Skip to main content
Glossary Definition

Attack Surface Management


Attack Surface Management

Attack surface management (ASM) is the process of continuously discovering, classifying and assessing the security of your IT ecosystem. The process can be broadly divided into (a) activities performed in managing internet-exposed assets (a process called external attack surface management, or EASM) and (b) management activities on assets accessible only from within an organization. Many organizations use an assortment of tools and manual processes to secure their attack surface, making the process fraught with operational complexity, human error and best-guess analysis.

External attack surface management can be a particularly daunting task due to the presence of “unknown unknowns,” as well as assets housed on partner or third-party sites, workloads running in the public cloud, IoT devices, old, abandoned or deprecated IP addresses and credentials, and more.

To see how CyCognito does EASM, go to this page.

Read More Glossary Terms