The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
Products Overview Attack Surface Management Automated Security Testing Exploit Intelligence
Features How It Works Discovery Contextualization Active Security Testing Prioritization Remediation Acceleration
GigaOm Radar for Attack Surface Management 2024

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  More...

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

Real World Solutions Assess Your Security Effectiveness Evaluate Merger & Acquisition Risk Manage Your Attack Surface
  Monitor Subsidiary Risk Prioritize & Eliminate Attack Vectors Scale Your Pen Testing Simplify Compliance Initiatives
State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. More...

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

Meet Our Customers Customer Overview Customer Stories Asklepios Ströer Human API Scientific Games
Current Customers Customer Testimonials Customer Videos Customer Support Customer Login Knowledge Base
The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Company About Us Leadership Team Careers Privacy and Trust
News Latest News Press Releases Media Coverage Events Awards
Partners Partner Program Resellers, MSPs & Systems Integrators Technology Alliance Partners
  Partner Training Sales Training Technical Bootcamps Become a Partner Partner Login
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Resources Research Reports White Papers + eBooks Solution Briefs Datasheets Webinars Videos
Learning Center Application Security Attack Surface Exposure Management Vulnerability Assessment Vulnerability Management
EASM 101 External Attack Surface Management Attack Surface Management Attack Surface Discovery
  Attack Surface Protection Attack Surface Reduction Security & Compliance Glossary

Passive Scanning

Passive scanning is a reconnaissance workflow that typically does not involve direct interaction with a digital asset, for example parsing open-source intelligence (OSINT) such as DNS enumeration or Google searches.

Passive scanning may also include singular direct interaction with a digital asset through tool categories like open-source network mappers or port scanners to gather running service software versions. Passive scanning can build a basic, but unvalidated list of the externally exposed assets and alert on the possible presence of common vulnerabilities and exposures (CVE). Also see "Active Testing".

See Also
Resources > Solution Briefs
Active Testing vs. Passive Scanning to Detect Attack Surface Risk

Learn about the approaches, the challenges, the benefits, and how you can achieve continuous and comprehensive security testing across all of your external assets.