ZeroFox EASM

ZeroFox External Attack Surface Management (EASM) is a solution that helps organizations identify, map, and manage their digital assets and vulnerabilities that are exposed on the internet.

The platform assists security teams in identifying both known and unknown external assets. This includes domains, IP addresses, CIDR blocks, open ports, services, security certificates, and shadow IT.

It performs continuous monitoring to identify new exposures and changes to existing assets. EASM provides context for discovered assets by integrating vulnerability intelligence. This is achieved by correlating findings with data from Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS), Exploit Prediction Scoring System (EPSS), and CISA Known Exploited Vulnerabilities (KEV). Key capabilities include: - Passive discovery techniques that create thorough digital asset inventories - Detection of server misconfigurations and potential data leakage - Identification of shadow IT and neglected digital assets - Prioritization of vulnerabilities based on their severity, type of exposure, and actual exploitability in the real world - AI-driven recommendations for remediation to enhance response times - Visualization of external digital risks from a consolidated perspective

The solution aims to help organizations address the growing attack surface that results from digital transformation, hybrid work environments, and complex software supply chains. It does this by offering visibility into previously unknown or unmanaged cyber assets and exposures.