Ivanti
Working at Ivanti
Company Summary
Overall Rating

3% below

Highly rated for
Work-life balance

Critically rated for
Promotions, Job security, Skill development
Work Policy




Top Employees Benefits
About Ivanti
Ivanti unifies IT processes and security operations to better manage and secure the digital workplace. For more than three decades, we’ve built our reputation on helping IT professionals fix their security issues and optimize their user experience. Our sought-after systems are some of the best in the industry. From patch and asset management to IT service delivery and security, our software is everything you need to take your IT operations to the next level. We also ensure that supply chains and warehouse teams have the most up-to-date technology in order to perform their essential functions. Follow us for regular expert advice on cybersecurity, IT asset management, IT service management, Windows 10 migration, and much more.
Ivanti Ratings
Overall Rating
Category Ratings
Work-life balance
Company culture
Salary
Work satisfaction
Skill development
Job security
Promotions
Work Policy at Ivanti
Ivanti Reviews
Top mentions in Ivanti Reviews
Compare Ivanti with Similar Companies
Change Company | Change Company | Change Company | ||
---|---|---|---|---|
Overall Rating | 3.6/5 based on 76 reviews | 3.6/5 based on 253 reviews | 4.4/5 based on 1.1k reviews | 4.0/5 based on 214 reviews |
Highly Rated for | Work-life balance | Salary | Salary Company culture Work-life balance | Work-life balance Salary Company culture |
Critically Rated for | Promotions Job security Skill development | Job security Promotions Skill development | No critically rated category | Job security |
Primary Work Policy | Hybrid 77% employees reported | Work from office 92% employees reported | Hybrid 50% employees reported | - |
Rating by Women Employees | 3.6 Good rated by 12 women | 3.5 Good rated by 66 women | 4.4 Good rated by 342 women | 4.1 Good rated by 52 women |
Rating by Men Employees | 3.6 Good rated by 59 men | 3.6 Good rated by 170 men | 4.4 Good rated by 668 men | 3.9 Good rated by 148 men |
Job security | 3.0 Average | 2.8 Poor | 3.6 Good | 3.2 Average |
Ivanti Salaries
Senior Software Engineer
Software Engineer
Staff Software Engineer
Associate Software Engineer
Technical Solutions Engineer
Staff Engineer
Software Engineer2
Principal Software Engineer
Senior Software Engineer Testing
Senior Software Development Test Engineer
Ivanti Interview Questions
Interview questions by designation
Top Ivanti interview questions and answers
Ivanti Jobs
Ivanti News
Ransomware criminals love CISA's KEV list – and that's a bug, not a feature
- Attackers are actively monitoring databases of vulnerabilities useful for ransomware attacks, with 28% of bugs in CISA's KEV list used by ransomware criminals in 2024.
- The KEV program aims to improve patching in the US public sector but is unintentionally benefiting the private sector.
- Some vulnerabilities exploited by ransomware groups were added to the KEV catalog after being used.
- Old vulnerabilities were exploited as well, like CVE-2018-10561 in Dasan GPON home routers.
- In 2024, 40% of exploited vulnerabilities were at least four years old, prompting the need to address persistent threats.
- Ivanti faced zero-day exploits impacting its VPN and security products, urging customers to enhance security measures.
- D-Link's reluctance to patch critical vulnerabilities in end-of-life products poses risks, prompting consideration for switching vendors.
- VMware's handling of critical flaws led to recommendations to evaluate alternative virtualization platforms for better security practices.
- Organizations are advised to consider alternative VPN and security solutions to mitigate risks of system compromise.
- Security researchers urge users to prioritize security and opt for vendors with better security practices and rapid vulnerability response.

This Week in Security: OpenSSH, JumbledPath, and RANsacked
- OpenSSH has patched two vulnerabilities, one involving a potential logic bug similar to Apple's 'goto fail' SSL flaw.
- A vulnerability in VerifyHostKeyDNS handling could allow an attacker to bypass server verification.
- Another vulnerability in OpenSSH's PING mechanism could lead to a denial of service attack and memory exhaustion.
- JumbledPath malware breached US telecom providers through credential stealing, as reported by Cisco Talos.
- Ivanti Warp-Speed Audit identified four new vulnerabilities in Ivanti's Endpoint manager, exposing it to credential relay attacks.
- The Florida Institute for Cybersecurity Research discovered serious vulnerabilities in LTE and 5G systems using fuzzing.
- RANsacked research revealed a plethora of vulnerabilities in LTE and 5G systems, totaling 119.
- A vulnerability in Chatwork's desktop version allows for arbitrary remote code execution when a malicious link is clicked.
- A historical vulnerability in Microsoft's VM images for Edge and IE allowed for arbitrary code execution due to Puppet misconfiguration.
- An analysis of the Arechclient2 Remote Access Trojan (RAT) reveals its data collection capabilities and aggressive obfuscation.

Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
- Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs.
- The vulnerabilities, rated 9.8 out of 10 in severity, are absolute path traversal flaws.
- The flaws can be exploited by an unauthenticated attacker to compromise Ivanti Endpoint Manager deployment.
- Ivanti urges users to install patches and a second version of the fix to address the issues.

Ivanti reveals major security update, so make sure you're protected
- Ivanti has released patches for four critical-severity vulnerabilities discovered in Connect Secure, Policy Secure, and Cloud Services Applications.
- The vulnerabilities can be used for highly disruptive cyberattacks and have a severity score of 9.1/10.
- Users are advised to apply the patches as soon as possible to protect against remote code execution attacks.
- While there is no evidence of in-the-wild abuse, the popularity of Ivanti's products makes them a target for cyberattacks.

Brute Force Attack hits VPN devices with 2.8M IPs
- A large-scale brute force attack is targeting networking devices from Palo Alto Networks, Ivanti, SonicWall, and others.
- The attack has been active since last month, with 1.1 million attacking IPs originating from Brazil.
- The attackers are leveraging compromised routers and IoT devices to mask their activity.
- To defend against these attacks, organizations should change default admin credentials, enforce multi-factor authentication, and update firmware regularly.

A brief history of mass-hacks
- Enterprise cybersecurity tools such as routers, firewalls, and VPNs have software bugs that allow malicious hackers to compromise corporate networks.
- These bugs have led to an increase in mass-hacking campaigns, allowing hackers to abuse security flaws and steal sensitive company data.
- Some of the largest mass-hacks in recent years include using the MOVEit, Ivanti VPN, and Fortra file-transfer tools.
- Hackers also exploited unpatched zero-day vulnerabilities in Cisco’s networking software and the Citrix NetScaler in one of the other hacks.
- ConnectWise ScreenConnect, a popular remote access tool, was one of the tools taken advantage of early this year.
- Palo Alto’s next-generation firewalls also had vulnerabilities that were exploited by hackers later in 2024.
- Cleo Software’s tools were exploited in 2024 to target dozens of the company’s customers.
- In January 2025, Ivanti and Fortinet fell victim to hackers, with SonicWall also reporting that hackers are exploiting their product as well.
- Given the potential impact of these mass-hacks, it's important for organizations to address software bugs in enterprise cybersecurity tools quickly.
- Software developers and cybersecurity practitioners should collaborate and work towards finding ways to prevent these types of breaches.

Hackers are still using old Ivanti bugs to break into networks
- The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a warning about the exploitation of old Ivanti flaws to breach networks.
- The agencies have identified four vulnerabilities that are being chained together by threat actors to gain access, conduct remote code execution, obtain credentials, and implant webshells on victim networks.
- The flaws, which were patched in September and October 2024, were initially zero-days and have been consistently abused since then.
- CISA and the FBI are urging network administrators to upgrade and monitor for signs of compromise, as credentials and sensitive data stored within the affected Ivanti appliances should be considered compromised.

Critical Ivanti Zero-Day Exploited: Immediate Action Required
- The UK’s National Cyber Security Centre (NCSC) and its US counterpart have issued an urgent advisory to Ivanti customers after discovering two critical vulnerabilities, one of which is actively exploited.
- Two critical vulnerabilities have been discovered in Ivanti Connect Secure, Policy Secure, and ZTA gateways.
- CVE-2025-0282 is a zero-day vulnerability allowing remote code execution, while CVE-2025-0283 is a privilege escalation vulnerability.
- Ivanti Connect Secure has patches available, while updates for Policy Secure and ZTA gateways are expected soon.

Nominet says it was hit by cyberattack following recent Ivanti VPN security issue
- Top domain registrar company Nominet warns customers of a cyberattack due to a zero-day vulnerability in Ivanti VPN products.
- Attackers exploited the zero-day vulnerability in third-party VPN software supplied by Ivanti.
- Nominet has not found evidence of data tampering or backdoor planting.
- The attack did not cause significant disruption and additional safeguards have been put in place.

UK Domain Registry Nominet hit by Ivanti Zero-Day Exploit
- Nominet, the official .uk domain registry, faced a cyberattack exploiting a zero-day vulnerability in Ivanti's VPN software.
- The breach was discovered in January 2025 and is the first confirmed exploitation of the critical vulnerability.
- No evidence of data theft or unauthorized access has been found, and safeguards have been implemented.
- The attack is linked to a Chinese state-sponsored hacking group, and patches have been released to address the vulnerability.

Compare Ivanti with




















Contribute & help others!
Companies Similar to Ivanti








Ivanti FAQs
Reviews
Interviews
Salaries
Users/Month