Platform
Solutions
Partners
Why NMT
Resources
Contact Us
GuidesFundamentals

What is External Attack Surface Management (EASM)?

Your attack surface is everything an attacker can reach from the internet. EASM is how you see and shrink it, continuously.

6 min read

External Attack Surface Management (EASM) is the continuous discovery, monitoring, and reduction of everything your organisation exposes to the public internet: domains, subdomains, servers, cloud assets, exposed services, and leaked data. It is an outside-in view, built from the attacker's side of the network.

The reason EASM exists is simple: most organisations cannot list everything they have online. Cloud sprawl, forgotten assets, and shadow IT mean the real attack surface is larger than the inventory anyone maintains, and attackers find the gaps first.

Key takeaways
  • EASM maps your internet-facing assets continuously, including ones you forgot you had.
  • It is outside-in, unlike a vulnerability scan that checks assets you already point it at.
  • It surfaces exposures, leaked credentials, and lookalike domains before attackers use them.
  • Continuous monitoring matters because the attack surface changes constantly.

EASM versus vulnerability scanning

A vulnerability scanner checks hosts you give it. EASM starts with no list and discovers what exists under your name using public signals such as certificate transparency and mail-record pivots. In other words, a scanner tells you about the assets you know; EASM tells you about the ones you do not.

What a good EASM programme covers

Mature EASM looks across several lenses:

  • Exposed assets and shadow IT across domains, subdomains, and cloud.
  • Open ports, services, and fingerprintable software versions.
  • Leaked employee and executive credentials from breaches and the dark web.
  • Email spoofability through SPF, DKIM, and DMARC posture.
  • Brand and lookalike domains used to impersonate you.
  • A prioritized, quantified view so you fix what matters first.

Why it is continuous, not one-time

Assets appear and disappear every week: a new marketing microsite, a cloud bucket, a vendor integration, an expired certificate. A point-in-time assessment is stale within days. Effective EASM runs continuously and alerts you when exposure changes.

Frequently asked questions

Is EASM the same as a penetration test?
No. A penetration test is a deep, point-in-time assessment of specific systems. EASM is continuous, broad discovery of everything exposed under your name. They complement each other.
Do I need to install anything for EASM?
No. EASM is agentless and outside-in. It uses public internet signals, so there is nothing to install and no internal access required.
How does NMT do EASM?
NMT continuously discovers your internet-facing assets across six lenses, surfaces exposures and dark-web leaks, and returns a board-ready A to F grade with prioritized fixes.

See your attack surface now

Get a free, outside-in view of everything exposed under your name, graded A to F.

Run a free check
Related
See what attackers see about you NOVA DRIM platform Guide: What is Third-Party Risk Management?