External Footprint Scan
The External Footprint Scan is a core component of our security suite, designed to continuously monitor your organization’s online presence and identify potential security risks. It provides visibility across your internet-facing assets, helping you proactively manage vulnerabilities before they can be exploited.
What is Included in the Scan?
The External Footprint Scan includes monitoring for:
Publicly Accessible IP Addresses: Detecting IPs associated with your organization to identify potential exposures.
Domains and Subdomains: Scanning for misconfigurations, open ports, and security risks across your registered domains.
SSL Certificates: Ensuring the security and validity of SSL certificates to protect data integrity.
Threat Intelligence Sources: Leveraging multiple data sources to detect emerging threats and risks across the internet.
NEW: Enhanced Vendor Domain Scanning
As of today, we have expanded our External Footprint Scan to include verified domains associated with your vendor organizations. This enhancement enables more comprehensive monitoring of related domains from vendors like Google and Microsoft, providing greater security across your extended network.
If you would like to add or modify vendor domains for scanning under your organization, you can verify these domains directly with your vendor. Here are resources to assist with this process:
Microsoft: Add custom domains to your tenant using the Microsoft Entra Custom Domain Instructions.
Google: To add secondary domains in Google Workspace, refer to Google Workspace Custom Domain Instructions.
Once verified, these domains will be included in your organization’s regular scans, strengthening visibility and protection across all critical areas of your extended footprint.
Issues and Remediations
Upon completing a scan, Guardz identifies and reports any issues found across your assets, providing details such as affected IPs, domains, and any missing security measures. You can take action directly on these issues to address and remediate them.
Issues from Alert Emails, Spam Emails, Quarantined Emails, and Suspicious Logins will automatically move to “Archived” status after 14 days from the last detection. This feature reduces the noise of "old" issues and allows you to focus on newer issues that may need attention.
FAQ:
How often does the External Footprint Scan run?
The scan runs on a monthly basis.
I marked an issue as processed; when will it be resolved?
After marking an issue as processed, it may take a few hours to reflect the changes.
Why do I have a DMARC-related issue despite having the records set?
If a DMARC record is present but set to a 'none' policy (p=none), it is considered insufficiently configured. Adjusting the policy is recommended based on your organization's needs.
I fixed issues on the external surface and want to see the results. How can I initiate a scan?
To initiate a scan after making changes, select the issue, click 'Remediation' > 'Continue' > 'Mark as processed.' This will trigger a new scan, which may take a few hours.
An internal asset is listed as inactive. What does this mean, and what can I do about it?
If an asset is listed as inactive, it indicates that the asset's IP is no longer active, which could mean it is not responding or has been decommissioned.