Internet-facing asset exposure scans | Trend Micro Service Central

Views:

Use the Network Vulnerability Scanner service to scan supported internet-facing assets for exposures including system configuration issues that could compromise your organization's infrastructure.

Important

This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.

Note

This feature is not available in all regions.

Internet-facing assets are inherently risky. Assets such as internet-facing domains and IP addresses constitute a large portion of your organization's attack surface and are among the first targets attackers attempt to compromise. Misconfigurations detected on your internet-facing assets contribute significantly to your Cyber Risk Index. The events are critical to detect and address as soon as possible to reduce the likelihood of a successful attack.

You may perform on-demand scans of select internet-facing assets to detect exposures, including system configuration issues. On-demand scanning uses the Network Vulnerability Scanner service installed on a Service Gateway virtual appliance deployed to a public cloud platform. On-demand scans allow you to detect internet-facing asset exposures faster and conduct more proactive mitigation actions.

Important

The following limitations and requirements apply to on-demand internet-facing asset scanning:

Internet-facing asset scans are only available when using Trend Micro solutions for internet-facing asset discovery. Scans are not supported if you are only using a third-party product for asset discovery.
Service Gateways used for scanning must be deployed to a public cloud platform such as AWS or Microsoft Azure and running in order to successfully scan external assets. To learn more, see Deploying a Service Gateway virtual appliance with AWS and Deploying a Service Gateway virtual appliance with Microsoft Azure.
Service Gateways used for scanning must have the Network Vulnerability Scanner service enabled and updated to version 1.0.1 or later. If necessary, you can update the Network Vulnerability Scanner service in Service Gateway Management.
Root domains and IPv6 addresses are not currently supported for scanning.
Only five assets can be scanned at a time, and only one scan can run at a time per supported Service Gateway. If you need to scan more assets, wait approximately 30 minutes for the scan to complete and then start a new scan.

You can trigger an on-demand internet-facing asset scan from the following locations in the Trend Vision One console.

Location	Procedure
Attack Surface Discovery → Internet-facing assets → Domains → Domain list	Select up to five subdomains and click Scan for exposures. Select a Service Gateway deployed to a public cloud platform. Confirm the assets to be scanned. Click Scan for exposures.
Attack Surface Discovery → Internet-facing assets → Public IPs → Public IP list	Select up to five public IPv4 addresses and click Scan for exposures. Select a Service Gateway deployed to a public cloud platform. Confirm the assets to be scanned. Click Scan for exposures.
Attack Surface Discovery → Internet-facing assets → Internet-facing asset profile screen	Select a subdomain or public IPv4 address to go to the asset profile screen. Click Scan for exposures. Select a Service Gateway deployed to a public cloud platform. Confirm the asset to be scanned. Click Scan for exposures.
Threat and Exposure Management → System configuration → System configuration risk events	Filter system configuration risk events by domains or public IPs. Select up to five subdomains or public IPv4 addresses and click Scan for exposures. Select a Service Gateway deployed to a public cloud platform. Confirm the assets to be scanned. Click Scan for exposures.

Scans take up to 30 minutes to complete. Any detected misconfigurations appear as security configuration risk events for the scanned assets after the scan is complete.