What’s the External Footprint Scan about?
An External Attack Surface, the digital footprint of your domain, refers to the organization’s internet-facing assets, which hackers can exploit.
Internet-facing assets include: domain names, SSL certificates and protocols, operating systems, servers, IoT devices, and network services.
Vulnerabilities in these assets can be the easiest gateway to accessing internal networks and sensitive data.
Attackers exploit weak points in the organization’s network, often left unprotected.
External Footprint Scan Capabilities
The Guardz External Footprint Scan helps you to discover, manage, and monitor your organization’s assets in one place.
Upon initial sign-up, Guardz will run a scan automatically on all assets related to your primary domain (domains, sub-domains, and IPs) and discover all the connected assets.
The results of the scan will be ready between 3 hours and up to 72 hours, and you’ll be notified by email when it is complete.
The External Footprint Asset List will be located on the Assets Page (Left navigation menu). Admins can view all known assets by type and name.
Note: If you notice an asset that does not belong to your organization, click on the 3 dots icon next to the asset, and then ‘Place in Dispute.’ This is an indication that goes directly to our support team for further review.
External Footprint Scan - Issues and Remediations
After the scan, Guradz will raise all the issues that have been detected.
Each issue will contain additional information, such as missing versions, related IPs, affected domains, etc.
FAQ External Footprint
Question: How often does the External Footprint Scan run?
📍Answer: The External Footprint Scan runs monthly.
Question: I marked the issue as Processed; when will it get resolved?
📍Answer: It takes a few hours to see the results of the scan after fixing the issues.
Question: Why do I have an issue related to DMARC while I have the records set?
📍Answer: While a DMARC record might exist, the platform checks which policy is set and considers the DMARC not configured properly if it’s set to none (p=none). It is recommended to set a policy according to your preference.
Question: I fixed the issues on the External Surface and want to see the results. How can I initiate the scan?
📍Answer: To initiate the scan after fixing the issues you can click on the issue Remediation > Continue > Mark as processes - this will trigger a new scan, which may take a few hours.
Question: I have an internal asset that is listed as inactive. What does this mean and what can I do about it?
📍Answer: If an internal asset is listed as inactive it means the external footprint scan has identified that the asset is using an IP address that is no longer active. This could mean that the device is no longer communicating or responding properly or that it is no longer present.