External Attack Surface Management (EASM)

Qualys CyberSecurity Asset Management (CSAM) provides comprehensive visibility in the form of External Attack Surface Management (EASM). It gives an outside-in view of your external-facing IT infrastructure to continuously monitor your organization's external attack surface and internet-connected assets, track changes, and receive notifications when new assets, unknown assets, or critical issues are found.

Note: EASM is a new Beta feature. It’s in early preview and available on a request basis.

External Attack Surface Management (EASM) allows you to continuously identify and assess the security and compliance gaps of your organization’s network.

External Attack Surface Visibility

EASM gives you comprehensive visibility to monitor the external-facing organization’s infrastructure network to discover the vulnerable systems, target attacks, and campaigns.  

With this capability, you can:

- Discover all your domains, subdomains, subsidiaries, and the assets associated with it

- Discover unsolicited ports, certificates, and applications running on exposed assets

- Identify potential vulnerabilities and weaknesses from exposed assets


To discover and monitor your externally exposed assets, you need to first activate and then configure EASM.

1. Activating External Attack Surface Management

2. Configuring External Attack Surface Management


With the following EASM capabilities, you can get complete visibility of your external attack surface.

- Viewing Inventory of External Attack Surface Discovered Assets

- Managing External Attack Surface Management Dashboard

- External Attack Surface Reports

- External Attack Surface Management Alerts