DIKW Level 1: DATA
Phase 1: Discover

Collect Raw Facts About Your Digital Footprint

Build the foundation of the DIKW pyramid by discovering and cataloging every digital identifier in your namespace—raw, unprocessed data that answers "who, what, where, when."

Phase 1: Discover Phase 2: Identify Phase 3: Analyze Phase 4: Govern Phase 5: Comply

DIKW Level 1: Raw Data Collection

This is the foundation of the information pyramid—the largest volume, but lowest value until processed. You're collecting raw facts without context: domain names, IP addresses, certificate fingerprints, DNS records, API endpoints, and timestamps.

What You're Collecting

  • example.com - Domain names
  • 192.168.1.1 - IP addresses
  • 2024-01-15T14:30:00Z - Timestamps
  • SHA-256: a3f2... - Certificate hashes
  • api.staging.example.com - Subdomains

Questions Answered

  • WHAT exists? Which domains, subdomains, certificates, and identifiers are present?
  • WHERE? Where are they located (IP addresses, hosting locations)?
  • WHEN? When were they created, modified, or last seen?

Note: At this stage, you're collecting raw facts without context—you don't yet know what they do, who owns them, or why they matter.

Next Step: Phase 2 (Identify) transforms this raw data into organized information by adding context, ownership, and classification.

Why Raw Data Collection Matters

You can't protect what you don't know exists. Discovery is the foundation—not just of namespace security, but of the entire DIKW pyramid. Without complete, accurate raw data collection, every subsequent analysis, decision, and control will be built on incomplete information.

The Data Volume Challenge

Modern organizations face an overwhelming volume of raw namespace data:

  • 7+ billion identifiers across global DNS and certificate systems
  • 5,000 to 100k+ subdomains per organization (many forgotten or untracked)
  • 100-1,000 certificates issued by various teams without central oversight
  • Third-party integrations creating DNS records automatically
  • Legacy systems and forgotten staging environments
  • Shadow IT and Shadow Identities (identity assets set up outside of process) operating outside IT's visibility

This is why automated, continuous discovery is essential—manual tracking is impossible at this scale.

Data Collection Methodology

Comprehensive discovery requires a multi-source approach. No single technique captures all assets—you must combine active, passive, and historical data sources to build a complete inventory.

1. Seed Collection

Start with known domains, registrar records, and cloud account inventories to establish baseline data.

2. Expansion

Use DNS enumeration, CT logs, and subdomain brute-forcing to discover all subdomains and related assets.

3. Validation

Verify discovered assets through active resolution, WHOIS lookups, and certificate validation.

Academy Members Get Full Access

Join the Namespace Security Academy to access in-depth implementation guides, video tutorials, and hands-on tools.

Video Tutorials

  • Step-by-step discovery walkthroughs
  • Tool demonstrations and comparisons
  • Real-world discovery case studies

Practical Resources

  • Discovery automation scripts
  • Asset inventory templates
  • Integration with popular tools
Learn More About Academy Access
Next Step in Your Journey

Phase 2: Identify

DIKW Level 2: Information

Transform your raw data into organized information by adding context, classification, and business meaning to each discovered asset.

Continue to Phase 2: Identify