This article covers Human Managed's services for attack surface management (ASM).
You would receive report, notification, and dispatch services if your organization has an active subscription for ASM service and if you have access to the services.
- What is invicta.io
- How to navigate the Human Managed apps
About attack surface management
Use cases for attack surface management (ASM) detects exposures and threats in your assets and make recommendations to resolve them.
ASM service can be made up of the following service categories:
- external attack surface
- internal attack surface
- third party attack surface
- threat modelling
Dashboard for attack surface management
The attack surface management dashboard page shows key metrics, charts, and tables about your attack vector and exposures.
Section | Intel | Description |
1 | Assets exposed by environment | Metrics of discovered internet-facing assets that are externally visible and potential attack vectors by their environment (on-prem, cloud, hybrid, third party, etc.) |
2 | Assets by type | Metrics of discovered internet-facing assets by their type (domains, subdomains, public IPs, SSL certificates, etc.) |
3 | Assets by environment | Chart of discovered internet-facing assets that are externally visible and potential attack vectors by their environment (on-prem, cloud, hybrid, third party, etc.) |
4 | Open ports | Chart of discovered open ports |
5 | SSL certificate grades | Chart of discovered SSL certificate grades |
6 | Asset control coverage | Chart of discovered internet-facing assets by their control coverage (with or without WAF) |
7 | Asset location | Table or map of discovered internet-facing assets by their country |
I.DE.A.s for attack surface management
The attack surface management I.DE.A (Intelligence, Decisions, Actions) page shows personalized recommendations and interactive data grid to manage your attack surface.
Section | Intel | Description |
1 | Summarized intel | Chart of customizable key indicators that provide context of the attack surface |
2 | Recommended decision | Metric and narrative of recommended decision to manage the attack surface based on priority (Note: press Filter Grid to filter the grid below to show the data behind this intel) |
3 | Recommended action | Metric and narrative of recommended action to execute the decision (Note: press Filter Grid to filter the grid below to show the data behind this intel) |
4 | Assets exposed by environment | Metrics of discovered internet-facing assets that are externally visible and potential attack vectors by their environment (Note: press the Filter icon to filter the grid below to show the data behind this intel) |
5 | Assets by type | Metrics of discovered internet-facing assets by their type (Note: press the Filter icon to filter the grid below to show the data behind this intel) |
6 | Discovered assets | Interactive and organized data grid of all discovered internet-facing assets and their attributes for the attack surface management service (Note: press the Pop Out icon on the first column of each row to get more details about the asset and its findings) |
Data fields for attack surface management
Below are the data fields that are included in the ASM service, and can be explored from the data grid.
Please note that this is not an exhaustive list, and the intel for your report, notifications and dispatches may vary depending on the service categories that your organization is subscribed to.
-
Column Notes Asset type IP address Domain Website Technology SSL Certificate Social accounts Variety Main domain Active subdomain Dormant subdomain IP address Private IP address Cloud service Cloud IP address Network perimeter device Network application Third party library Host IP Environment IaaS PaaS SaaS Hybrid On-Prem Unknown Port Country Discovery source Discovery date Tags Exploitability score A metric calculated by the HM platform to indicate the potential risk level of an organization's assets. The calculation takes into account various factors such as asset criticality, known vulnerabilities, weaknesses, and uses machine learning and scoring algorithms to automatically prioritize assets based on their level of risk. SSL grade Application Control sensor Port criticality Port status
Comments
0 comments
Please sign in to leave a comment.