Rogue IPs, Ports and Services
Keeping track of exposure on the internet can be a daunting task. Users find ways to circumvent corporate firewalls to offer useful services to others. There are some users that will offer internet services for more nefarious purposes. Then there are infected systems…
Enterprises often have more questions than answers when it comes to their overall internet surface exposure:
- How many assets are exposed and vulnerable to the Internet and where are they in your network?
- How many subdomains and websites are registered under your domain?
- Are there any unauthorized or misconfigured services set up by someone or something without your knowledge?
- Are there any high-risk ports somebody or something opened without telling you?
- Have any of your assets been used/involved in an attack before?
More Than Just a Port Scan
Passive scanning of internet facing surface looking for rogue IPs, ports, and services is not difficult. What makes EISA unique is mapping that data to NSFOCUS’ Threat Intelligence databases. EISA then provides information regarding:
- Previous malicious behavior conducted by IP addresses and domains
- New or recently changed domain registrations
- Unusual protocols and services being presented
- Identify malware families when possible
The information is analyzed and presented in a concise and actionable report. EISA can report in a variety of timeframes, from one-time to monthly subscription, to ensure that enterprises are never caught unaware of malicious activity.