Internal Network
The Internal Network module will display the hosts that may reside within an organization’s network segments across their environments (or behind the organization’s firewall) and all of the risks associated will be surfaced. The asset and host information can be obtained in two separate deployments, network-based scanning and agent-based scanning.
The same feel and functionality that exists within the Attack Surface module exists within the Internal Network module. All assets and risks across these assets can be viewed, managed, and tracked over time.
The Internal Network will provide tabs, such as a dashboard summary of the internal assets and vulnerabilities, a complete list of all vulnerabilities, a comprehensive view of all internal assets, and will track remediation over time.
Dashboard
The Internal Network dashboard will surface information regarding the number of internal assets, the total number of vulnerabilities that currently exist on those assets. The dashboard will also display all of the vulnerabilities that were fixed in the last thirty (30) days, as well as the critical issues identified in the last ten (10) days. Users can drill into any asset or vulnerability to view the specific details for that item.
Vulnerabilities
The vulnerabilities tab within the Internal Network module will present a trend line of vulnerabilities that exist on internal assets over time, as well as breakdown the categories of any vulnerabilities identified, and list all vulnerabilities in the internal issues table.
To view the details for an individual vulnerability, you can click into the vulnerability name in the external issues table, and the details for the specific issue you drilled into will be surfaced.
This page will outline all of the details of the specific issue that was identified on the internal asset. The information you will see for each vulnerability is the following:
- Name
- Description
- Solution
- References
- Category
- CVSS Base Score
- CVEs
- EPSS
- EPSS Percentile
- CISA Known Exploited
- Ransomware Campaign Used
All assets that are affected with the vulnerability that is being viewed will show up within the Affected Internal Entities table.
Configurations
The Configurations tab provides a list of Center for Internet Security (CIS) benchmarks that are applicable for the agents that have been deployed within the internal network. The Configurations tab will display the respective operating system (OS) benchmarks for the assets, and users can drill into each benchmark to see the configuration policies that each host is checked against.
Users can drill into each Policy Name to view each of the respective policy checks that each host has been audited against.
Each individual policy will outline the policy name, description, rationale, remediation, and any references for the policy.
Assets
The Assets tab gives a list view of all of the assets (Hostname, IP, Group, and Criticality) across an organization’s internal network.
Remediation
Remediation tracking within both the Attack Surface and Internal Network module is automated and the details for each remediated vulnerability are displayed in a table, and the aggregate values are tracked over time.
A vulnerability is considered remediated (or fixed) when an asset that exists within the Shield platform and initially has had a vulnerability identified, and that asset is scanned again and the vulnerability no longer exists.