Discover your attack surface
Veracode External Attack Surface Management (EASM) enables you to scan your organization’s entire digital footprint and assess its cyber hygiene. EASM measures risk exposure and provides valuable insights into the attack surface, helping your organization enhance its cybersecurity posture by addressing issues before attackers can exploit them.
Capabilities of EASM
EASM enables organizations to identify, assess, and reduce risks across their externally facing assets through continuous discovery, analysis, and integration with existing security workflows. To learn more, see the following resources.
- Discover your attack surface: EASM provides a comprehensive view of your organization’s external attack surface, including both managed and unmanaged infrastructure and applications.
- Prioritize risks: EASM categorizes discovered assets based on risk severity, business context, and potential exploitability of vulnerabilities. You can focus on the remediation efforts for the most critical threats and optimize your security resources.
- Get actionable insights: EASM performs passive analysis to identify potential risks, such as open ports, misconfigured services, outdated software, and exposed sensitive data.
- Reduce risk: use EASM to implement controls that address shadow IT, limit overexposure, and ensure compliance with regulatory standards. You can generate remediation plans to secure assets and mitigate vulnerabilities before they can be exploited.
- Integrate with your workflows: EASM integrates with existing security tools and processes to support seamless remediation and response.
EASM scanning modes
EASM has two scanning modes. To learn more, see the following.
- Static scan: uses a predefined list of domains provided by the user to discover related elements, such as Fully Qualified Domain Names (FQDNs), applications, IP addresses, and their relationships. It maps dependencies and associations among the identified entities to improve visibility and support analysis.
- Deep Discovery scan or dynamic scan: provides a comprehensive view of your organization’s digital footprint by scanning all externally accessible assets related to your organization. When you start a scan for a domain, Deep Discovery scan identifies other domains that may belong to your organization. From these discovered domains, it finds additional assets that are part of your external attack surface. Deep Discovery scan significantly improves visibility into your external attack surface. This scan type is recommended for your main domain.
After each scan completes, the scan mode automatically reverts to Static scan. If you start a new scan, change the scan mode back to Deep Discovery scan to scan the main domain.
See About EASM roles and permissions for information about EASM user roles and permissions.