External Attack Surface Insights

Use the External Attack Surface > Insights page to see a high-level overview of your organization's internet attack surface.

Image showing the Insights page

At the top of the page are your attack surface key performance indicators:

  • Exposed internal assets
  • High risk services
  • High risk vulnerabilities
  • Blacklisted assets
  • Email and IP breaches

Selecting a blue number in an indicator will take you to a filtered Exposures or Assets view showing those items.

The following sections describe widgets on the Insights page.

Assets discovery

This widget shows non-traditional asset discovery information, such as assets associated with domains or APIs. The assets are divided among total discovered and those that have detected exposures, CVE or other.

Selecting a bar in the widget will take you to a filtered view.

Top 5 vulnerabilities

This widget shows you the top five CVEs based on the VRS score and the number of assets affected.

VRS is based on vulnerability intelligence from over 100 sources, including how likely a CVE will be exploited in the near future. This information is then used to calculate a consolidated score.

Ivanti Neurons for RBVM customers may be familiar with the VRR score used there. The main difference is that the VRS score used here includes exploitability prediction in the calculation.

Open exposures by age and severity

This widget helps you visualize your exposure status over time. The severity axis levels are based on the Common Vulnerability Scoring System score.

Exposure breakup

This funnel widget divides exposures by type, with the more critical and recommended actionable exposures to the left side of the widget. Each section is color-coded by severity and shows how many exposures are detected and the number of assets affected.

Top exposed services

This widget shows internet service ports with critical exposures. These include service ports such as FTP and SSH, along with ports commonly used by remote access trojans (RAT).

Hosts by geolocation

This widget shows geographically where assets have been discovered. Use this to find assets in unexpected locations that perhaps need investigation. Selecting a dot on the map will take you to a filtered list showing those assets.

Exposure timeline

This widget shows monthly exposure timeline trends, based on the number of exposures and the color-coded exposure severity. When you first set up EASM, you will only see a single bar for the month you started data collection. Another bar will be added each month.

Select a severity at the bottom of the widget to toggle whether that severity is included in the chart.

Exposure remediation

This widget shows analysts how many exposures were found each month with color coding indicating how many have been marked remediated.

Select Remediated or Open at the bottom of the widget to toggle whether those items are included in the chart.

You can mark an exposure remediated on the Exposures page.