Cybersecurity firm ZeroFox Inc. today announced a new external attack surface management solution that offers a single-vendor approach to discover and protect assets outside the permiter.

Built on ZeroFox’s existing services, the new ZeroFox EASM combines digital risk protection and threat intelligence services with EASM to enable security teams to gain comprehensive visibility and control over their external attack surface. Doing so empowers customers with the ability to gain comprehensive visibility and control over all owned and unowned external assets.

The solution seeks to address the issue wherein digital transformation, hybrid work and complex software supply chains have led to an expansion of unknown and unmanaged assets, systems and exposures across the external attack surface. ZeroFox claims that nearly 70% of organizations have experienced a cyberattack due to the exploitation of an unknown, unmanaged or poorly managed internet-facing asset. This is where ZeroFox EASM steps in.

ZeroFox EASM offers discovery and enumeration of commonly exploited assets, including subdomains, IP addresses, software and security certificates. Using the service, organizations can prioritize and address potential exposures to reduce risk and erode the attacker’s advantage.

The new service differs from existing EASM solutions, the company says, by providing a single, comprehensive solution for EASM, digital risk protection and threat intelligence, a complementary approach that enables security teams to gain visibility and control over their external attack surface. The combination of these capabilities gives security teams a jump on streamlining their technology stack.

“With ZeroFox EASM, security teams gain greater control over their digital footprint with an automated way to discover, monitor, protect and improve resilience across the enterprise external attack surface,” said Chief Executive James C. Foster.

Key features of ZeroFox EASM include the automatic discovery of internet-facing assets across a digital footprint. Users can identify exposed systems, subdomains, IP addresses, outdated software, security certificates and services that may be visible to an attacker.

With ZeroFox EASM, users can summarize and prioritize risk by continuously correlating exposures to assets. A dashboard offers a centralized view of an organization’s attack surface with clear risk scoring to focus security efforts where time is critical.

The service also uncovers shadow IT, with powerful searches uncovering unknown or forgotten assets linked to domains and IP ranges. Users can preemptively explore their external attack surface to identify exposed systems before adversaries can discover them.

Image: ZeroFox