Internet-Facing Assets

Views:

Attack Surface Discovery identifies internet-facing domains and IP addresses within your organization and reports potential risks such as misconfigurations, vulnerabilities, and insecure connection issues.

Internet-facing programs and services constitute a large portion of your organization's attack surface and can be your most vulnerable assets. These assets, which are accessible from the internet either accidentally or deliberately, are among the first targets that threat actors attempt to compromise.

Attack Surface Discovery gives you visibility into your external attack surface by discovering and assessing the domains/hosts (including subdomains) and IP addresses used for your internet-facing assets. During discovery, key information about your assets such as location, host provider, and certificate status is collected.

When getting started, Attack Surface Discovery automatically identifies your organization's root domains and IP addresses based on data from your connected IAM products and Trend Vision One sign-in information. A secondary verification process ensures the root domains belong to your organization. Sources used in secondary verification include:

Source	Information collected
ICANN Lookup (WHOIS)	Registrant information
External DNS services	A, AAAA, and CNAME records
VirusTotal	Subdomain information

Verified domains and IP addresses are used to discover related domains, subdomains, and public-facing IP addresses.

Important

It may take up to seven days to complete verification of all discovered domains and subdomains. Before the verification is complete, the number of domains displayed in Internet-facing assets may not match the actual number of discovered domains.

Once internet-facing assets are discovered and verified, Attack Surface Discovery performs a risk assessment on the assets to help you prioritize remediation efforts. The risk assessment identifies asset security issues based on information about ports and services used, certificate status, and vulnerabilities.

Collected data on discovered and verified assets is updated daily.

Note

If a domain or IP is added, changed, or removed, the change may take up to seven days to be reflected in Internet-Facing Assets.

Several factors are used to determine the criticality and risk score of an internet-facing asset.

Asset type	Risk score contributor
Internet-facing domains	Certificates Ports Vulnerabilities Aggregated risk for hosts related to the domain Aggregated risk for IP addresses related to the domain and related hosts
Internet-facing IP addresses	Ports Vulnerabilities

Important

Some discovered internet-facing assets may display a risk score of 0.0. An asset may get a risk score of 0.0 for two reasons:

The asset has no detected risk.
A risk score was not calculated for the asset.

Risk scores are not calculated for internet-facing assets that return conflicting or inconsistent data during discovery, often due to the asset hosting method. To maintain accuracy and reliability, inconsistent asset data is discarded, which may result in a lack of data available for risk score calculation. When no consistent data is available for calculation, a risk score of 0.0 is displayed. You should check the hosting method of an internet-facing asset with a 0.0 risk score before assuming the asset has no detected risk.