loading
Loading content
loading
Also known as ASM
Attack surface management (ASM) keeps a live inventory of the systems an organization exposes, including domains, subdomains, IP ranges, cloud buckets, APIs, and forgotten staging hosts. Teams use it to answer a question that static asset lists cannot: what does an attacker see right now? Engineers leave the picture once they ship a service, and ownership shifts, so the real surface drifts from any documentation a security team holds.
ASM matters in offensive-security work because attackers find the asset you forgot, not the one you defend. A single expired DNS record or an unpatched edge host gives an initial foothold. Mapping the surface first lets a red team or a defender prioritize the targets that carry the most risk.
The work splits into asset discovery to enumerate what exists and continuous monitoring to catch what changes. External attack surface management narrows the scope to the internet-facing slice of the attack surface.
In a Trickest workflow you chain discovery, resolution, and probing tools into a graph that runs on a schedule, then diff each run so new or changed assets surface automatically instead of waiting for a quarterly audit.
Related terms