What is External Attack Surface Management (EASM)?
External Attack Surface Management (EASM) is a new emerging concept which provides a way to continuously discover, fingerprint and assess all your Internet exposed (external facing) assets that may lead to compromise or leak if misconfigured, unmanaged or unpatched.
When it is not done continuously, External Attack Surface Management (EASM) can sometimes be called: RECON, fingerprinting or digital footprint.
We do not sell EASM independently but we use it as a first step for our PTaaS.
Why doing External Attack Surface Management (EASM)?
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” – Sun Tzu, The Art of War
Every day:
- 4 critical vulnerabilities are being referenced.
- 30,000 websites are hacked worldwide.
- 2,200 companies are hacked worldwide.
Do you have an exhaustive continuously updated repository of all your Internet exposed assets hosting data and bearing your brand ?
External Attack Surface Management (EASM) brings you a continuously updated view of your Internet exposed (external facing) and the associated cybersecurity risks.
Patrowl’s External Attack Surface Management (EASM)
With Patrowl’s EASM you can confirm the ownership of your asset and discover unmanaged assets, Shadow IT, Phishing websites mimicking your corporate visual identity, Counterfeiting e-market…
It allows you to:
- Monitor continuously any changes on your external-facing assets
- Continuously discover and map your external-facing assets including Shadow IT, phishing websites being prepared and counterfeit
- Analyze continuously the assets attributes like exposed services, components versions… to evaluate the risk depending on the news, asset criticality and threat
- Prioritize and remediate (please see PTaaS).
How it differs from existing?
There is no actual solution that allows you to go as far as Patrowl’s External Attack Surface Management (EASM): not limited by the scope and continuously.
Traditionally, external-facing assets fingerprint or External Attack Surface Analysis are done once a year, unable to follow your business creativity and unpredictability.
What kind of components can EASM discover?
External Attack Surface Management (EASM) can help you to discover many components forgotten, orphaned, unmanaged, unpatched… exposing data and brand:
- Web sites
- Web services and API
- Remote Access and VPN
- File share
- File storage
- SaaS applications used for project management, test, trial, temporary promotional operation…
- Source code repository (leaked credentials, exposed secrets or data)
- …
What kind of assets can Patrowl work with?
Patrowl do External Attack Surface Management (EASM) based on several types of assets:
- IP addresses
- IP subnet
- Autonomous System
- DNS Zone
- Domain name
- Second level domain name
- All types of DNS records (MX, SPF, DMARC, NS…)
- FQDN
- URL
- Public cloud tenant / account
- Email addresses
- Keywords (company name, trademark, product name, chemical formula…)