External Attack Surface Management (EASM)
What is External Attack Surface Management (EASM)?
External Attack Surface Management (EASM)Continuous discovery and monitoring of all internet-facing assets that belong to an organization, viewed from an outside-in attacker perspective.
EASM focuses specifically on assets exposed to the public internet: domains, subdomains, IP ranges, cloud workloads, SaaS instances, certificates, exposed services, and leaked code or credentials. Platforms use DNS data, BGP, scanning, certificate transparency logs, dark-web feeds, and OSINT to map what an attacker can see without any internal access. Identified assets are attributed to business units, scored for risk, and tracked over time as the attack surface changes. EASM is widely used to find shadow IT after acquisitions, identify unmanaged cloud accounts, and reduce the noisy gap between security inventory and reality.
● Examples
- 01
EASM discovering an unmanaged Azure tenant created by a marketing team that hosts production data.
- 02
EASM flagging a soon-to-expire wildcard certificate on a customer-facing subdomain.
● Frequently asked questions
What is External Attack Surface Management (EASM)?
Continuous discovery and monitoring of all internet-facing assets that belong to an organization, viewed from an outside-in attacker perspective. It belongs to the Defense & Operations category of cybersecurity.
What does External Attack Surface Management (EASM) mean?
Continuous discovery and monitoring of all internet-facing assets that belong to an organization, viewed from an outside-in attacker perspective.
How do you defend against External Attack Surface Management (EASM)?
Defences for External Attack Surface Management (EASM) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for External Attack Surface Management (EASM)?
Common alternative names include: EASM.