loading
Loading content
loading
Also known as EASM
External attack surface management (EASM) views an organization the way an attacker on the open internet sees it. It starts from a few seeds, such as a root domain or an ASN, and expands outward to find every reachable asset: subdomains, IP ranges, web applications, APIs, mail servers, and cloud storage buckets. The point is to catalog what an attacker could touch without any internal access.
EASM matters because the external footprint drifts constantly. Teams spin up staging hosts, marketing registers new domains, and cloud workloads come and go. Much of this never reaches a central inventory, which produces shadow IT that defenders cannot protect. EASM closes that gap as a continuous discipline rather than a one-time audit.
EASM builds on asset discovery and subdomain enumeration, then layers in fingerprinting and exposure checks. It is a focused slice of broader attack surface management that ignores internal networks.
In an automated workflow, you schedule discovery against your seed list, diff each run against the last, and route new or changed assets straight into scanning. That turns a snapshot into an ongoing watch over what you expose.
Related terms