External Attack Surface Management (EASM) has become a bit of a buzzword within the cybersecurity industry in the last year. This is not surprising, seeing as the expanding attack surface was listed as the #1 cybersecurity risk in 2022 by Gartner.

What is External Attack Surface Management?

EASM is one of the assessment technologies within Attack Surface Management (ASM). Forrester defines ASM as “The process of continuously discovering, identifying, inventorying, and assessing the exposures of an entity’s IT asset estate.” EASM is one of the ASM processes whereby tooling “continuously scans for, discovers, and enumerates unknown internet-facing assets, establishes the unique fingerprints of discovered assets, and identifies various exposures.”

How EASM works

EASM in existing workflows


The EASM space is still emerging and constantly evolving (kind of like your attack surface), and understanding what EASM is, how it fits into existing security workflows and its relationship to other ASM product categories is still unclear for many end users.

Our latest e-book, External Attack Surface Management (EASM): What it is and what it isn’t, aims to demystify the product category and clarify understanding of EASM. In particular, the e-book covers the relation to other Attack Surface Management product categories such as Cyber Asset Attack Surface Management (CAASM) and Digital Risk Protection Service (DRPS).

More detail is given as to how product security teams can leverage EASM to go beyond asset discovery and inventory and how EASM products can help security teams answer four fundamental questions:

  1. What internet-facing assets do I have?
  2. What vulnerabilities or anomalies do I have?
  3. Where should I focus my attention?
  4. How do I fix vulnerabilities or risks?

What’s inside the e-book?

What does EASM actually mean?

  • Defining EASM
  • EASM – an emerging and evolving product category

What EASM is

  • Are Attack Surface Management and External Attack Surface Management the same?
  • How EASM leverages an outside-in approach
  • How does EASM fit into existing workflows?
  • External Attack Surface Management products help security teams answer four fundamental questions

What EASM isn’t

  • Cyber Asset Attack Surface Management (CAASM) vs EASM
  • Digital Risk Protection Service (DRPS) vs EASM

How to discover unknowns in your attack surface with Detectify

e-book EASM what it is and what it isn't

Download the e-book here

Posted by Charlie