What Is Attack Surface Management(ASM)?

Attack surface management (ASM) is the continuous discovery and monitoring of everything an organisation exposes to the internet — domains, subdomains, IPs, certificates, and the services on them. External ASM does this from the outside, the way an attacker sees you, so forgotten and shadow assets surface before they are exploited.

Inside-out vs outside-in

Asset inventories built from the inside list what you think you run. External attack surface management starts from the outside and discovers what you actually expose — which is rarely the same. The gap between the two is where breaches begin.

What gets missed

The forgotten staging server, the marketing microsite spun up by another team, the subdomain still pointing at a decommissioned host, the certificate that named an internal system — these are the shadow assets attackers enumerate first because defenders have lost track of them.

Passive discovery

The safest ASM reads from data the internet already publishes — the DNS hierarchy, certificate transparency, passive DNS, routing — rather than scanning. Passive discovery never touches the target, so it maps the surface without announcing the look, and reaches history that active scans miss.