External Attack Surface Management (EASM)

Intruder's EASM solution continuously monitors your external attack surface to discover unknown assets, highlight exposures that traditional scanners miss, and react quickly to dynamic environments and the changing threat landscape.

What is external attack surface management?

External attack surface management (EASM) is the process of discovering assets and services exposed to the internet and minimizing their exposure to prevent them being exploited by threat actors.

An organization's external attack surface includes all the services and systems that can be accessed from the internet. This attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments.

An EASM solution like Intruder helps organizations discover their externally facing assets and continuously monitor them to reduce business risk.

Discover your true external attack surface

You can't protect what you don't know is there, which is why external attack surface management should begin with asset discovery. Intruder helps you discover digital assets across your entire attack surface, including subdomains, login pages in web applications, APIs, exposed services, and more. Connect your AWS, GCP, Cloudflare, or Azure account and automatically kick off scans when a new service is spun up.

Unparalleled insight into your external attack surface

Gain deep insights into your attack surface. Easily search across your external attack surface to see what's exposed. Find open ports and services before attackers can. Monitor for changes and get the visibility you need to stay ahead of threats.

Find and fix exposures on your external attack surface

Identify risky issues such as exposed admin panels, publicly-facing databases, misconfigurations, and expiring certificates. Intruder uncovers exposures in internet-facing assets that traditional scanners miss by customizing outputs from multiple scanning engines and providing you with a list of actionable results.

Proactively protect your external attack surface

Scan your external attack surface whenever it changes or when a new threat emerges in the wild. Automated proactive and reactive scanning keeps your internet-exposed attack surface secure even when the threat landscape changes.

A guardian for your cloud accounts

For businesses with everything in the cloud, or those spinning up VMs and containers regularly, it is challenging to keep track of everything exposed to the internet.

Intruder gives you complete visibility of your assets across multiple cloud environments in one place, making external attack surface management effortless.

Our customers think we're excellent

Rated 4.8 out of 5 with over 151 reviews

G2 testimonial quality  badge
arrow left
arrow right
arrow left
arrow right

What is exposure management and how does it differ from ASM?

Intruder's VP of Product, Andy Hornegold, explores exposure management, how it differs from ASM, and why it's becoming essential to organizations' security programs.

What is an external attack surface?
faq arrow

An attack surface is the sum total of all possible paths that can be used to exploit a computer system or network.  

More specifically, your external attack surface refers to all the services and systems that can be accessed from the internet. This attack surface changes continuously over time, and includes digital assets that are on-premises, in the cloud, in subsidiary networks, and in third-party environments.  

What are some examples of an external attack surface?
faq arrow

Some examples of external attack surface include:

  • VPNs and Gateways: Used to provide remote access for employees.
  • Applications: Including for internal staff, marketing apps, and apps for customers.
  • APIs: Including APIs for applications, automation, and cloud APIs like AWS Lambda or Azure Functions.
  • IoT Devices: Such as IP cameras, smart lighting, programmable logic controllers, and other IoT products exposing services to the internet.
  • Third Party Applications: Data you store with third party internet-facing applications, including code repositories like GitHub or GitLab.
  • Other Servers and Services: Such as file transfer services, DNS servers, network-attached storage, database servers, and any internet-exposed server.

This isn’t an exhaustive list, but anything accessible to an attacker, including services with authentication and 2FA, constitutes an external attack surface.

How do Intruder’s emerging threat scans work?
faq arrow

When a new vulnerability is discovered in software deployed on your perimeter, Intruder scans your systems and alerts you automatically. Learn more.

What is CloudBot?
faq arrow

CloudBot automatically adds new external IP addresses or hostnames in your cloud accounts as Intruder targets. You can enable Intruder to automatically scan new targets as they are added, and create rules to control what’s imported. Head to our help article to learn more.

What is Rapid Response?
faq arrow

Intruder’s Rapid Response is manually carried out by our security team to check for the latest critical weaknesses hitting the news, including some that our scanners don't have checks for yet or ones that are better detected by a person. When a threat is identified, we'll scan your systems and notify you if we suspect that any could be affected. We will also send you an advisory with further details and recommendations.

What is the external attack surface management process?
faq arrow

The process of external attack surface management can be summarized as follows:

  1. Discover and map all your digital assets with asset discovery
  2. Ensure visibility and create a record of what exists
  3. Run a vulnerability scan to identify any weaknesses
  4. Automate so everyone who creates infrastructure can do so securely
  5. Continuously monitor as new infrastructure and services are spun up
What's the difference between vulnerability management and external attack surface management?
faq arrow

Vulnerability management is the process of identifying and prioritizing vulnerabilities in an organization's IT infrastructure and applications.

External attack surface management goes a step further by discovering your exposed assets to identify and analyze an organization's attack surface.

Read more about the differences between vulnerability management vs attack surface management.

What's the difference between exposure management and external attack surface management?
faq arrow

Exposure management (EM) builds on external attack surface management by factoring in the priority of an organization's assets and the potential attack paths a threat actor might exploit to reach these assets.

EM is broader in scope than external attack surface management, as it includes assets beyond those which have an IP address, such as: data assets, user identities, cloud account configuration, and SaaS products.

Learn more in our blog on exposure management.

What are Intruder's asset discovery methods?
faq arrow

Intruder uses a range of automated detection techniques to discover assets such as subdomains, related domains, logins, and APIs. You can also integrate Intruder with your cloud accounts to automatically detect new cloud services.

Learn more about Intruder's attack surface discovery methods.

Reduce your attack surface today

7 days free trial