What is External Attack Surface Management (EASM)?
Your attack surface is everything an attacker can reach from the internet. EASM is how you see and shrink it, continuously.
External Attack Surface Management (EASM) is the continuous discovery, monitoring, and reduction of everything your organisation exposes to the public internet: domains, subdomains, servers, cloud assets, exposed services, and leaked data. It is an outside-in view, built from the attacker's side of the network.
The reason EASM exists is simple: most organisations cannot list everything they have online. Cloud sprawl, forgotten assets, and shadow IT mean the real attack surface is larger than the inventory anyone maintains, and attackers find the gaps first.
- EASM maps your internet-facing assets continuously, including ones you forgot you had.
- It is outside-in, unlike a vulnerability scan that checks assets you already point it at.
- It surfaces exposures, leaked credentials, and lookalike domains before attackers use them.
- Continuous monitoring matters because the attack surface changes constantly.
EASM versus vulnerability scanning
A vulnerability scanner checks hosts you give it. EASM starts with no list and discovers what exists under your name using public signals such as certificate transparency and mail-record pivots. In other words, a scanner tells you about the assets you know; EASM tells you about the ones you do not.
What a good EASM programme covers
Mature EASM looks across several lenses:
- Exposed assets and shadow IT across domains, subdomains, and cloud.
- Open ports, services, and fingerprintable software versions.
- Leaked employee and executive credentials from breaches and the dark web.
- Email spoofability through SPF, DKIM, and DMARC posture.
- Brand and lookalike domains used to impersonate you.
- A prioritized, quantified view so you fix what matters first.
Why it is continuous, not one-time
Assets appear and disappear every week: a new marketing microsite, a cloud bucket, a vendor integration, an expired certificate. A point-in-time assessment is stale within days. Effective EASM runs continuously and alerts you when exposure changes.
Frequently asked questions
See your attack surface now
Get a free, outside-in view of everything exposed under your name, graded A to F.
Run a free check