ELI5: What is Attack Surface Management?
Think of your house: every door, window, and vent is a way someone could get in. Attack surface management is walking around your house regularly, finding every opening, and closing the ones you don’t need.
Definition
Attack surface management (ASM) is the continuous process of discovering, inventorying, classifying, and reducing all points where an attacker could interact with a system or organization—the “attack surface.” This includes internet-facing assets, internal systems, APIs, shadow IT, cloud resources, and human entry points. Reducing the attack surface is a fundamental security engineering principle.
Key Details
- The attack surface includes digital assets (IPs, domains, ports, APIs), physical assets (facilities, devices), and human assets (employees, contractors).
- External attack surface management (EASM) focuses on internet-facing exposure an attacker could discover without prior access.
- Key activities: asset discovery, vulnerability scanning, port/service reduction, decommissioning unused systems.
- Reducing the attack surface is preferred over simply adding defenses on top of unnecessary exposure.
- Overlaps with vulnerability management and hardening practices.
Connections
- Parent: attack-vectors — understanding vectors is prerequisite to managing the attack surface
- See also: open-service-ports