Abstract: Techniques for identifying and managing an organization's remote attack surface that account for the fluid nature of the remote attack surface are described. Data collected from organization-issued endpoint devices are obtained and analyzed to determine public IP addresses used by the endpoint devices. The devices connected to external networks (i.e., non-organization networks) at various time windows are identified by distinguishing between public IP addresses that are associated with the organization and those that are not. Data obtained from ongoing global probing of public IP addresses, which at least indicate software instances hosted on networks corresponding to the public IP address, are correlated with each public IP address determined to be associated with an external network to which an endpoint device has connected. From these data, any security risks that connections to external networks may pose to the organization's network can be identified.

Abstract: Techniques for identifying and managing an organization's remote attack surface that account for the fluid nature of the remote attack surface are described. Data collected from organization-issued endpoint devices are obtained and analyzed to determine public IP addresses used by the endpoint devices. The devices connected to external networks (i.e., non-organization networks) at various time windows are identified by distinguishing between public IP addresses that are associated with the organization and those that are not. Data obtained from ongoing global probing of public IP addresses, which at least indicate software instances hosted on networks corresponding to the public IP address, are correlated with each public IP address determined to be associated with an external network to which an endpoint device has connected. From these data, any security risks that connections to external networks may pose to the organization's network can be identified.

Abstract: A data-driven, unsupervised system (“owner inference module”) has been created that collects information from different data sources and infers ownership of an asset by discerning signals conveying ownership and using them to identify likely owners of assets. The owner inference module creates a graph of direct and indirect relationships among the asset and entities based on the collected information (i.e., the data and metadata). The owner inference module processes the graph and accounts for the varying strengths of different ownership signals based on any one or more of observations, expert knowledge, and preferences. The owner inference module quantifies the different signals of ownership of an entity and aggregates these values into an ownership likelihood score.

Abstract: Techniques for identifying and managing an organization's remote attack surface that account for the fluid nature of the remote attack surface are described. Data collected from organization-issued endpoint devices are obtained and analyzed to determine public IP addresses used by the endpoint devices. The devices connected to external networks (i.e., non-organization networks) at various time windows are identified by distinguishing between public IP addresses that are associated with the organization and those that are not. Data obtained from ongoing global probing of public IP addresses, which at least indicate software instances hosted on networks corresponding to the public IP address, are correlated with each public IP address determined to be associated with an external network to which an endpoint device has connected. From these data, any security risks that connections to external networks may pose to the organization's network can be identified.