malware. This metric displays hits from RiskIQ Malware list and Google Safe Block for Malware List.

1TIBlacklisted Hosts with Phishing (High Confidence)

The number of websites in the organization that have been listed on security blacklists for hosting phish. This metric displays hit from RiskIQ Phish List and Google Safe Browsing Phish List.

2TIBlacklisted Hosts with Malware
(Low Confidence)

The number of websites in the organization that have been listed on security blacklists for hosting malware. This metric displays hits from the following external lists: Virus Total, Cymru Malware, Pareto, MalwarePatrol, AbuseCH, DnsBH, MalwareDomainList, Malc0de.

2TIBlacklisted Hosts with Phishing
(Low Confidence)

The number of websites in the organization that have been listed on security blacklists for hosting phish. This metric displays hits from the following external lists: Cymru Malware, Pareto, MalwarePatrol, AbuseCH, DnsBH, MalwareDomainList, Malc0de.

3TIBotnet

The number of IP addresses in the organization that have been listed on Firehol blacklists due to behaviour of a compromised device that is part of a Botnet.

3TICommand and Control (C2)

The number of IP addresses in the organization that have been listed on Firehol blacklists due to behaviour of the host that is representative of a Command and Control server for a Botnet.

3TIMalware Distribution

The number of IP addresses in the organization that have been listed on Firehol blacklists due to behaviour of the host that is representative of a website serving Malware to visitors

3TIRansomware

The number of IP addresses in the organization that have been listed on Firehol blacklists due to behaviour of the host that is representative of a website serving Ransomware to visitors

3SPInsecure Login Forms

The number of websites that do not encrypt username and password information when sent from the web client to the server.

4SPExpired SSL Certificate

The number of SSL certificates that have expired from the organization’s Digital Footprint.

4SPSSL Certificates using MD5

The number of SSL certificates using MD5 encryption that are used within an organization's Digital Footprint. MD5 is an outdated encryption algorithm that is being phased out by the major Internet Browsers.

4SPSSL Certificates using SHA1

The number of SSL certificates using SHA1 encryption that are used within an organization's Digital Footprint. SHA1 is an outdated encryption algorithm that is being phased out by the major Internet Browsers.SSSP

4SPCommon Vulnerability & Exposure with a Critical CVSS Score

The number of websites that have potential CVEs with a CVSS Score greater than or equal to 9.

5SPEPP Domain Status Code
Not Leveraged

The number of domains that do not leverage EPP domain status codes as a protective measure.

5SPCommon Vulnerability & Exposure with a High CVSS Score

The number of websites that have potential CVEs with a CVSS Score between 7 and 9.

6SPDatabase Servers

The number of IP addresses observed with open ports that are commonly used by database services.

8SPEPP Domain Status Code
Not ClientTransferProhibited

The number of domains that do not have a EPP domain status code of clientTransferProhibited.

8SPEPP Domain Status Code
Not ClientUpdateProhibited

The number of domains that do not have a EPP domain status code of clientUpdateProhibited

8SPEphemeral

The number of IP addresses observed with open ports between 49152 to 65535. These are dynamic or private ports that cannot be registered with IANA. This range is used for private, or customized services or temporary purposes and for automatic allocation of ephemeral ports.

8SPInternet of Things (IoT)

The number of IP addresses observed with open ports commonly used by consumer or industrial devices.

8SPNetworking Equipment

The number of IP addresses observed with open ports commonly used by networking equipment.

8SPRegistered

The number of IP addresses observed with open ports between 1024 to 49151. These are registered ports assigned by IANA for a specific service upon application by a requesting entity. On most systems registered ports can be used without superuser privileges.

8SPRemote Access Ports

The number of IP addresses observed with open ports commonly used by services that allow remote access to the host.

8SPSystem Ports

The number of IP addresses observed with open ports between 0 to 1023. These are the well-known ports or system ports. They are used by system processes that provide widely used types of network services.

8SPHTTP Public Key Pinning (HPKP)

The number of websites without Public Key Pinning Extension for HTTP (HPKP).

8SPHTTP Strict Transport Security (HSTS)

The number of websites without HTTP Strict Transport Security (HSTS).

8SPX-Content-Type-Options

The number of websites which do not have the X-Content-Type-Options header set.

8SPX-Frame-Options

The number of websites which do not have the X-Frame-Options header set.

8SPX-XSS-Protection

The number of websites which do not have the X-XSS-Protection header set.

8SPX-Permitted-cross-domain-policies

The number of websites with X-Permitted-Cross-Domain-Policies policy violation.

9SPEPP Domain Status Code
Not ClientDeleteProhibited

The number of domains that do not have a EPP domain status code of clientDeleteProhibited.

10SPUnique Registrants

The number of domain registrants that are leveraged by an organization to register the organization's domain names.

10SPUnique Registrars

The number of domain registrars that are leveraged by an organization to register the organization's domain names.

10SPWebsites

The number of live websites discovered within an organization's Digital Footprint.

10SPOwned ASNs

The number of Autonomous Systems owned by organization.

10SPThird Party ASNs

The number of third-party Autonomous Systems leveraged by an organization.

10SPWeb Servers

The number of IP addresses observed with open ports commonly used by web servers to serve secure (Port 443) and insecure content (Port 80).

10SPSSL Certificate Organizational Units

The number of subject organization units for an organization's SSL Certificates. This field is used to indicate the unit with an organization that registered an SSL certificate.

10SPSSL Certificate Organizations

The number of organizations for an organization's SSL Certificates. The Subject field in an SSL certificate determines what organization name is displayed at the top of the browser when a user browsers a secure site.

10SPCommon Vulnerability & Exposure with a Medium CVSS Score

The number of websites that have potential CVEs with a CVSS Score between 5 and 7.

10SPCommon Vulnerability & Exposure with a Low CVSS Score

The number of websites that have potential CVEs with a CVSS Score less than 5.