What is Attack Surface Page?

What is Attack Surface Page?

NVADR is a platform for managing attack surfaces that provides a comprehensive solution for discovering and protecting an organization's attack surfaces from external attacks. It facilitates the identification of potential security vulnerabilities and risk areas, and with its continuous analysis, it allows for the identification of any changes in the attack surfaces. This helps to minimize the risk of cyberattacks by identifying and addressing vulnerabilities proactively.

What does the Asset Exposure module include?

The feature called "asset exposure" will present a list of all the assets that are linked to the organization. The assets are discovered based on a limited amount of initial data provided by the organization.

  • Each discovered asset is provided with the following information:
    • Asset: The URL to access the asset.
    • Asset type: Category of the asset as defined by NVADR.
    • Location: The current host location of the asset
    • Exposure severity: NVADR uses exposure severity to indicate the level of vulnerability of an asset. This level can range from Info, which represents the lowest severity, to Low, Moderate, and High, which represent increasingly severe vulnerabilities.
    • First seen and last seen date: The scan date at which the asset was first discovered and the scan date at which the asset was last seen.
    • Tags: Tags provide information about certain data/items/responses related to an asset. The user can filter the assets by selecting the tags.
    • Cloud Classification: NVADR provides cloud classification for the assets. Valid values are AWS, GCP, Azure, and CloudFront.
    • View Ports: Ports are numeric identifiers that are used to designate a specific process or service running on an asset. To view the ports associated with a particular asset, click on the "View Port" option located at the right-hand corner of the asset card.
    • View Vulnerability: Discovered assets may contain security risks/vulnerabilities that are exposed over the internet. View vulnerability option is provided to view such instances relate
  • For a simplified approach to data, the assets can be filtered based on asset types and tags.

What is an Asset Inventory and what are its functionalities?

The asset inventory feature presents the same data available in the asset exposure screen, but in a tabular layout. This screen arranges filters and asset-related information in a row and column structure.

The following are the filters provided under asset inventory:

  • Asset: The asset URL.
  • Asset type: Category of the asset.
  • Ports: It is a logical construct (specific numbers) that are reserved to identify a particular process or service (assets).
  • Tags: Tag is a kind of metadata that is associated with an asset. We can also define a tag as a term that identifies certain characteristics of an asset. To add tags to assets, you can refer to the article here - How to Manually Tag Assets?