UpGuard collects data to assess the security posture of millions of organizations every day. We use threat signals gathered from trusted commercial, open-source, and proprietary sources, alongside risks identified in security questionnaires and risk assessments conducted on the UpGuard platform.
These threat signals are open and accessible from the public Internet, which means we only use non-intrusive techniques to gather information. We will never attempt to bypass any security controls an organization has in place.
What are non-intrusive techniques?
Non-intrusive or passive scanning techniques use standardized and publicly accessible network-based protocols to query hosts and learn about them. In contrast, intrusive or active scans often attempt to compromise a system and thereby highlight security vulnerabilities.
Examples of passively scanned attributes include:
- Open ports: Applications typically communicate via a network port, using one of the 65,536 available TCP ports. For example, web traffic typically uses port 80. Similarly, HTTPS traffic typically uses port 443. It's considered best practice to configure public digital assets to deny all TCP ports unless they are actively used. UpGuard scans for hundreds of services running across thousands of ports to help determine if ports have been left open and are susceptible to vulnerabilities.
- TLS certificates: TLS (or SSL) certificates provide encryption keys that enable encrypted communications. It's considered best practice for public websites to transmit data with HTTPS and to ensure TLS certificates are current. UpGuard scans for common issues to help validate that websites are using appropriate TLS certifications.
- DNS health: A lot about a website's security can be learned from looking at their DNS records including their email security controls and domain hijacking risk. For example, a DNSSEC record prevents third-parties from forging the records that guarantee a domain's identity. Scanning a website's DNS for public information can help assess possible security risks to an organization.
These three examples are non-intrusive, as the information is publicly accessible and there is no attempt to exploit the vulnerabilities found.
What threats can be gleaned from non-intrusive scanning?
We monitor for hundreds of thread signals including:
- Susceptibility to man-in-the-middle attacks
- Insecure SSL/TLS certificates
- SPF, DKIM and DMARC settings
- HTTP Strict Transport Security (HSTS)
- Email spoofing and phishing risk
- Malware susceptibility
- Open admin, database, and file sharing ports
- Exposure to known data breaches and data leaks
- Secure cookie configuration