Ivanti Company Cyber Security Posture
ivanti.comIvanti breaks down barriers between IT and security so that #EverywhereWork can thrive. Ivanti has created the first purpose-built technology platform for CIOs and CISOs โ giving IT and security teams comprehensive software solutions that scale with their organizationsโ needs to enable, secure and elevate employees' experiences. The Ivanti platform is powered by Ivanti Neurons - a cloud-scale, intelligent hyper automation layer that enables proactive healing, user-friendly security across the organization, and provides an employee experience that delights users. Over 40,000 customers, including 85 of the Fortune 100, have chosen Ivanti to meet challenges head-on with its end-to-end solutions. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com.
Ivanti Company Details
ivanti
2927 employees
134561.0
511
Software Development
ivanti.com
Scan still pending
IVA_2329612
In-progress
Ivanti Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Ivanti Global Score.png)
Ivanti Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Ivanti Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Ivanti | Breach | 60 | 3 | 4/2025 | IVA758042625 | Link | |
Rankiteo Explanation : Attack with significant impact with internal employee data leaksDescription: Cybersecurity threat intelligence company, GreyNoise, has reported an 800 percent increase in IP scanning on Ivanti VPN's Connect Secure and Pulse Secure systems over the past week, possibly indicating preparation for potential exploitation and public disclosure of vulnerabilities. Nearly a quarter of all scanning activity for Pulse Secure and Connect Secure endpoints recorded over the past 90 days happened in a single day, with a large proportion of IPs designated as 'suspicious' or 'malicious'. Ivanti's Connect Secure has been repeatedly targeted due to its role in enterprise remote access. The company advise customers to upgrade from end-of-life products to ensure system protection against known vulnerabilities. | |||||||
| Ivanti | Ransomware | 100 | 5 | 3/2025 | IVA327032225 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Ivanti, a cybersecurity firm, predicts Ransomware as a top threat for 2025, with AI enhancements escalating its danger. Despite 38% of security professionals foreseeing an increased threat level, only 29% feel very prepared, indicating a significant preparedness gap. Organizations struggle with exposure management adoption, with data blind spots and tool disparities between IT and security teams. API and software vulnerabilities remain critical threats without proper visibility. Moreover, considerable tech debt interferes with security practices, growth, and innovation, ultimately affecting the strategic role of CISOs in guiding AI adoption and supply chain risk management, despite increased board-level cybersecurity discussions. | |||||||
| Ivanti | Vulnerability | 100 | 5 | 3/2025 | IVA000033125 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Ivanti suffered a security breach due to the exploitation of the vulnerability CVE-2025-0282, which affected Ivanti Connect Secure appliances. An advanced malware known as RESURGE targeted this flaw, providing unauthorized remote code execution and privilege escalation. There were a limited number of customers directly impacted by the breach. The exploitation of this vulnerability enabled the installation of persistent web shells, credential harvesting, account creation, and elevation of attacker privileges, posing a significant threat to the confidentiality, integrity, and availability of the organization's systems and data. | |||||||
| Ivanti | Vulnerability | 100 | 5 | 4/2025 | IVA1001040225 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Chinese espionage threat actors exploited a vulnerability in Ivanti's security products, leading to the deployment of powerful malware known as Resurge. This malware campaign, detailed by the Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity firm Mandiant, has resulted in compromised system integrity and data breaches. The malware's capability to modify files, harvest credentials, create accounts, reset passwords, and escalate permissions poses a significant security threat. Ivanti has advised customers to reset devices and credentials, evidencing the severity of this security breach. | |||||||
| Ivanti | Vulnerability | 100 | 5 | 4/2025 | IVA916041125 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Ivanti experienced a severe security breach due to an unauthenticated remote code execution vulnerability, CVE-2025-22457, exploited by a China-nexus threat actor. This vulnerability, impacting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways, allowed attackers to execute arbitrary code remotely via a complex heap spray technique. The exploitation resulted from a failure to check buffer lengths within the application's web server binary. With patches released for some products and others pending, the incident underscores the critical importance of applying security updates promptly to avoid potential data breaches and system compromisation. | |||||||
| Ivanti | Vulnerability | 25 | 1 | 5/2025 | IVA554051425 | Link | |
Rankiteo Explanation : Attack without any consequencesDescription: Ivanti has released security updates for its Neurons for ITSM IT service management solution to mitigate a critical authentication bypass vulnerability. Tracked as CVE-2025-22462, this flaw allows unauthenticated attackers to gain administrative access to unpatched systems in low-complexity attacks. Ivanti also patched a default credentials security flaw in its Cloud Services Appliance (CSA) and a critical Connect Secure zero-day exploited by the UNC5221 China-linked espionage group. Multiple other Ivanti security flaws have been exploited in zero-day attacks over the last year. | |||||||
| Ivanti | Vulnerability | 100 | 5/2025 | IVA357052325 | Link | ||
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: The vulnerabilities CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (EPMM) were exploited by a Chinese cyber espionage group. The attackers achieved remote code execution on internet-exposed Ivanti EPMM deployments, set up a reverse shell, deployed malware, and extracted data including IMEI, phone numbers, location, LDAP users, and Office 365 tokens. The attack affected various entities globally, including government authorities, healthcare organizations, research institutes, legal firms, telcos, manufacturers, aerospace companies, healthcare providers, and more. | |||||||
Ivanti Company Subsidiaries
Ivanti breaks down barriers between IT and security so that #EverywhereWork can thrive. Ivanti has created the first purpose-built technology platform for CIOs and CISOs โ giving IT and security teams comprehensive software solutions that scale with their organizationsโ needs to enable, secure and elevate employees' experiences. The Ivanti platform is powered by Ivanti Neurons - a cloud-scale, intelligent hyper automation layer that enables proactive healing, user-friendly security across the organization, and provides an employee experience that delights users. Over 40,000 customers, including 85 of the Fortune 100, have chosen Ivanti to meet challenges head-on with its end-to-end solutions. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com.
Access Data Using Our API
Get company history
Rapid.png)
Ivanti Cyber Security News
Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities
Hackers have successfully breached a limited number of Ivanti Endpoint Mobile Manager users by chaining together medium and high-severityย ...
Questions mount as Ivanti tackles another round of zero-days
Data confirms that Ivanti is a repeat offender, shipping software with a high number of vulnerabilities across at least 10 different productย ...
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexusย ...
'Ongoing' Ivanti hijack bug exploitation reaches clouds
The "ongoing exploitation" of two Ivanti bugs has now extended beyond on-premises environments and hit customers' cloud instances,ย ...
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained inย ...
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
The two Ivanti EPMM flaws that have been patched by Ivanti last week, are being leveraged by a Chinese cyber espionage group.
CISA warns new malware targeting Ivanti zero-day vulnerability
With Resurge malware, threat actors can create web shells, harvest credentials, create new accounts, initiate password resets and elevateย ...
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Ivanti has released security updates to address two security flaws in Endpoint Manager Mobile (EPMM) software that have been chained inย ...
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profileย ...
Ivanti Similar Companies
Shopify
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Amdocs
We help those who build the future to make it amazing. In an era where new technologies are born every minute, and the demand for meaningful digital experiences has never been so intense, we unlock our customersโ innovative potential, empowering them to transform their boldest ideas into reality, an
Alibaba.com
The first business of Alibaba Group, Alibaba.com (www.alibaba.com) is the leading platform for global wholesale trade serving millions of buyers and suppliers around the world. Through Alibaba.com, small businesses can sell their products to companies in other countries. Sellers on Alibaba.com are t
Juniper Networks
Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniperโs sole mission has been to create innovative products and
CPAN
CPAN, the Comprehensive Perl Archive Network, is an archive of software written in Perl containing over 134,000 modules in over 29,700 distributions, as well as documentation for it. It has a presence on the World Wide Web at www.cpan.org and is mirrored world The Comprehensive Perl Archive Network
PedidosYa
Weโre ย the delivery market leader in Latin America. Our platform connects over 77.000 restaurants, supermarkets, pharmacies and stores with millions of users. Nowadays we operate in more than 500 cities in Latinamerica. And we are now over 3.400 employees. PedidosYa is available for iOS, Android and
Frequently Asked Questions (FAQ) on Cybersecurity Incidents
Ivanti CyberSecurity History Information
Total Incidents: According to Rankiteo, Ivanti has faced 7 incidents in the past.
Incident Types: The types of cybersecurity incidents that have occurred include ['Ransomware', 'Breach', 'Vulnerability'].
Total Financial Loss: The total financial loss from these incidents is estimated to be {total_financial_loss}.
Cybersecurity Posture: The company's overall cybersecurity posture is described as Ivanti breaks down barriers between IT and security so that #EverywhereWork can thrive. Ivanti has created the first purpose-built technology platform for CIOs and CISOs โ giving IT and security teams comprehensive software solutions that scale with their organizationsโ needs to enable, secure and elevate employees' experiences. The Ivanti platform is powered by Ivanti Neurons - a cloud-scale, intelligent hyper automation layer that enables proactive healing, user-friendly security across the organization, and provides an employee experience that delights users. Over 40,000 customers, including 85 of the Fortune 100, have chosen Ivanti to meet challenges head-on with its end-to-end solutions. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com..
Detection and Response: The company detects and responds to cybersecurity incidents through {description_of_detection_and_response_process}.
Incident Details
Incident 1: Ransomware Attack
Title: {Incident_Title}
Description: {Brief_description_of_the_incident}
Date Detected: {Detection_Date}
Date Publicly Disclosed: {Disclosure_Date}
Date Resolved: {Resolution_Date}
Type: {Type_of_Attack}
Attack Vector: {Attack_Vector}
Vulnerability Exploited: {Vulnerability}
Threat Actor: {Threat_Actor}
Motivation: {Motivation}
Incident 2: Data Breach
Title: {Incident_Title}
Description: {Brief_description_of_the_incident}
Date Detected: {Detection_Date}
Date Publicly Disclosed: {Disclosure_Date}
Date Resolved: {Resolution_Date}
Type: {Type_of_Attack}
Attack Vector: {Attack_Vector}
Vulnerability Exploited: {Vulnerability}
Threat Actor: {Threat_Actor}
Motivation: {Motivation}
Common Attack Types: The most common types of attacks the company has faced are ['Vulnerability'].
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through {description_of_identification_process}.
Impact of the Incidents
Incident 1: Ransomware Attack
Financial Loss: {Financial_Loss}
Data Compromised: {Data_Compromised}
Systems Affected: {Systems_Affected}
Downtime: {Downtime}
Operational Impact: {Operational_Impact}
Conversion Rate Impact: {Conversion_Rate_Impact}
Revenue Loss: {Revenue_Loss}
Customer Complaints: {Customer_Complaints}
Brand Reputation Impact: {Brand_Reputation_Impact}
Legal Liabilities: {Legal_Liabilities}
Identity Theft Risk: {Identity_Theft_Risk}
Payment Information Risk: {Payment_Information_Risk}
Incident 2: Data Breach
Financial Loss: {Financial_Loss}
Data Compromised: {Data_Compromised}
Systems Affected: {Systems_Affected}
Downtime: {Downtime}
Operational Impact: {Operational_Impact}
Conversion Rate Impact: {Conversion_Rate_Impact}
Revenue Loss: {Revenue_Loss}
Customer Complaints: {Customer_Complaints}
Brand Reputation Impact: {Brand_Reputation_Impact}
Legal Liabilities: {Legal_Liabilities}
Identity Theft Risk: {Identity_Theft_Risk}
Payment Information Risk: {Payment_Information_Risk}
Average Financial Loss: The average financial loss per incident is {average_financial_loss}.
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are {list_of_commonly_compromised_data_types}.
Incident 1: Ransomware Attack
Entity Name: {Entity_Name}
Entity Type: {Entity_Type}
Industry: {Industry}
Location: {Location}
Size: {Size}
Customers Affected: {Customers_Affected}
Incident 2: Data Breach
Entity Name: {Entity_Name}
Entity Type: {Entity_Type}
Industry: {Industry}
Location: {Location}
Size: {Size}
Customers Affected: {Customers_Affected}
Response to the Incidents
Incident 1: Ransomware Attack
Incident Response Plan Activated: {Yes/No}
Third Party Assistance: {Yes/No}
Law Enforcement Notified: {Yes/No}
Containment Measures: {Containment_Measures}
Remediation Measures: {Remediation_Measures}
Recovery Measures: {Recovery_Measures}
Communication Strategy: {Communication_Strategy}
Adaptive Behavioral WAF: {Adaptive_Behavioral_WAF}
On-Demand Scrubbing Services: {On_Demand_Scrubbing_Services}
Network Segmentation: {Network_Segmentation}
Enhanced Monitoring: {Enhanced_Monitoring}
Incident 2: Data Breach
Incident Response Plan Activated: {Yes/No}
Third Party Assistance: {Yes/No}
Law Enforcement Notified: {Yes/No}
Containment Measures: {Containment_Measures}
Remediation Measures: {Remediation_Measures}
Recovery Measures: {Recovery_Measures}
Communication Strategy: {Communication_Strategy}
Adaptive Behavioral WAF: {Adaptive_Behavioral_WAF}
On-Demand Scrubbing Services: {On_Demand_Scrubbing_Services}
Network Segmentation: {Network_Segmentation}
Enhanced Monitoring: {Enhanced_Monitoring}
Incident Response Plan: The company's incident response plan is described as {description_of_incident_response_plan}.
Third-Party Assistance: The company involves third-party assistance in incident response through {description_of_third_party_involvement}.
Data Breach Information
Incident 2: Data Breach
Type of Data Compromised: {Type_of_Data}
Number of Records Exposed: {Number_of_Records}
Sensitivity of Data: {Sensitivity_of_Data}
Data Exfiltration: {Yes/No}
Data Encryption: {Yes/No}
File Types Exposed: {File_Types}
Personally Identifiable Information: {Yes/No}
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: {description_of_prevention_measures}.
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through {description_of_handling_process}.
Ransomware Information
Incident 1: Ransomware Attack
Ransom Demanded: {Ransom_Amount}
Ransom Paid: {Ransom_Paid}
Ransomware Strain: {Ransomware_Strain}
Data Encryption: {Yes/No}
Data Exfiltration: {Yes/No}
Ransom Payment Policy: The company's policy on paying ransoms in ransomware incidents is described as {description_of_ransom_payment_policy}.
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through {description_of_data_recovery_process}.
Regulatory Compliance
Incident 1: Ransomware Attack
Regulations Violated: {Regulations_Violated}
Fines Imposed: {Fines_Imposed}
Legal Actions: {Legal_Actions}
Regulatory Notifications: {Regulatory_Notifications}
Incident 2: Data Breach
Regulations Violated: {Regulations_Violated}
Fines Imposed: {Fines_Imposed}
Legal Actions: {Legal_Actions}
Regulatory Notifications: {Regulatory_Notifications}
Regulatory Frameworks: The company complies with the following regulatory frameworks regarding cybersecurity: {list_of_regulatory_frameworks}.
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through {description_of_compliance_measures}.
Lessons Learned and Recommendations
Incident 1: Ransomware Attack
Lessons Learned: {Lessons_Learned}
Incident 2: Data Breach
Lessons Learned: {Lessons_Learned}
Incident 1: Ransomware Attack
Recommendations: {Recommendations}
Incident 2: Data Breach
Recommendations: {Recommendations}
Key Lessons Learned: The key lessons learned from past incidents are {list_of_key_lessons_learned}.
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: {list_of_implemented_recommendations}.
References
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at {list_of_additional_resources}.
Investigation Status
Incident 1: Ransomware Attack
Investigation Status: {Investigation_Status}
Incident 2: Data Breach
Investigation Status: {Investigation_Status}
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through {description_of_communication_process}.
Stakeholder and Customer Advisories
Incident 1: Ransomware Attack
Stakeholder Advisories: {Stakeholder_Advisories}
Customer Advisories: {Customer_Advisories}
Incident 2: Data Breach
Stakeholder Advisories: {Stakeholder_Advisories}
Customer Advisories: {Customer_Advisories}
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: {description_of_advisories_provided}.
Initial Access Broker
Incident 1: Ransomware Attack
Entry Point: {Entry_Point}
Reconnaissance Period: {Reconnaissance_Period}
Backdoors Established: {Backdoors_Established}
High Value Targets: {High_Value_Targets}
Data Sold on Dark Web: {Yes/No}
Incident 2: Data Breach
Entry Point: {Entry_Point}
Reconnaissance Period: {Reconnaissance_Period}
Backdoors Established: {Backdoors_Established}
High Value Targets: {High_Value_Targets}
Data Sold on Dark Web: {Yes/No}
Monitoring and Mitigation of Initial Access Brokers: The company monitors and mitigates the activities of initial access brokers through {description_of_monitoring_and_mitigation_measures}.
Post-Incident Analysis
Incident 1: Ransomware Attack
Root Causes: {Root_Causes}
Corrective Actions: {Corrective_Actions}
Incident 2: Data Breach
Root Causes: {Root_Causes}
Corrective Actions: {Corrective_Actions}
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as {description_of_post_incident_analysis_process}.
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: {list_of_corrective_actions_taken}.
Additional Questions
General Information
Ransom Payment History: The company has {paid/not_paid} ransoms in the past.
Last Ransom Demanded: The amount of the last ransom demanded was {last_ransom_amount}.
Last Attacking Group: The attacking group in the last incident was {last_attacking_group}.
Incident Details
Most Recent Incident Detected: The most recent incident detected was on {most_recent_incident_detected_date}.
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on {most_recent_incident_publicly_disclosed_date}.
Most Recent Incident Resolved: The most recent incident resolved was on {most_recent_incident_resolved_date}.
Impact of the Incidents
Highest Financial Loss: The highest financial loss from an incident was {highest_financial_loss}.
Most Significant Data Compromised: The most significant data compromised in an incident was {most_significant_data_compromised}.
Most Significant System Affected: The most significant system affected in an incident was {most_significant_system_affected}.
Response to the Incidents
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was {third_party_assistance_in_most_recent_incident}.
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were {containment_measures_in_most_recent_incident}.
Data Breach Information
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was {most_sensitive_data_compromised}.
Number of Records Exposed: The number of records exposed in the most significant breach was {number_of_records_exposed}.
Ransomware Information
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was {highest_ransom_demanded}.
Highest Ransom Paid: The highest ransom paid in a ransomware incident was {highest_ransom_paid}.
Regulatory Compliance
Highest Fine Imposed: The highest fine imposed for a regulatory violation was {highest_fine_imposed}.
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was {most_significant_legal_action}.
Lessons Learned and Recommendations
Most Significant Lesson Learned: The most significant lesson learned from past incidents was {most_significant_lesson_learned}.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was {most_significant_recommendation_implemented}.
References
Most Recent Source: The most recent source of information about an incident is {most_recent_source}.
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is {most_recent_url}.
Investigation Status
Current Status of Most Recent Investigation: The current status of the most recent investigation is {current_status_of_most_recent_investigation}.
Stakeholder and Customer Advisories
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was {most_recent_stakeholder_advisory}.
Most Recent Customer Advisory: The most recent customer advisory issued was {most_recent_customer_advisory}.
Initial Access Broker
Most Recent Entry Point: The most recent entry point used by an initial access broker was {most_recent_entry_point}.
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was {most_recent_reconnaissance_period}.
Post-Incident Analysis
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was {most_significant_root_cause}.
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was {most_significant_corrective_action}.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
