External Attack Surface Management
      Back to home
      1. Knowledge Base
      2. Attack Surface Management
      3. External Attack Surface Management

      What are the capabilities of External Attack Surface Management (EASM)?

      External Attack Surface Management (EASM) is a crucial component of Attack Surface Management (ASM). It focuses on discovering and assessing potential vulnerabilities and security weaknesses within an organization's internet-facing infrastructure. EASM and ASM are integrated with our vulnerability management platform, so discovered assets can be automatically assessed to find vulnerabilities.

      Discover & identify your external attack surfaces

      For each type of asset, there are multiple automated methods available to identify, monitor, and assess them for potential vulnerabilities.

      System & network assets

      Run discovery scans of your external networks to ensure you have identified all internet-facing assets (systems/servers, computers, IoT, and other devices). You can use the external scan resources (cloud scanners) from Holm Security to simulate visibility and accessibility across your networks. The scan automatically adds discovered assets to your asset groups (tags), and from this point, they can be automatically assessed for vulnerabilities. 

      • Required product for asset discovery and monitoring: System & Network Security
      • Required product for assessment: System & Network Security

      Learn more about utilizing discovery scans to quickly identify active network assets

      Web  assets

      When a network scan identifies a host running a web service, the host is automatically marked as ready to be added to the catalog. All web surfaces in the catalog can be added as web application assets and scanned with our web application scanner.

      • Required product for asset discovery and monitoring: System & Network Security
      • Required product for assessment: Web Application Security

      Learn more about incorporating web services found by network scans into web scans

      Domain asset discovery

      The domain asset discovery feature can help you discover domain assets you were unaware of. It automatically checks for subdomains (e.g., server-1.yourdomain.com) on the Internet that match your domains. Discovered domains can then be added automatically to your assessments to find vulnerabilities.

      • Required product for asset discovery and monitoring: System & Network Security
      • Required product for assessment: System & Network Security and Web Application Security

      Learn more about how to set up domain asset discovery

      Cloud Native Resources
      With our dedicated Cloud Security, you can easily monitor all your available cloud resources in specific cloud environments. Cloud security posture management (CSPM) is the practice of controlling cloud infrastructure risk. Cloud Security automates the detection of misconfigurations across cloud resources. supported vendors include:

      • Microsoft Azure
      • Amazon Web Services
      • Google Cloud
      • Oracle Cloud

      https://support.holmsecurity.com/knowledge/how-do-i-scan-my-cloud-environment

      Inventory & classification

      Establishing and regularly updating a comprehensive inventory of assets while e categorizing them according to their associated risks and levels of exposure.

      It's important to continuously evaluate newly discovered assets. External assets, which are the most exposed assets in your environment, should always be incorporated into regular assessments.

      Becoming familiar with the tagging feature is highly advisable, as it provides valuable insights into your complete asset inventory. Tags play a crucial role in organizing and managing assets, and much of this process can be automated using tag rules. Additionally, assets identified under specific conditions will be marked as Internet-facing, enhancing your visibility of potential vulnerabilities.

      Learn more and start creating tags

      Risk analysis

      Evaluating the risk linked to each asset involves analyzing its level of exposure and the potential consequences of its compromise. After a vulnerability assessment is conducted on each asset, a risk score is automatically assigned based on various criteria. This sophisticated risk-scoring system simplifies the process of prioritizing assets, allowing organizations to focus on the most critical assets.

      You can read more about how the risk score is calculated here

      Benchmark your risk score against others
      Through the industry benchmark widget, you can compare your account risk score performance to that of others in the same industry and globally.

      How do I create an industry benchmark widget?

      Monitoring & management

      Continuously monitor the external attack surface for changes and emerging threats and take steps to manage and reduce risks. Several features help you continuously monitor how your environment develops over time. Once you have started gathering data, these are some features you can use to continuously monitor. 

      Dashboards

      The dashboard can help you visualize your data; dozens of customizable widgets are relevant for tracking how the environment develops over time, both from an asset perspective and from vulnerabilities, including risk scores.

      How do I create a dashboard?

      Continuous monitoring

      Create your own dedicated monitoring profiles to be alerted to specific events. Want to be notified if someone sets up a new web server in your environment? This is the perfect feature to instantly find out.

      How do I get started with continuous monitoring?

      Vulnerability manager

      Create filters and selections to easily find information about specific vulnerabilities affecting your assets. Mitigate risk by following the remediation advice given for every vulnerability found. 

      How do I get started with vulnerability manager?