Penetration testing is a vulnerability detection mechanism that uses multistep and multivector attack scenarios to find vulnerabilities and attempts to exploit them. While some companies might be continuously pentesting, others don’t at all, this is often due to lacking security culture, budget limitations, or both.

There are different types of penetration testing. In most cases, the goal is to find specific vulnerabilities. However, the often forgotten scenario-based penetration testing assesses the performance of security controls against specific tactics, instead of generic vulnerability discovery. Scenario-based testing is aligned with modern-risk frameworks, running risk control on the held assets. However, nowadays assets are a delicate subject: are they self-hosted? Are they cloud-based? The responsibility is somewhat vague. Knowing what you are implementing is a good starting point.

Included by Gartner in 2021 as a major cybersecurity category and an emerging product, the External Attack Surface Management (EASM) term might be new. Still, the idea behind it is nothing new: identifying risks coming from internet-facing assets that an organization may be unaware of.

A few companies, including Detectify, have been highlighting the importance of the attack surface and understanding the potential risks of the constantly-changing environment. Gartner’s addition of EASM as an emerging product demonstrates an increasing awareness of the necessity for organizations to be aware of the threats that exist through their internet-facing assets.

Detectify is the only fully automated External Attack Surface Management solution powered by a world-leading ethical hacker community.

By leveraging hacker insights, security teams using Detectify can map out their entire attack surface to find anomalies and detect the latest business-critical vulnerabilities in time – especially in third-party software. The only way to secure your attack surface is to hack it but it doesn’t have to be complicated.