Hubbry Logo
IvantiIvantiMain
Open search
Ivanti
Community hub
Ivanti
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Ivanti
Ivanti
Ivanti
View on Wikipedia
from Wikipedia

Ivanti (/ˌˈvɒnt/) is an IT software company headquartered in South Jordan, Utah, United States. It produces software for IT Security, IT Service Management (ITSM), IT Asset Management (ITAM), Unified Endpoint Management (UEM), Identity Management, Patch Management and supply chain management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software. The company became more widely known after security incidents related to the VPN hardware it sells.

Key Information

History

[edit]

LANDESK

[edit]

LAN Systems was founded in 1985 and its software products acquired by Intel in 1991 to form its LANDESK division. LANDESK introduced the desktop management category in 1993. In 2002 LANDESK Software became a standalone company with headquarters near Salt Lake City, Utah. In 2006, Avocent purchased the company for $416 million. Also in 2006, LANDESK added process management technologies to its product line and extended into the consolidated service desk market with LANDESK Service Desk. In 2010 LANDESK was acquired by private equity firm Thoma Bravo.

LANDESK bought supply chain software company Wavelink in 2012, network vulnerability assessment and patch management company Shavlik in 2013, application software company Naurtech Corporation in 2014, data visualisation company Xtraction Solutions in 2015.[1] and AppSense, a provider of secure user environment management technology, in 2016.

Lumension Security

[edit]

Lumension Security, Inc was founded as High Tech Software in 1991 and headquartered in Scottsdale, Arizona[2] The company was rebranded as PatchLink Corporation in 1999. In 2006, Patrick Clawson was appointed chairman, CEO and president[3] The company then adopted the Lumension name in 2007.[4]

In 2009 Lumension acquired Securityworks,[5] and in 2012 acquired CoreTrace.[6]

Lumension products traditionally competed in the endpoint management and security industry against Sophos, McAfee, Kaspersky Lab, Symantec and Trend Micro among others.

HEAT

[edit]

HEAT software was a producer of software for IT Service Management and Endpoint Management formed in 2015 by the merger of FrontRange Solutions and Lumension Security.

Ivanti

[edit]

In January 2017 Clearlake Capital, owner of HEAT Software, purchased LANDESK from Thoma Bravo.[7] On January 23, 2017, LANDESK and HEAT Software merged to form Ivanti.[8][9] The combined company has 1,800 employees in 23 countries[10][11] and markets some products with references to their original names such as Wavelink supply chain software[12] and Ivanti patch product ‘powered by Shavlik’.

On April 12, 2017, Ivanti acquired Concorde Solutions, a UK based Software Asset Management company.[13] In July 2017, Ivanti acquired RES Software, a US and Netherlands based company producing automation and identity management software.[14] Later merged in 2018 into the Workspace Manager product.[15]

In September 2020, Ivanti entered into an agreement to acquire US based Unified Endpoint Management company MobileIron for $872 million[16] and San Jose, California based Pulse Secure, for undisclosed terms.[17] On December 1, 2020, Ivanti announced those acquisitions completed.[18]

On January 26, 2021, Ivanti announced the intent to acquire Cherwell Software.[19]

On August 2, 2021, Ivanti acquired RiskSense, a pioneer in risk-based vulnerability management and prioritization, to drive the next evolution of patch management.[20]

Controversies

[edit]

2021 Pulse Connect Secure hack

[edit]
Further information: Ivanti Pulse Connect Secure data breach

On April 20, 2021, cybersecurity firm FireEye reported that hackers with suspected Chinese government ties exploited Pulse Secure VPN to break into government agencies, defense companies and financial institutions in Europe and the US. The report detailed how hackers repeatedly took advantage of several known and one novel flaw in Pulse Secure VPN to gain access to dozens of organizations in the defense industrial sector.[21][22] The US Department of Homeland Security confirmed the intrusions in a public advisory, urging network administrators to scan for signs of compromise. Ivanti published an emergency workaround which DHS urged network admins to install.[23] The Cybersecurity and Infrastructure Security Agency ordered federal civilian agencies to take several steps to reduce risk from the suspected breach.[24] FireEye reported that some of the intrusions using the vulnerabilities began as early as August 2020, conducted by those with suspected ties to the Chinese government. There were similarities between the hack and intrusions in 2014 and 2015 conducted by a Chinese espionage actor named APT5.[22] After further examination, CISA discovered that at least 5 federal agencies had been breached, among 24 agencies that use the Pulse Connect Secure products.[25]

Other incidents

[edit]

In January 2024, Chinese government hackers were reported to have targeted Ivanti software to break into other organizations.[26]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Ivanti

View on Grokipedia
from Grokipedia

Ivanti, Inc. is a multinational IT software company headquartered in , that develops and provides solutions for managing and securing IT assets, endpoints, and operations across hybrid work environments. Formed in 2017 through the merger of LANDESK and HEAT Software, it combines over 30 years of experience in enterprise IT management to automate workflows, enforce zero trust security, and deliver IT service management tools. Ivanti's platform, including products like Neurons for AI-driven operations and offerings in , supports discovery, patching, and remediation of devices from cloud to edge, serving more than 34,000 customers with approximately 3,100 employees across 18 offices in 23 countries. The company has pursued aggressive growth via acquisitions, such as RES Software in 2017 for workspace automation, and Secure in 2020 to bolster mobile and network security, in 2021 for enhanced service management, and RiskSense in 2021 to advance risk-based . Despite these expansions, Ivanti has encountered significant challenges with product , particularly in its Connect Secure and Policy Secure gateways, where multiple zero-day vulnerabilities since 2021 have enabled widespread exploitation by advanced persistent threats, including state-sponsored actors, prompting mandatory mitigations from CISA and scrutiny over delayed patching and response processes. In response, Ivanti has committed to reengineering its lifecycle to prioritize hardening, though ongoing disclosures of unpatched flaws in Endpoint Manager underscore persistent risks in its ecosystem.

Company Overview

Founding and Corporate Evolution

Ivanti traces its origins to 1985, when LANSystems was established as a pioneer in IT . LANSystems was acquired by in 1991 and operated as the LANDESK division until its spin-off as an independent in 2002. Concurrently, HEAT Software developed IT service management solutions, positioning itself as a SaaS-based provider. In January 2017, private equity firm acquired LANDESK from and merged it with its portfolio company Software to create a unified entity. The merger combined LANDESK's endpoint management expertise with HEAT's service management capabilities, integrating prior acquisitions such as AppSense, Shavlik, and Wavelink under a single platform. On January 23, 2017, the combined organization adopted the name Ivanti, marking its formal founding as a distinct corporate entity focused on IT operations and security. The corporate evolution immediately following the merger emphasized and product unification to streamline offerings across IT , service desk, and security functions. This transition involved consolidating multiple legacy brands into Ivanti, a process described by company leadership as a multi-month effort to stacks and market positioning. By mid-2017, Ivanti positioned itself as an innovation leader, leveraging over 30 years of combined experience from its predecessors to address enterprise IT challenges.

Headquarters and Leadership

Ivanti maintains its corporate headquarters at 10377 South Jordan Gateway, Suite 400, 84095, . Established as the global hub following groundwork in 2018 for the facility's completion by early 2019, the location supports core operations in IT management and software development. The company operates 18 offices across 23 nations, with significant presence in regions including , , and , accommodating approximately half of its workforce outside the . Dennis Kozak has served as since January 1, 2025, following his promotion from , a role he held since April 2022. Prior to Ivanti, Kozak accumulated over 20 years in sales leadership and at and , succeeding Jeff Abbott in steering strategic direction and growth amid the company's focus on cybersecurity and IT solutions. The executive leadership team comprises experienced professionals in , legal, marketing, revenue, and development, emphasizing operational efficiency and customer-centric innovation. Key members include Peter de Bock as , overseeing and facilities with more than 30 years in software from firms like and ; Brooke Johnson as Chief Legal Counsel and SVP of HR and Security, managing compliance and since 2017; Melissa Puls as and SVP of Customer Success and Renewals; Michael Mills as , directing global sales with over 25 years of experience; and Radu Patrichi as SVP and Chief Corporate Development Officer, handling with a background at and . This structure supports Ivanti's emphasis on scalable and .

Core Business Model

Ivanti's core business model centers on developing and licensing solutions that integrate , , and to automate operations, mitigate risks, and enhance productivity across hybrid environments. The company targets business customers, including large organizations with distributed workforces, by offering platforms that provide visibility into IT assets from to edge devices. This approach emphasizes unification of disparate tools into a single interface, reducing manual interventions and enabling proactive issue resolution. Revenue generation relies predominantly on software licensing and subscription fees, with models tailored to deployment types such as on-premises installations or cloud-based SaaS via the Ivanti Neurons platform. Under device-based licensing, organizations purchase licenses for each registered physical or virtual device on which the software operates, while enterprise license agreements permit usage across multiple users and devices under broader terms. Subscription licenses incorporate , updates, and upgrades, contrasting with potential perpetual licenses for legacy on-premises products. , including , customization, and , along with annual support contracts, supplement licensing income. Distribution occurs through a hybrid model combining direct to key accounts with a partner ecosystem of over 7,000 resellers, integrators, and managed service providers, who earn commissions on and support deliveries. This structure supports global scalability, serving approximately 34,000 customers while leveraging partners for localized implementation and expansion into non-IT service management areas. Ivanti's emphasis on recurring from subscriptions aligns with industry shifts toward cloud adoption, though dependency on robust delivery influences amid potential churn risks.

History

Predecessor Companies

Ivanti traces its origins to the merger of two primary predecessor companies, LANDESK and HEAT Software, completed on January 23, 2017, under the backing of Clearlake Capital Group, which acquired LANDESK from to facilitate the combination. This union integrated LANDESK's endpoint management expertise with HEAT Software's capabilities, forming a unified platform for IT operations and security solutions. LANDESK evolved from LANSystems, established in 1985 to develop tools, which acquired in 1991 and reorganized as its LANDESK division focused on software. The division operated within until its spin-off as an independent entity in September 2002, subsequently growing through ownership before the 2017 merger. By the time of the merger, LANDESK served over 20,000 organizations with solutions for endpoint visibility, patching, and . HEAT Software emerged in February 2015 from the merger of FrontRange Solutions, founded in 1989 in Colorado Springs and known for its HEAT suite of IT service desk and helpdesk software, and Lumension Security, established in 1991 in Scottsdale, Arizona, specializing in endpoint protection, patch management, and vulnerability assessment. Both FrontRange and Lumension had undergone prior acquisitions and rebrandings—FrontRange from earlier iterations of customer service tools, and Lumension from its roots in security software—but the 2015 combination, also driven by Clearlake Capital, created a broader service and endpoint management portfolio that complemented LANDESK's offerings in the Ivanti formation.

Formation and Early Mergers (2017)

Ivanti was formed on January 23, 2017, through the merger of LANDESK Software, a provider of IT systems management solutions, and HEAT Software, a SaaS-based firm, both under the backing of private equity firm Group. The combination aimed to create a unified platform for IT operations, security, and service management by integrating LANDESK's endpoint management strengths with HEAT's service desk capabilities. facilitated the merger by acquiring LANDESK from previous owner earlier that month and pairing it with its existing portfolio company HEAT Software, with the transaction closing in January 2017. Following the formation, Ivanti pursued early expansions to bolster its offerings. On April 12, 2017, it acquired Solutions, a UK-based provider of SaaS-based software optimization and IT asset management tools, enhancing capabilities in license compliance and cost optimization for enterprise clients. This acquisition marked Ivanti's ninth in five years across its predecessor entities, focusing on integrating Concorde's expertise in analytics. In July 2017, Ivanti further expanded its portfolio by acquiring RES Software, a Dutch firm specializing in workspace , identity provisioning, and user environment management. The deal, announced on , strengthened Ivanti's user-centric IT solutions, particularly in automating desktop and application delivery for secure, efficient workspaces. These initial post-formation moves positioned Ivanti as a more comprehensive IT operations provider amid growing demand for integrated and tools.

Major Acquisitions (2018-2021)

In September 2020, Ivanti announced agreements to acquire , a provider of mobile-centric solutions, for approximately $872 million in cash, and Pulse Secure, a specializing in and zero trust network access technologies. The acquisitions, completed on December 1, 2020, aimed to enhance Ivanti's capabilities in and for distributed workforces, integrating MobileIron's device with Pulse Secure's access controls to address rising demands amid the . These moves expanded Ivanti's portfolio to cover over 40,000 endpoints across hybrid environments, combining the targets' technologies for unified visibility and threat response. On January 26, 2021, Ivanti announced its intent to acquire , a developer of platforms focused on service desk automation and workflow orchestration. The deal, completed later that year for an undisclosed amount, integrated Cherwell's no-code tools with Ivanti's existing asset and service management offerings, enabling customers to consolidate IT operations and reduce silos in service delivery. This acquisition targeted improvements in employee experience and operational efficiency, particularly for service request handling and in large enterprises. In August 2021, Ivanti acquired RiskSense, a Sunnyvale-based firm specializing in risk-based and prioritization, for an undisclosed sum. The integration of RiskSense's platform allowed Ivanti to advance its patch management by incorporating predictive risk scoring and automated remediation, helping organizations prioritize vulnerabilities based on exploit likelihood and business impact rather than sheer volume. This bolstered Ivanti's posture amid escalating threats, providing tools for proactive threat hunting and compliance in dynamic IT environments.

Expansion and Recent Milestones (2022-2025)

In 2022, Ivanti launched its Global Partner Portal and Campaign Central, providing partners with a personalized, role-based platform to generate leads, access training, and manage campaigns, aimed at enhancing partner enablement and business growth. By May 2024, the company introduced the Ivanti One Tech Alliance Marketplace, a program connecting customers with partner solutions for integrations in , , and automation, fostering ecosystem expansion without direct acquisitions. On January 9, 2025, Ivanti appointed Dennis Kozak as CEO, succeeding Jeff Abbott; Kozak had previously overseen sales, marketing, and operations during a phase of product integration from prior acquisitions, positioning the for continued operational scaling. In March 2025, Ivanti partnered with Project Hosts to accelerate High authorization for its cloud services, enabling faster deployment of secure IT solutions for U.S. government agencies and supporting federal market expansion. A key financial milestone occurred on May 7, 2025, when Ivanti completed a transaction infusing $350 million in new capital and extending debt maturities, providing resources for strategic initiatives in product development and security enhancements amid competitive pressures in enterprise IT. Throughout 2025, Ivanti rolled out quarterly product releases emphasizing efficiency and risk reduction, including Q1 updates for productivity tools, Q2 features like ring deployment for patch management and Android 16 certification in endpoint management, and Q3 improvements for IT and security team workflows. Product milestones included the July 24, 2025, release of Ivanti Connect Secure 22.8, advancing a "Secure by Design" approach with enhanced vulnerability mitigations and policy controls, and October enhancements across endpoint, security, and service management solutions for scalable IT environments and Windows 11 support. Ivanti's innovations garnered multiple 2025 awards, such as the Stratus Award for Cloud Innovation and Product of the Year for Ivanti Neurons for Patch Management, recognizing its cloud-native for rapid deployment and excellence, alongside Cybersecurity Excellence Awards in patch management categories.

Products and Services

Endpoint Management Solutions

Ivanti Endpoint Manager serves as the company's flagship unified endpoint management (UEM) platform, enabling IT teams to discover, inventory, configure, patch, and secure endpoints across Windows, macOS, , Chrome OS, and IoT devices from a single console. This solution integrates , , and capabilities to automate routine tasks and reduce manual intervention. Core features include automated patch management to address vulnerabilities promptly, for efficient application deployment, and OS imaging for standardized device provisioning. components provide layered defenses against zero-day threats, firewall intrusions, and unauthorized processes through device lockdown, behavioral monitoring, and location-aware policies. The platform supports via integrated tools, allowing administrators to resolve issues without physical access. Ivanti Neurons for UEM extends these functionalities with AI-driven, continuous endpoint discovery and inventory, offering real-time visibility into managed devices including mobile platforms like , Android, and Windows. This SaaS-based extension facilitates policy enforcement for both corporate and BYOD scenarios, integrating threat detection to mitigate risks from mobile threats. Secure UEM packages, such as and Premium editions, provide tiered options for and compliance reporting, emphasizing proactive endpoint hardening. The solution's architecture supports hybrid environments, combining on-premises deployment with scalability to handle diverse device fleets, as evidenced by its compatibility with over 1,000 third-party integrations for extended functionality. Recent updates, including the 2024.4 release, have enhanced for patching and deployment workflows to improve operational efficiency.

Security and Exposure Management

Ivanti's exposure management offerings center on a solution that integrates management, risk-based , and automated remediation to identify and mitigate digital risks across hybrid environments including IT, , IoT, and OT assets. This approach emphasizes proactive identification of exposures such as software , misconfigurations, and weak credentials through active and passive scanning methods alongside agentless monitoring, providing visibility into servers, endpoints, mobile devices, websites, and internet-facing assets. Unlike traditional vulnerability scanning, which focuses narrowly on known flaws, exposure management adopts a holistic view by correlating asset data with exploitability and business impact to prioritize threats. Risk assessment employs proprietary metrics including the Vulnerability Risk Rating (VRR) and Ivanti RS³ scores, which leverage AI-driven analysis to evaluate real-world severity beyond standard CVSS ratings, factoring in elements like active exploitation trends and organizational context. Validation of prioritized exposures occurs via integrated tools for breach and attack simulation (BAS), continuous automated red teaming (), and penetration testing (PTaaS), ensuring remediation targets verifiable threats. The solution integrates with the Ivanti Neurons platform for seamless , enabling IT teams to deploy patches, configure fixes, or isolate assets through bots and without manual intervention. Complementing these capabilities, Ivanti Security Controls provides endpoint-focused features such as automated patch deployment for detected vulnerabilities across Windows, , and systems, including agentless options to minimize disruption. It supports dynamic application allowlisting, granular privilege management via just-enough administration (), and real-time dashboards for compliance monitoring, directly linking CVE identifications to patch lists for rapid response. These tools collectively aim to reduce mean time to remediation by aligning operations with empirical , though effectiveness depends on accurate asset and timely integration. As of 2025 updates, enhancements include expanded external management (EASM) for continuous monitoring of internet-exposed assets.

IT Service and Asset Management

Ivanti offers (ITSM) capabilities primarily through Ivanti Neurons for ITSM, a platform designed to automate workflows and enhance operations across incident, problem, and processes. This solution supports ITIL-compliant practices by enabling no-code, drag-and-drop workflow design, AI-powered chatbots for resolution, and proactive issue detection to shift support from reactive to preventive. It provides role-based dashboards for real-time insights, multi-channel ticket management, and mobile accessibility, available in , on-premises, or hybrid deployments to suit varying organizational scales. reduces manual tasks, accelerating resolutions while integrating with existing phone systems for intelligent routing and post-incident feedback via bots. For IT asset management (ITAM), Ivanti delivers Ivanti Neurons for ITAM, which consolidates hardware, software, virtual, and asset data for full lifecycle tracking from procurement to disposal. Key features include real-time automated discovery and normalization of assets, and monitoring, and compliance to mitigate risks and curb overspend through accurate reconciliation. The platform, hosted on an ISO 27001-certified , integrates with discovery tools to map asset linkages and supports software license optimization, providing at-a-glance visibility into usage and threats. Ivanti emphasizes seamless integration between its ITSM and ITAM solutions, feeding asset data into the (CMDB) to automate service requests, incident triage, and compliance workflows. This alignment enables shared visibility, such as linking asset status to service tickets, reducing redundancies and enhancing operational efficiency across IT environments. For instance, ITAM insights inform ITSM processes like change approvals by verifying asset configurations, while ITSM escalations trigger ITAM updates for proactive maintenance.

Ivanti Neurons Platform

The Ivanti Neurons Platform is a cloud-native, AI-powered platform designed to enhance IT operations by providing visibility, , and across endpoints, networks, and services. Announced on July 21, 2020, it functions as a hyper- foundation that enables proactive self-healing of devices, predictive measures, and autonomous for users, aiming to reduce operational risks and costs. The platform integrates , , and analytics to detect events passively and proactively, offering IT teams insights into device performance and potential vulnerabilities without requiring constant manual intervention. Core capabilities include , which supports optimization of resources by resolving issues in real-time without user disruption, and integrated vulnerability prioritization for faster remediation. It encompasses modular solutions such as Ivanti Neurons for ITSM, which streamlines functions and service management; Ivanti Neurons for MDM, handling devices across , Android, macOS, Windows, and others; and extensions for application control to block unauthorized software and mitigate zero-day threats. Additional features cover , zero trust access, and industrial IoT security, with recent updates in 2025.1 incorporating from employee surveys to inform IT strategies. The platform emphasizes agent and user experiences through connected workflows, leveraging data from across IT environments to automate responses and harden postures. For instance, it supports remote attestation and blocking of via application controls, while maintaining standards like AES-256 for stored information. Expansions since launch have included and compliance modules, such as Ivanti Neurons for PPM and GRC, released in October 2021, to address and governance needs.

Security Incidents

2021 Pulse Connect Secure Breach

In April 2021, a critical zero-day vulnerability (CVE-2021-22893) in Pulse Connect Secure VPN appliances, affecting versions 9.0R3 and higher, was actively exploited by threat actors, enabling unauthenticated remote code execution via an authentication bypass in the Windows File Share Browser component. Exploitation evidence dated back to at least March 31, 2021, with attackers chaining the flaw alongside older, unpatched vulnerabilities such as CVE-2019-11510 to gain initial access, exfiltrate data, and deploy web shells for persistence. Pulse Secure issued an out-of-band patch on April 20, 2021, after detecting limited customer compromises, urging immediate upgrades to mitigate risks of arbitrary file execution and network pivoting. The incident compromised numerous organizations, including at least five U.S. federal civilian agencies, defense contractors, and financial institutions, with attackers suspected to be Chinese state-sponsored groups seeking rather than or destruction. CISA and the (then Secure, later integrated into Ivanti) collaborated to assist affected entities, issuing alerts on indicators of compromise like command-and-control traffic to domains mimicking legitimate services. No public disclosure quantified total victims, but advisories from agencies like HHS highlighted active campaigns targeting healthcare and via these flaws. Response efforts emphasized rapid patching and scanning, with international bodies like the UK's NCSC and Canada's CCCS confirming widespread exploitation attempts and recommending to limit lateral movement post-breach. The event underscored persistent risks from unpatched VPN endpoints, contributing to heightened scrutiny of products' security posture ahead of Ivanti's 2022 acquisition of the Pulse Secure business.

2023-2024 Vulnerability Exploits

In January 2024, Ivanti disclosed two zero-day vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways: CVE-2023-46805, an authentication bypass flaw in the web management interface, and CVE-2024-21887, a command injection vulnerability that could enable remote code execution when chained with the former. Exploitation of these flaws required no authentication and allowed attackers to craft malicious requests, leading to unauthorized access and potential persistence via web shells. Threat actors began actively exploiting them in the wild as early as December 2023, with over 600 confirmed compromises observed by security researchers by mid-2024. The U.S. (CISA) issued an advisory on February 29, 2024, warning of ongoing exploitation by multiple threat actors, including those associated with Chinese state-sponsored groups, and added the vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch or disconnect affected systems by March 28, 2024. Ivanti recommended immediate application of integrity checks, factory resets for compromised devices, and upgrades to patched versions (ICS 9.1R19.5, 22.1R5.2, or higher; Policy Secure 9.1R19.1 or 22.1R1), along with monitoring for indicators of compromise such as anomalous logs or unauthorized files. Additional related flaws, including CVE-2024-21888 (another auth ), CVE-2024-21893 (out-of-bounds read), and CVE-2024-22024 ( disclosure), were also disclosed in early 2024 and exploited in tandem, amplifying risks to unpatched gateways used for remote access. Exploitation tactics often involved chaining CVE-2023-46805 for initial access followed by CVE-2024-21887 for command execution, enabling attackers to deploy webshells, exfiltrate data, or establish backdoors, as detailed in analyses from firms like Rapid7 and Akamai. Ivanti's response included enhanced logging and mitigation scripts, but critics noted delays in detection, with some appliances remaining vulnerable due to incomplete patching across legacy versions. By 2024, Ivanti reported mitigating the issues through updated advisories, though widespread scanning and exploitation persisted into mid-2024, underscoring risks in network edge devices.

2025 Zero-Day Attacks and Responses

In early 2025, Ivanti disclosed and patched multiple zero-day vulnerabilities in its Connect Secure VPN appliances, which were actively exploited by threat actors for remote execution (RCE). On January 8, 2025, Ivanti addressed CVE-2025-0282, a stack-based allowing unauthenticated remote attackers to execute arbitrary code on affected systems, with exploitation observed as early as December 2024. Ivanti recommended immediate patching and integrity checks, while the U.S. (CISA) issued alerts urging federal agencies to apply mitigations due to confirmed in-the-wild activity. In April 2025, Ivanti revealed another critical zero-day, CVE-2025-22457, affecting Connect Secure versions up to 22.7R2.5, enabling RCE via unauthenticated access and linked to suspected China-nexus threat actors. The vulnerability was patched on April 3, 2025, with Ivanti advising customers to update , rotate credentials, and monitor for anomalous activity; reported post-exploitation persistence tactics including backdoor deployment. May 2025 saw exploitation of a chained vulnerability pair in Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and earlier: CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (command injection), together allowing unauthenticated RCE. Ivanti issued patches on May 13, 2025, confirming limited breaches and recommending full system reboots and log reviews; CISA added the flaws to its Known Exploited Vulnerabilities catalog on May 14, mandating remediation by federal entities within weeks. Threat actors, including those with China-nexus indicators, deployed malware like malicious listeners post-exploitation, prompting advisories from the UK's NCSC and NHS Digital. Later in 2025, attackers leveraged Ivanti flaws to deploy , an in-memory loader facilitating further payload execution, as detailed in July disclosures; Ivanti's response included enhanced detection tooling in its security advisories. By September, CISA warned of two strains exploiting the EPMM chain around May 15, emphasizing the need for and beyond patching. Ivanti's repeated zero-day incidents drew scrutiny for product hardening, though the company maintained that timely updates mitigated risks when applied promptly.

Reception and Impact

Achievements and Innovations

Ivanti's Ivanti Neurons platform introduced AI-powered automation for IT service management, patch deployment, and vulnerability remediation, enabling self-healing endpoints and predictive risk prioritization across hybrid environments. In July 2025, enhancements to the platform added AI-driven localization for global deployments, auto-ticketing integrations with tools like Microsoft Azure DevOps, and accelerated asset scanning to improve operational efficiency. These updates build on the platform's core innovation of aggregating telemetry data from devices and networks to automate remediation workflows, reducing manual intervention in endpoint security. A key advancement in came with the September 30, 2025, release of Ivanti Connect Secure version 25.X, which incorporated modern operating system compatibility, SELinux enforcement for enhanced kernel protections, and rearchitected components to bolster VPN resilience against exploits. This iteration addressed prior architectural limitations by prioritizing secure-by-default configurations and performance optimizations, setting benchmarks for enterprise VPN deployments. Ivanti's solutions have garnered recognition for these developments, with Ivanti Neurons for ITSM awarded the 2025 Future of Work Product of the Year for its capabilities in service desk operations. Ivanti Neurons for Patch Management received a 2025 Stratus Award for on October 2, 2025, highlighting its cloud-native innovation in third-party patching and deployment speed. Additionally, Ivanti Neurons for External Management earned a Bronze award in the Cyber Exposure Management category at the 20th Annual 2025 Globee Awards, acknowledging its visibility into external assets and risk scoring. Earlier, in 2021, Ivanti secured 11 Creative Awards for its Everywhere Workplace brand launch, which emphasized edge-to-cloud asset unification.

Criticisms and Security Track Record

Ivanti has encountered substantial for its track record, characterized by a pattern of critical vulnerabilities in its networking and endpoint products that have been repeatedly exploited by nation-state actors and cybercriminals. From 2021 onward, Ivanti gateways—particularly those inherited from the Pulse Secure acquisition—have been prime targets, with at least 16 known exploited vulnerabilities since 2024, exceeding other vendors in the network category according to Known Exploited Vulnerabilities (KEV) catalog . This frequency has prompted accusations of systemic deficiencies in secure-by-design practices, with experts questioning whether Ivanti's issues reflect broader challenges in legacy VPN architectures or company-specific engineering lapses. A notable escalation occurred in early 2024, when U.S. (CISA) issued an emergency directive mandating federal agencies to disconnect vulnerable Ivanti Connect Secure and Policy Secure gateways within 48 hours due to active exploitation of zero-day flaws like CVE-2024-21887 (an authentication bypass) and CVE-2024-21893 (a command injection). These attacks, linked to Chinese state-sponsored groups, enabled unauthorized access, , and webshell implantation, affecting defense contractors and government entities. Similar chains persisted into 2025, including exploits of CVE-2025-4428 in Endpoint Manager Mobile for remote code execution and CVE-2025-22457 in VPN products by actors. Critics, including cybersecurity firms like ' , have highlighted Ivanti's delayed patching and insufficient mitigation guidance as exacerbating factors, with observed exploits involving backdoor implants and lateral movement tools like Cobalt Strike. In October 2025, disclosure of 13 unpatched zero-days in Endpoint Manager further fueled concerns, including an insecure deserialization flaw (CVE-2025-11622) allowing remote code execution. Ivanti responded by pledging process overhauls and enhanced bounties, but ongoing incidents—seven exploited flaws by mid-2025—have eroded trust among enterprise users reliant on its exposure management tools. Beyond security, anecdotal reports from IT administrators cite unreliable remote management in legacy products, though these lack widespread empirical validation. Overall, the track record underscores vulnerabilities in perimeter-focused architectures amid rising zero-trust scrutiny, positioning Ivanti as a cautionary case for vendors slow to adapt.

Market Position and Competitive Landscape

Ivanti holds a position in the (ITSM) software market, as recognized by the IDC MarketScape: Worldwide Software 2024 Vendor Assessment, where it was named a Leader for its strategic execution and capabilities in delivering value through platforms like Ivanti Neurons for ITSM. The global ITSM applications market reached $11.4 billion in 2024, growing at a (CAGR) of approximately 6.2% toward $15.4 billion by 2029, with Ivanti competing as a top-tier amid this expansion driven by demand for integrated IT operations and . In IT asset management (ITAM), Ivanti's Neurons platform garners positive reviews for asset consolidation and compliance, though the broader ITAM market is projected at $2.09 billion in 2025 with a 6.32% CAGR to $2.85 billion by 2030, where Ivanti maintains a niche but not dominant share. Financially, Ivanti faced headwinds in 2024, with revenue declining about 4.5% in the first half of its due to a shift from perpetual licenses to subscription models, impacting EBITDA and . This transition, coupled with liquidity concerns, led to downgrades by Fitch to 'C' in May 2025 following a exchange announcement and further to 'RD' amid ongoing pressures, reflecting challenges in maintaining market momentum despite product strengths. In the competitive landscape, Ivanti contends with established players across endpoint management, secure access, and ITSM domains. Key rivals in endpoint management include , VMware Workspace ONE, and , which offer robust unified endpoint solutions often integrated with broader ecosystems. For secure access and zero-trust networking, competitors such as Secure Client, , and provide alternatives emphasizing and threat prevention. In ITSM, dominates with comprehensive , while others like ManageEngine Endpoint Central and challenge Ivanti on cost-effective asset and service desks. Ivanti differentiates through its Neurons platform's focus on AI-driven and security-IT convergence, but faces pressure from larger incumbents with deeper and resources.

References

  1. https://www.ivanti.com/company/contacts
  2. https://www.ivanti.com/company/about-ivanti
  3. https://www.ivanti.com/company/history
  4. https://www.ivanti.com/ivanti-neurons
  5. https://www.ivanti.com/company/press-releases/2017/ivanti-acquires-res
  6. https://www.ivanti.com/company/press-releases/2020/ivanti-announces-strategic-acquisitions-of-mobileiron-and-pulse-secure
  7. https://www.prnewswire.com/news-releases/clearlake-capital-and-ta-associates-backed-ivanti-to-acquire-cherwell-software-301214759.html
  8. https://www.ivanti.com/company/press-releases/2021/ivanti-acquires-risksense-to-revolutionize-the-patch-management-market-and-help-customers-proactively-combat-cyber-threats-and-ransomware-attacks
  9. https://www.ibm.com/think/x-force/exploitation-of-exposed-ivanti-vulnerabilities
  10. https://cyberscoop.com/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list/
  11. https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call
  12. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM
  13. https://www.securityweek.com/zdi-drops-13-unpatched-ivanti-endpoint-manager-vulnerabilities/
  14. https://www.ivanti.com/company/history/landesk
  15. https://redmondmag.com/blogs/the-schwartz-report/2017/01/landesk-and-heat-software-merge-into-ivanti.aspx
  16. https://www.ivanti.com/company/press-releases/2017/clearlake-capital-to-acquire-landesk-and-combine-w
  17. https://www.ivanti.com/company/press-releases/2017/landesk-and-heat-are-now-ivanti
  18. https://www.prnewswire.com/news-releases/landesk-and-heat-software-merge-to-form-ivanti-300394815.html
  19. https://www.ivanti.com/blog/ivanti-faq
  20. https://www.ivanti.com/blog/how-to-lose-years-off-your-life-a-study-in-rebranding-a-company
  21. https://www.ivanti.com/blog/ivanti-global-hq-breaks-ground-on-new-location
  22. https://www.ivanti.com/company/executive-team
  23. https://www.ivanti.com/company/press-releases/2024/ivanti-names-software-industry-leader-dennis-kozak-as-ceo
  24. https://www.ivanti.com/
  25. https://download.ivanti.com/kbattachments/000099093%28GMPE2025.2%29/EULA.pdf
  26. https://www.ivanti.com/company/legal/eula
  27. https://www.ivanti.com/blog/software-license-types
  28. https://www.bmcsoftware.jp/content/dam/bmc/collateral/third-party/omdia-universe-selecting-enterprise-service-management-solution.pdf
  29. https://www.fitchratings.com/research/corporate-finance/fitch-downgrades-ivanti-to-rd-upgrades-idrs-to-b-assigns-stable-outlook-20-05-2025
  30. https://www.ivanti.com/company/press-releases/2015/frontrange-and-lumension-to-merge-and-form-heat
  31. https://rcpmag.com/articles/2017/01/24/landesk-heat-to-form-ivanti.aspx
  32. https://www.prnewswire.com/news-releases/ivanti-acquires-software-optimization-expert-concorde-solutions-extends-it-asset-management-capabilities-300438324.html
  33. https://newsroom.siliconslopes.com/ivanti-acquires-concorde-solutions/
  34. https://www.prnewswire.com/news-releases/ivanti-acquires-res-software-workspace-automation-and-identity-provisioning-innovator-300483380.html
  35. https://channelbuzz.ca/2017/07/ivanti-continues-path-to-become-it-powerhouse-with-res-software-acquisition-22058/
  36. https://www.businesswire.com/news/home/20200928005234/en/MobileIron-to-Be-Acquired-by-Ivanti-to-Secure-Every-Endpoint-and-Power-the-Everywhere-Enterprise
  37. https://www.ivanti.com/blog/ivanti-acquires-mobileiron-and-pulse-secure-to-accelerate-our-vision-for-the-everywhere-enterprise
  38. https://www.prnewswire.com/news-releases/ivanti-backed-by-clearlake-capital-and-ta-associates-announces-strategic-acquisitions-of-mobileiron-and-pulse-secure-to-further-automate-and-secure-endpoints-301138763.html
  39. https://channelbuzz.ca/2021/01/ivanti-ceo-jim-schaper-explains-strategy-of-cherwell-acquisition-35724/
  40. https://channelbuzz.ca/2021/08/ivanti-strengthens-patch-management-with-risksense-acquisition-37254/
  41. https://www.ivanti.com/company/press-releases/2022/ivanti-launches-fully-enabled-global-partner-portal-and-campaign-central
  42. https://thereadable.co/ivanti-launches-new-tech-alliance-marketplace-connecting-customers-and-partners-to-innovative-solutions/
  43. https://www.securityinformed.com/news/ivanti-appoints-dennis-kozak-ceo-2025-co-1608142831-ga.1736398104.html
  44. https://www.ivanti.com/company/newsroom
  45. https://www.ivanti.com/blog/delivering-on-our-commitment-to-empower-customers-with-future-proof-solutions
  46. http://morningsun.net/stories/ivanti-announces-successful-refinancing-and-new-capital-infusion-to-support-key-strategic%2C194543?
  47. https://www.ivanti.com/releases
  48. https://www.ivanti.com/blog/from-legacy-to-security-ivanti-connect-secure
  49. https://www.ivanti.com/company/announcements/2025/ivanti-product-enhancements-drive-stronger-security-and-streamlined-user-experience-for-modern-enterprises
  50. https://www.ivanti.com/company/announcements/2025/ivanti-unveils-enhancements-to-its-it-and-security-solutions-empowering-teams-with-greater-efficiency-and-improving-user-experience
  51. https://www.ivanti.com/company/awards
  52. https://www.ivanti.com/company/announcements/2025/ivanti-neurons-for-patch-management-recognized-as-a-2025-stratus-award-winner-for-cloud-innovation
  53. https://www.ivanti.com/company/announcements/2025/ivanti-neurons-for-patch-management-receives-2025-cloud-computing-security-excellence-award
  54. https://www.ivanti.com/products/endpoint-manager
  55. https://www.ivanti.com/resources/v/doc/ivi/2029/4452c0227e05
  56. https://help.ivanti.com/ld/help/en_US/LDMS/10.0/Windows/security-ldss-c-features.htm
  57. https://www.ivanti.com/use-cases/manage-and-secure-endpoints
  58. https://www.ivanti.com/products/endpoint-manager-mobile
  59. https://www.ivanti.com/unified-endpoint-management
  60. https://www.youtube.com/watch?v=-_S3P80N-pg
  61. https://www.ivanti.com/exposure-management
  62. https://www.ivanti.com/glossary/exposure-management
  63. https://www.ivanti.com/products/security-controls
  64. https://www.ivanti.com/resources/research-reports/proactive-security
  65. https://www.ivanti.com/products/ivanti-neurons-itsm
  66. https://www.ivanti.com/products/it-asset-management
  67. https://www.ivanti.com/resources/v/doc/ivi/2302/55db2a0149a7
  68. https://www.ivanti.com/blog/city-of-seattle-adding-itam-to-its-itsm-platform-improves-service-delivery-while-optimizing-assets
  69. https://www.ivanti.com/company/press-releases/2020/ivanti-announces-ivanti-neurons
  70. https://stovaris.pl/en/rozwiazania/zarzadzanie-i-bezpieczenstwo-it/skrocony-przewodnik-po-platformie-ivanti-neurons/
  71. https://www.ivanti.com/products/ivanti-neurons-for-unified-endpoint-management
  72. https://www.ivanti.com/company/press-releases/2023/ivanti-unveils-new-capabilities-for-ivanti-neurons-platform-to-continue-to-enable-customers-to-optimize-it-and-harden-their-security-posture
  73. https://www.ivanti.com/products/ivanti-neurons-for-mdm
  74. https://www.ivanti.com/company/press-releases/2024/ivanti-launches-neurons-for-app-control-solution-to-boost-endpoint-security
  75. https://www.youtube.com/watch?v=lI2mtH3IsjQ
  76. https://invgate.com/itdb/ivanti-neurons-for-itsm
  77. https://apacnewsnetwork.com/2021/10/ivanti-extends-neurons-platform-for-network-security-compliance-and-productivity/
  78. https://nvd.nist.gov/vuln/detail/cve-2021-22893
  79. https://www.rapid7.com/blog/post/2021/04/21/active-exploitation-of-pulse-connect-secure-zero-day-cve-2021-22893/
  80. https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-110a
  81. https://www.ivanti.com/blog/pulse-connect-secure-security-update-1
  82. https://www.cnn.com/2021/04/29/politics/pulse-connect-secure-vpn-hack-federal-agencies-potential-breach
  83. https://www.cyber.gc.ca/en/alerts/active-exploitation-pulse-connect-secure-vulnerabilities
  84. https://www.hhs.gov/sites/default/files/pulse-secure-vulnerabilities.pdf
  85. https://www.ncsc.gov.uk/news/advice-on-pulse-connect-secure-rce-vulnerability
  86. https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways
  87. https://www.ncsc.gov.uk/news/exploitation-ivanti-vulnerabilities
  88. https://www.paloaltonetworks.com/cyberpedia/ivanti-VPN-vulnerability-what-you-need-to-know
  89. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
  90. https://forums.ivanti.com/s/article/Recovery-Steps-Related-to-CVE-2023-46805-and-CVE-2024-21887
  91. https://www.rapid7.com/blog/post/2024/01/11/etr-zero-day-exploitation-of-ivanti-connect-secure-and-policy-secure-gateways/
  92. https://www.akamai.com/blog/security-research/ivanti-january-rce-cve-zero-day-exploitation-observed
  93. https://cert.europa.eu/publications/security-advisories/2024-004/
  94. https://www.rapid7.com/blog/post/2025/01/08/etr-cve-2025-0282-ivanti-connect-secure-zero-day-exploited-in-the-wild/
  95. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
  96. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability
  97. https://arcticwolf.com/resources/blog-uk/cve-2025-22457-ivanti-connect-secure-vpn-vulnerable-to-zero-day-rce-exploitation/
  98. https://digital.nhs.uk/cyber-alerts/2025/cc-4655
  99. https://www.cisa.gov/news-events/analysis-reports/ar25-261a
  100. https://www.ncsc.gov.uk/news/active-exploitation-ivanti-vulnerability
  101. https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability
  102. https://thehackernews.com/2025/07/ivanti-zero-days-exploited-to-drop.html
  103. https://thehackernews.com/2025/09/cisa-warns-of-two-malware-strains.html
  104. https://cyberscoop.com/ivanti-epmm-defects-exploited/
  105. https://www.ivanti.com/company/press-releases/2025/ivanti-debuts-new-ivanti-connect-secure-version-25-x-with-modern-os-and-selinux-advances-that-set-new-standard-for-vpn-security
  106. https://www.ivanti.com/releases/2025/q3
  107. https://www.ivanti.com/company/announcements/2025/ivanti-neurons-for-external-attack-surface-management-recognized-as-a-bronze-winner-at-the-20th-annual-2025-globee-awards-for-technology
  108. https://www.ivanti.com/company/press-releases/2021/ivanti-wins-eleven-2021-muse-creative-awards-for-everywhere-workplace-brand-launch
  109. https://techcrunch.com/2024/02/01/cisa-federal-agencies-disconnect-ivanti-vpn/
  110. https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2023-46805-cve-2024-21887/
  111. https://cyberpress.org/ivanti-patches-13-critical-vulnerabilities/
  112. https://www.reddit.com/r/sysadmin/comments/ydd7so/whats_your_experience_with_ivanti/
  113. https://www.ivanti.com/lp/itsm/reports/2024-idc-marketscape-worldwide-it-service-management-software-2024-vendor-assessment
  114. https://www.appsruntheworld.com/top-10-it-service-management-software-vendors-and-market-forecast/
  115. https://www.gartner.com/reviews/market/software-asset-management-tools/vendor/ivanti
  116. https://www.mordorintelligence.com/industry-reports/it-asset-management-market
  117. https://www.spglobal.com/ratings/es/regulatory/article/-/view/type/HTML/id/3277868
  118. https://www.fitchratings.com/research/corporate-finance/fitch-downgrades-ivanti-ratings-to-c-on-exchange-announcement-removes-rating-watch-negative-09-05-2025
  119. https://cyberpress.org/best-endpoint-management-software/
  120. https://www.ivanti.com/alternatives
  121. https://budibase.com/blog/alternatives/ivanti/
  122. https://www.atera.com/blog/ivanti-alternatives/
Add your contribution
Related Hubs
User Avatar
No comments yet.