Introducing External Attack Surface Management (EASM)

Grzegorz Nocoń

July 01, 2025

Introducing External Attack Surface Management (EASM)

To effectively defend your organization, you need to see it through the eyes of an attacker. This involves understanding your internet-facing assets, including websites, APIs, cloud applications, domains, and other related components, as well as their associated vulnerabilities. Identifying unknown, forgotten, outdated, or misconfigured assets is critical. Failure to manage these exposed points leaves your organization vulnerable; this is like leaving a back gate unlocked. These unmanaged external surfaces are prime targets for attackers who constantly scan for exposed systems. 

Now, GravityZone External Attack Surface Management (EASM) can help.

While endpoint risk management, with its vulnerability scanners, provides visibility into known assets, it often creates a blind spot for systems that are unknown, misclassified, or never documented. Proactively identifying and mitigating these unnecessary or risky exposures accessible from the internet is crucial to significantly reduce your attack surface before attackers can exploit them. 

External Attack Surface Management 

External Attack Surface Management (EASM) empowers your security teams to continuously discover and analyze internet-facing assets, their services, and potential vulnerabilities. EASM allows you to scan a wide range of asset types, including IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. From these scans, its core functionality provides comprehensive asset discovery, detecting all publicly exposed IPs, expiring or expired certificates, vulnerable public services, open ports, and more, ensuring no asset is overlooked.  

It is important to emphasize that EASM is fundamentally a tool for continuous visibility and proactive defense, not for offensive security operations like penetration testing or red teaming. While these activities involve simulating real-world attacks to identify weaknesses, EASM's purpose is to provide an always-on, attacker-centric view of your external posture. 

EASM Overview 

Bitdefender takes the load off your shoulders by hosting all scanning services and making them readily available to you. This is an agentless service that can scan any type of asset, even those typically unmanaged. You'll find EASM features integrated across three sections: EASM dashboard, EASM Assets, and EASM Artifacts. 

EASM Dashboard 

The EASM dashboard is available under the Monitoring section in the ASM Dashboard tab. It allows you to start with your own scan configuration. You can choose between various assets, including domain, email, IPv4, and IPv6. The scan can be executed immediately or based on a defined schedule. Detailed information about EASM scan configurations can be found at our Bitdefender Support Center here. 

EASM Dashboard 

The EASM Dashboard offers a visual representation of all discovered assets for your managed companies, along with related vulnerabilities and scan result data. Information is presented in clearly defined sections and easily customizable widgets, including details such as: 

  • Assets recently sent to scan: A list of the 5 most recently scanned assets. 
  • Total number of assets: The total count of all discovered assets, including domains, similar domains, IPv4 and IPv6 addresses, and email addresses. 
  • Artifacts: The total count of discovered artifacts such as ASNs, certificates, IP blocks, DNS records, and services. 
  • Discovered assets per week: A weekly total of newly discovered assets, tracking the growth of your asset inventory. 
  • Discovered vulnerabilities per week: A weekly summary of newly discovered vulnerabilities, offering insights into emerging security risks. 
  • ASN reports: A visual representation of discovered autonomous system number (ASN) assets, grouped by location and displayed on a global map. 
  • Name servers vulnerable to zone transfers: The total number of name servers identified as vulnerable to zone transfers, highlighting potential security weaknesses. 
  • Top vulnerable services: The services with the most vulnerabilities, enabling prioritization of remediation efforts for the most at-risk. 
  • Top services per protocol: The services are categorized by their protocol usage, providing an overview of commonly used services in your network.
     
  • Certificate expiration: An overview of Certificate type assets, organized by expiration status:
    • No action needed: Certificates expiring in more than 30 days.
    • Expires soon: Certificate expiring in 30 days or less.
    • Expired: The number of expired certificates.
  • DNS records: A chart of DNS records, offering insights into the distribution and types of DNS records within your environment. 
  • Top critical vulnerabilities: The top potentially critical vulnerabilities affecting service-type assets, aiding in immediate remediation prioritization. 
  • Top open ports: The most frequently open ports on service type assets, critical for identifying potential security exposures. 

EASM Assets and Artifacts 

In the Risk Management section, you can find the EASM Assets and EASM Artifacts sections, which provide highly customizable grids displaying lists of all discovered assets and their associated artifacts. These separate views allow you to focus on the specific details most relevant to your investigation. 

Within these grids, you also have the flexibility to manage your findings by assigning selected assets to a specific account, modifying their priority, changing their investigation status, and adding your own custom notes. 

EASM Assets 

The EASM Assets section provides a comprehensive list of all discovered external assets that constitute your attack surface. This includes core entities such as: 

  • Domains and similar domains
  • IPv4 and IPv6 addresses
  • Email addresses

For EASM Assets, you can customize, save, and switch between different views to tailor your display. The 'All assets' view offers a complete picture, providing correlated information such as: Asset name, Asset type, Asset status, Related assets and artifacts, Investigation status, Information on whether the asset was assigned to an account, Priority, and Notes. Different information will be displayed, depending on the type of asset displayed. 

EASM Assets 

EASM Artifacts 

Complementing the asset view, the EASM Artifacts section dives deeper into the specific components and indicators discovered in relation to your assets. These artifacts provide important information about problems, vulnerabilities, and misconfigurations, offering crucial context and detail about your external posture. This includes: 

  • ASNs 
  • Certificates 
  • IP Blocks 
  • DNS records 
  • Services 

Similarly, for EASM Artifacts, you can customize, save, and switch between various views. The 'All artifacts’ view provides all correlated information, including the Artifact name, Artifact type, Related assets, Investigation status, Information on whether the asset was assigned to an account, Priority, and Notes. Different information will be displayed, depending on the type of artifact displayed. 

EASM Artifacts 

EASM Notifications 

Staying informed about changes to your external attack surface is crucial for a timely response. Whether you perform a manual or automated scan, EASM notifications keep you updated, highlighting new problems discovered after each scan.  

 EASM Notifications 

For enhanced visibility, the dashboard clearly categorizes new discoveries. You'll find newly identified assets highlighted in the "New Assets" section, allowing you to quickly review and prioritize their management. Similarly, newly discovered artifacts are showcased in the "New Artifacts" section, ensuring you don't miss critical context or details about your external posture. 

Taking Action: Leveraging EASM Data 

Beyond providing comprehensive visibility, EASM data is designed to be highly actionable, enabling your security teams to swiftly move from discovery to remediation and risk reduction. The insights gained from EASM can be directly leveraged within other Bitdefender platforms to streamline your security operations:  

  • Pivoting to Incident Response: From the EASM interface, you can seamlessly pivot directly to the incident section based on identified IP addresses and email addresses. This immediate link allows for rapid investigation and response when a specific asset or associated contact is flagged in a security incident.  
  • Dynamic Risk Scoring in Risk Management: The continuous discovery of new assets and their associated vulnerabilities directly impacts your organization's overall risk posture. EASM automatically feeds this vital information to the Company Risk Score, dynamically updating your company's risk score. This ensures that your risk assessments are always current and reflect your true external attack surface.  
  • Targeted Vulnerability Analysis: When investigating services within EASM, you can pivot directly from the Services details panel to the Resources tab in Risk Management. This action applies a pre-filtered view, allowing you to immediately see all relevant resources associated with the specific CVE (Common Vulnerabilities and Exposures) that triggered the pivot. 

EASM Demo 

Imagine a company with a publicly available domain. Using readily available tools for internet reconnaissance, CT logs, and public DNS records, attackers can easily find critical information about this domain. This includes public IP addresses, certificate details, open ports, identified services, and even correlated information about CVEs (Common Vulnerabilities and Exposures) assigned to specific applications. This wealth of accessible data effectively outlines an attack surface for malicious actors. 

This is precisely where EASM comes into play. By continuously scanning and cataloging these external-facing assets and their associated vulnerabilities, EASM allows your organization to proactively identify and manage this exposed attack surface. Consider the following examples: 

  • When EASM identifies a service with known CVEs (e.g., an outdated web server with critical vulnerabilities), you can immediately pivot from the Services details panel to the Resources tab in Risk Management. This action applies a pre-filtered view on the specific CVE, allowing your teams to prioritize patching or mitigation efforts before attackers can exploit them. By fixing these vulnerabilities, you shrink the available entry points for an attacker. 
  • If an IP address or email associated with an asset is flagged during an incident, EASM enables you to seamlessly pivot to the incident section. This immediate link provides rapid context for faster investigation and containment of threats related to your external attack surface, minimizing dwell time and potential damage. 

Summary 

In a threat landscape where attackers constantly seek exposed weaknesses, Bitdefender External Attack Surface Management provides the crucial visibility and actionable insights needed to proactively identify, assess, and significantly reduce your organization's attack surface. By transforming raw data into intelligence, EASM empowers your teams to stay ahead of threats and strengthen your overall security posture. 

Learn more about GravityZone External Attack Surface Management.

tags


Author


Grzegorz Nocoń

Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.

View all posts

You might also like

Bookmarks


loader