External Footprint Scan

The External Footprint Scan is a core component of our security suite, designed to continuously monitor your organization’s online presence and identify potential security risks. It provides visibility across your internet-facing assets, helping you proactively manage vulnerabilities before they can be exploited.

 

What is Included in the Scan?

The External Footprint Scan includes monitoring for:

  • Publicly Accessible IP Addresses: Detecting IPs associated with your organization to identify potential exposures.

  • Domains and Subdomains: Scanning for misconfigurations, open ports, and security risks across your registered domains.

  • SSL Certificates: Ensuring the security and validity of SSL certificates to protect data integrity.

  • Threat Intelligence Sources: Leveraging multiple data sources to detect emerging threats and risks across the internet.

NEW: Enhanced Vendor Domain Scanning

As of today, we have expanded our External Footprint Scan to include verified domains associated with your vendor organizations. This enhancement enables more comprehensive monitoring of related domains from vendors like Google and Microsoft, providing greater security across your extended network.

If you would like to add or modify vendor domains for scanning under your organization, you can verify these domains directly with your vendor. Here are resources to assist with this process:

Once verified, these domains will be included in your organization’s regular scans, strengthening visibility and protection across all critical areas of your extended footprint.

 

Issues and Remediations

Upon completing a scan, Guardz identifies and reports any issues found across your assets, providing details such as affected IPs, domains, and any missing security measures. You can take action directly on these issues to address and remediate them.

 

FAQ:

  • How often does the External Footprint Scan run?

    • The scan runs on a monthly basis.

  • I marked an issue as processed; when will it be resolved?

    • After marking an issue as processed, it may take a few hours to reflect the changes.

  • Why do I have a DMARC-related issue despite having the records set?

    • If a DMARC record is present but set to a 'none' policy (p=none), it is considered insufficiently configured. Adjusting the policy is recommended based on your organization's needs.

  • I fixed issues on the external surface and want to see the results. How can I initiate a scan?

    • To initiate a scan after making changes, select the issue, click 'Remediation' > 'Continue' > 'Mark as processed.' This will trigger a new scan, which may take a few hours.

  • An internal asset is listed as inactive. What does this mean, and what can I do about it?

    • If an asset is listed as inactive, it indicates that the asset's IP is no longer active, which could mean it is not responding or has been decommissioned.