Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Organization Graph Analysis

Organization Graph Analysis

Section titled “Organization Graph Analysis”

5 automated security scanners

Cross-Ownership Analysis

Section titled “Cross-Ownership Analysis”

Purpose: The Cross-Ownership Analysis Scanner is designed to uncover hidden ownership structures and potential conflicts of interest by analyzing public records, OSINT sources, and financial disclosures. It aims to detect suspicious investment patterns, reveal concealed ownership through subdomain discovery and certificate transparency logs, identify anomalies in SEC filings, analyze LinkedIn profiles for potential conflicts, and monitor GitHub activities for unauthorized access or suspicious changes.

What It Detects:

  • Suspicious Investment Patterns: Identifies unusual or disproportionate investments from entities with no apparent connection to the company, as well as repeated investments by a single entity across multiple companies without clear documentation.
  • Concealed Ownership Structures: Uncovers hidden ownership through subdomain discovery and certificate transparency logs, revealing indirect ownership via shell companies or offshore entities.
  • SEC Filing Anomalies: Analyzes risk factor disclosures for inconsistencies or red flags indicating concealed ownership and identifies discrepancies between financial statements and public records.
  • LinkedIn Profile Analysis: Scans LinkedIn profiles of key personnel to detect potential conflicts of interest or undisclosed affiliations, identifying overlapping roles or positions that suggest hidden ownership ties.
  • GitHub Activity Monitoring: Examines code repositories and security advisories for signs of unauthorized access or suspicious activities, identifying unusual commits or changes that may indicate concealed ownership or insider threats.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com)
  • company_name (string): The company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations looking to maintain transparency and integrity in their business relationships, particularly when dealing with investments, partnerships, or executive affiliations. It helps identify potential conflicts of interest and hidden ownership structures that could lead to unethical practices or regulatory non-compliance.

Risk Levels:

  • Critical: Conditions where concealed ownership is discovered through subdomain discovery or significant discrepancies in SEC filings that significantly impact financial statements or legal compliance.
  • High: Conditions where unusual investment patterns are detected without clear documentation, suggesting potential hidden ownership or insider trading.
  • Medium: Conditions where minor anomalies in SEC risk factor disclosures suggest possible concealed activities but do not directly impact financial integrity.
  • Low: Informational findings such as inconclusive evidence of conflicts on LinkedIn profiles or GitHub activity that require further investigation for confirmation.
  • Info: Findings from routine scans that provide general insights into public records and online profiles, contributing to a broader understanding of organizational exposure without immediate risk.

Example Findings:

  • “Potential conflict of interest or undisclosed affiliation found on LinkedIn profile: [profile link]”
  • “Suspicious commit message detected in GitHub repository: [repository URL], indicating unauthorized access.”

Synthetic Corporate Identity

Section titled “Synthetic Corporate Identity”

Purpose: The Synthetic Corporate Identity Scanner is designed to identify inconsistencies and anomalies in organizational data by analyzing publicly available information. It aims to detect AI-generated content such as artificial executives, fabricated team members, and manipulated historical records. This tool helps organizations maintain the authenticity of their public profiles and digital assets.

What It Detects:

  • AI-Generated Executives: Unnatural language patterns in executive bios, generic or templated descriptions lacking personal details, and inconsistent tenure dates or career progression.
  • Fabricated Team Members: Inconsistencies between LinkedIn profiles and company roles, fabricated activity on GitHub, and mismatched identities across job board listings.
  • Artificial History: Discrepancies in SEC filings, false news articles or press releases, and subdomain discovery inconsistencies through Certificate Transparency logs.
  • Inconsistent Certifications and Claims: Mismatched certification claims on LinkedIn profiles, unsupported ISO/PCI/HIPAA compliance statements, and vague security claims without evidence.
  • Breach Mentions and Security Incidents: Data breaches or unauthorized access mentions in various sources, with inconsistencies in breach disclosure language.

Inputs Required:

  • domain (string): The primary domain to analyze, such as acme.com, which helps in gathering information across the organization’s digital footprint.
  • company_name (string): Identifies the company for specific searches related to statements and profiles, aiding in targeted analysis.

Business Impact: Maintaining the integrity of corporate identities is crucial for building trust with stakeholders, investors, and customers. Authenticity in public representations helps avoid legal liabilities, maintain market credibility, and protect against cyber threats that can exploit false information.

Risk Levels:

  • Critical: Severe inconsistencies or patterns indicating deliberate manipulation of data, which could lead to significant legal and reputational risks.
  • High: Notable discrepancies in publicly available records that may suggest inaccuracies or falsification, impacting trust but potentially less severe than critical issues.
  • Medium: Minor inconsistencies or gaps in information that might be indicative of incomplete or overlooked due diligence.
  • Low: Minimal deviations from expected patterns that could be considered normal variations rather than deliberate misinformation.
  • Info: Informal findings without immediate security or business impact, such as minor language inconsistencies not directly affecting trust or compliance.

Example Findings:

  • A LinkedIn profile for a CFO contains generic bio text indicating templated content, suggesting potential AI generation.
  • GitHub contributions from an alleged CTO show no significant activity beyond boilerplate code, raising questions about the authenticity of these entries.
  • An SEC filing inaccurately states revenue figures that do not align with quarterly reports available online.

Shadow Organizational Structure

Section titled “Shadow Organizational Structure”

Purpose: The Shadow Organizational Structure Scanner is designed to uncover hidden organizational links and concealed hierarchies within a company by analyzing publicly available data sources. This tool helps in revealing the true structure of an organization, including potential shadow networks, undisclosed partnerships, or covert operations.

What It Detects:

  • Subdomain Discovery: Identifies subdomains associated with the primary domain to map out the organizational infrastructure.
  • GitHub Repository Analysis: Searches for repositories linked to the company that may reveal internal projects, technologies used, or partnerships.
  • Breach History and Security Incidents: Scans breach history databases and news articles for mentions of security incidents involving the company.
  • Job Board Analysis: Analyzes job postings to identify technologies, certifications, and roles that indicate organizational structure or partnerships.
  • SEC Filings Review: Examines SEC filings for risk factor disclosures that may hint at hidden organizational relationships or structures.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations looking to understand their full technological footprint and potential vulnerabilities hidden within the organizational structure. It aids in proactive security measures, risk assessment, and compliance verification across various domains including technology partnerships, project collaborations, and regulatory adherence.

Risk Levels:

  • Critical: Conditions that directly lead to severe data breaches or significant business disruptions are considered critical. This includes direct threats to sensitive information such as financial details, personal identifiable information (PII), intellectual property, etc.
  • High: High-risk findings involve potential exposure of proprietary technologies, strategic partnerships, and other high-value organizational assets that could be compromised if not properly secured.
  • Medium: Medium-severity risks pertain to less critical but still significant vulnerabilities such as unauthorized access points or data leaks that might lead to regulatory fines or loss of confidence among stakeholders.
  • Low: Informational findings are those which, while important, do not pose an immediate threat to the organization’s security posture. They include normal business practices and technical details about operations.
  • Info: These are generally non-critical observations that provide additional context but do not directly affect operational or strategic risks.

If specific risk levels are not defined in the README, they have been inferred based on the general severity of each detection point.

Example Findings:

  1. A subdomain hidden.acme.com was discovered which is linked to internal project discussions and technical documentation that were not publicly disclosed.
  2. An unauthorized access mention in a breach history database suggests potential security lapses or insider threats within the organization, warranting immediate attention for enhanced monitoring and auditing procedures.

Corporate Relationship Mapping

Section titled “Corporate Relationship Mapping”

Purpose: The Corporate Relationship Mapping Scanner is designed to analyze public records and open-source intelligence (OSINT) to detect legitimate versus suspicious entity relationships within an organization. This tool helps in identifying potential risks, partnerships, and vulnerabilities by mapping out the company’s digital footprint.

What It Detects:

  • Subdomain Discovery: Identifies subdomains associated with the primary domain using Certificate Transparency logs.
  • Breach History: Checks for breach history of the organization using HaveIBeenPwned API.
  • Technology Stack Disclosure: Analyzes job boards and LinkedIn profiles to identify technology stack used by the company.
  • Certification Claims: Verifies certification claims made by the company in their public disclosures.
  • SEC Filings Analysis: Parses SEC EDGAR filings to identify risk factors and potential conflicts of interest.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations looking to understand their digital footprint and potential vulnerabilities in terms of partnerships, risks, and security posture. It helps in proactive risk management and compliance verification by providing detailed insights into the company’s relationships and technology usage.

Risk Levels:

  • Critical: Conditions that could lead to immediate system failure or significant data loss.
  • High: Conditions that may disrupt service but do not necessarily lead to critical failures.
  • Medium: Conditions that might indicate potential issues requiring attention.
  • Low: Informative findings that provide context but are generally less concerning.
  • Info: Non-critical information providing additional context or insights.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  1. The subdomains api.acme.com, blog.acme.com, and admin.acme.com were discovered through Certificate Transparency logs, indicating a broader digital presence beyond the primary domain.
  2. Historical breaches such as “Acme Data Breach 2021” and “Acme Security Incident 2020”, identified using HaveIBeenPwned API, highlight potential security vulnerabilities that need to be addressed.

Front Company Detection

Section titled “Front Company Detection”

Purpose: The Front Company Detection Scanner is designed to identify operational discrepancies and resource inconsistencies by analyzing public records and open-source intelligence (OSINT) sources. This tool helps uncover potential misalignments between a company’s stated resources, technology stack, and actual security posture.

What It Detects:

  • Breach Mentions: The scanner detects mentions of data breaches, security incidents, unauthorized access, and compromised systems in public records and news articles using specific patterns for detection.
  • Tech Stack Disclosure: It identifies technology stack disclosures on job boards, LinkedIn profiles, and other public platforms by searching for relevant keywords related to cloud services and infrastructure tools.
  • Certification Claims: The scanner verifies claims of various certifications such as SOC 2, ISO 27001, PCI DSS, and HIPAA compliance through pattern matching in company statements and records.
  • Subdomain Discovery: By leveraging Certificate Transparency logs, the scanner discovers potential hidden resources or services by searching for subdomains related to the main domain.
  • Security Advisories and Breach History: The scanner checks for security advisories on GitHub and breach history on HaveIBeenPwned to identify known vulnerabilities and past breaches, enhancing the overall security posture assessment.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is necessary to search for public records, breach mentions, and technology stack disclosures related to the specified domain.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - Providing the company’s name helps in more targeted searches for relevant statements and certifications.

Business Impact: This scanner is crucial for organizations looking to maintain transparency, ensure compliance with security standards, and proactively address potential vulnerabilities that could impact their reputation and legal liabilities.

Risk Levels:

  • Critical: Conditions that directly lead to significant risks such as data breaches or unauthorized access are considered critical. These include clear mentions of breaches in public records and high-severity security incidents identified through GitHub and HaveIBeenPwned searches.
  • High: High-risk findings involve disclosures of vulnerabilities or non-compliance with standards like PCI DSS, which could lead to substantial data exposure or compliance issues.
  • Medium: Medium-risk findings include less severe breaches or inconsistencies in technology stack disclosures that still pose a risk but are not as critical as high risks.
  • Low: Informal or minor discrepancies that do not significantly impact security posture but should be addressed for continuous improvement.
  • Info: Informational findings provide context on the company’s public statements and may include details about certifications, which while not directly risky, contribute to a comprehensive understanding of the organization’s security practices.

Example Findings:

  • The scanner might flag “Mention of an unauthorized access incident in recent news articles” as a critical risk due to potential data theft or system compromise.
  • A high-risk finding could be “Discrepancy between stated technology stack and actual usage, indicating possible misrepresentation.”
  • A medium-risk issue might include “Undisclosed subdomains discovered during the scan,” which should prompt further investigation into hidden services potentially exposing sensitive information.
  • Low risks might involve minor inaccuracies in disclosed certifications or outdated technology mentions that do not significantly affect security posture but are indicative of ongoing maintenance issues.