Ivanti Neurons for External Attack Surface Management
An organization’s external attack surface is the sum of known and unknown assets that are visible to the internet. These assets can be places where unauthorized users attempt to enter or extract data from your environment.
Potentially vulnerable assets can include:
- Managed assets: Endpoints, servers, networks, mobile devices, and IoT devices.
- Unknown assets: Shadow IT, cloud stores, test data, code repositories, and unused credentials.
- Third-party assets: Contractors, hosted data, JavaScripts, cloud services, and APIs.
Ivanti Neurons for External Attack Surface Management (EASM) will help you:
- Discover all digital assets, both known and potentially unknown.
- Classify and fingerprint assets to prioritize exposures based on severity and asset criticality.
- Prioritize exposures that need immediate attention, backed by threat intelligence.
- Provide your team with actionable insights.
How does EASM work?
EASM data does not come from agents. There is no agent installation required. The data is publicly accessible, gathered passively by Ivanti’s internet exposure crawler, and is what a potential attacker might be able to obtain. The goal is to help you get a high-level overview of your security posture.
Ivanti's vulnerability crawler non-intrusively discovers publicly available data on seeds you provide:
- Ports, protocols, and services
- Sub-domains
- DNS repositories
- Whois information
- Data leakage
- Related social media and blog posts
EASM provides you with a comprehensive inventory of you assets directly exposed to the public internet, regardless of the network, cloud provider, or account they are hosted in.
In addition to asset discovery, EASM checks for open ports, common misconfigurations, default credential usage, programming frameworks used and any related vulnerabilities, and much more. EASM uses our threat intelligence database to identify which exposures are critical and therefore pose greater threats to your organization.
Attack Surface pages in Ivanti Neurons will not show data initially. You first need to provide seed links to your organization's presence on the internet. This is done from the External Attack Surface > Manage Seeds page. Ivanti’s internet exposure crawler will then look at those seeds and report on assets and exposures that it finds.
Concepts and terminology
You will see these terms and acronyms in the EASM user interface.
- Vulnerability Risk Score (VRS) is specific to Ivanti Neurons and factors in weaponization associations and whether the Ivanti penetration testing team has demonstrated exploitation of the flaw or weakness during one of the hundreds of real-world assessments they have completed. VRS offers a 0-10 scale where higher is more severe, just like CVSS.
- Common Vulnerability Scoring System (CVSS) is an open industry standard 0-10 severity scale maintained by the nonprofit FIRST - Improving Security Together (Forum of Incident Response and Security Teams) and are associated with many CVE (Common Vulnerabilities and Exposures) and CWE (Common Weakness Enumeration) entries maintained by MITRE. Ivanti Neurons can display CVSS v2 and v3 scoring.
- Severity represents the highest CVSS score for any CVE or CWE associated with a scanner finding. In the case of a finding being correlated to CVE values of 9.0, 7.1, 7.8, and 10.0, the Severity score would be calculated as a 10.