External Attack Surface Management (EASM)

Qualys CyberSecurity Asset Management (CSAM) provides comprehensive visibility in the form of External Attack Surface Management (EASM). It gives an outside-in view of your external-facing IT infrastructure to continuously monitor your organization's external attack surface and internet-connected assets, track changes, and receive notifications when new assets, unknown assets, or critical issues are found.

External Attack Surface Management (EASM) allows you to continuously identify and assess the security and compliance gaps in your organization’s network.

External Attack Surface Visibility

EASM gives you comprehensive visibility to monitor the external-facing organization’s infrastructure network to discover the vulnerable systems, target attacks, and campaigns.  

With this capability, you can:

- Discover all your domains, subdomains, subsidiaries, and the assets associated with it

- Discover unsolicited ports, certificates, and applications running on exposed assets

- Identify potential vulnerabilities and weaknesses in exposed assets

 

To discover and monitor your externally exposed assets, you must activate EASM and then configure it. 

1. Activating External Attack Surface Management

2. Configuring External Attack Surface Management

Note: When you configure EASM, it is essential to know the filter criteria that enable you to discover externally exposed hosts. For more information, see Filter Criteria in EASM Configuration

 

With the following EASM capabilities, you can get complete visibility of your external attack surface.

- Viewing Inventory of External Attack Surface Discovered Assets from the EASM Tab

- Viewing Inventory of External Attack Surface Discovered Assets from the Inventory Tab

Excluding IP Addresses from the EASM Discovery

VMDR Activation for Externally Exposed Unmanaged Assets

- TruRisk Score for Externally Exposed Unmanaged Assets

- Managing External Attack Surface Management Dashboard

- External Attack Surface Reports

Reports Downloaded from EASM Tab

- External Attack Surface Management Alerts