Internet-Facing Assets

Internet-facing programs and services constitute a large portion of your organization's attack surface and can be your most vulnerable assets. These assets, which may be accessible from the internet either accidentally or deliberately, are among the first targets that threat actors attempt to compromise.

Attack Surface Discovery gives you visibility into your external attack surface by discovering the domains (including subdomains) and IP addresses used for your internet-facing assets. During discovery, key information about your assets such as geolocation, host provider, and certificate status is also collected.

When getting started, Attack Surface Discovery automatically identifies your organization's root domains and IP addresses based on data from your connected identity and access management (IAM) systems as well as Trend Vision One sign-in information. A secondary verification process ensures the root domains belong to your organization. Sources used in secondary verification include:

The verification process also discovers related domains, subdomains, and public-facing IP addresses.

Once internet-facing assets are discovered and verified, Attack Surface Discovery performs a risk assessment on the assets to help you prioritize during remediation. The risk assessment identifies asset security issues based on information about ports and services used, certificate status, and vulnerabilities.

Collected data on discovered and verified assets is updated daily.

A multi-faceted scoring system is used to determine the criticality and risk level of an internet-facing asset. An asset's risk score considers the following factors: