Abstract: An asset attribution model attributes assets to organizations according to metadata about the assets retrieved by a network scanner and other metadata in association with the assets that is retrieved and stored in a repository. A data slice rules interface applies logical rules to query the repository to retrieve metadata for assets satisfying each logical rule to generate data slices. Each logical rule is constructed so that assets satisfying the rule have attributions to known organizations. The asset attribution model is evaluated for accuracy in predicting known attributed organizations along each data slice. Depending on the resulting accuracies, the asset attribution model either updates its architecture and is retrained or is deployed for asset attribution.

Abstract: Techniques for identifying and managing an organization's remote attack surface that account for the fluid nature of the remote attack surface are described. Data collected from organization-issued endpoint devices are obtained and analyzed to determine public IP addresses used by the endpoint devices. The devices connected to external networks (i.e., non-organization networks) at various time windows are identified by distinguishing between public IP addresses that are associated with the organization and those that are not. Data obtained from ongoing global probing of public IP addresses, which at least indicate software instances hosted on networks corresponding to the public IP address, are correlated with each public IP address determined to be associated with an external network to which an endpoint device has connected. From these data, any security risks that connections to external networks may pose to the organization's network can be identified.