[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [Attack Surface Management (ASM)](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management?ts=markdown) 4. [What Is External Attack Surface Management (EASM)?](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management?ts=markdown) Table of content * [What Is Attack Surface Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management?ts=markdown) * [Importance of Knowing Your Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#importance?ts=markdown) * [Types of Attack Surfaces](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#types?ts=markdown) * [Attack Vectors Commonly Exploited](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#attack?ts=markdown) * [Measuring and Assessing Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#measuring?ts=markdown) * [Attack Surface Management (ASM)](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#surface?ts=markdown) * [Reducing the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#reducing?ts=markdown) * [Real-World Examples of ASM](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#real?ts=markdown) * [Attack Surface Management (ASM) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management#faqs?ts=markdown) * [What Is Exposure Management?](https://www.paloaltonetworks.com/cyberpedia/exposure-management?ts=markdown) * [Exposure Management Explained](https://www.paloaltonetworks.com/cyberpedia/exposure-management#exposure-management?ts=markdown) * [Components of Exposure Management](https://www.paloaltonetworks.com/cyberpedia/exposure-management#components?ts=markdown) * [How Exposure Management Operates Across the Security Lifecycle](https://www.paloaltonetworks.com/cyberpedia/exposure-management#lifecycle?ts=markdown) * [Capabilities of an Exposure Management Platform](https://www.paloaltonetworks.com/cyberpedia/exposure-management#capabilities?ts=markdown) * [The Challenges](https://www.paloaltonetworks.com/cyberpedia/exposure-management#challenges?ts=markdown) * [Exposure Management Solutions](https://www.paloaltonetworks.com/cyberpedia/exposure-management#solutions?ts=markdown) * [Exposure Management Best Practices](https://www.paloaltonetworks.com/cyberpedia/exposure-management#best-practices?ts=markdown) * [Exposure Management FAQs](https://www.paloaltonetworks.com/cyberpedia/exposure-management#faq?ts=markdown) * [What Are the Types and Roles of Attack Surface Management (ASM)?](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles?ts=markdown) * [The 4 Most Commonly Observed Security Attacks](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#the?ts=markdown) * [Types of Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#types?ts=markdown) * [Categories of Attack Surfaces](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#categories?ts=markdown) * [The 5 Primary Roles of ASM](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#asm?ts=markdown) * [Important Functions of Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#important?ts=markdown) * [Types and Roles of Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/attack-surface-management-types-and-roles#faqs?ts=markdown) * [What Are Common Use Cases for Attack Surface Management?](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management?ts=markdown) * [What Is the Purpose of Attack Surface Management?](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#what?ts=markdown) * [Decoding the Attack Surface: Ten Examples](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#ten?ts=markdown) * [Understanding ASM from the Threat Actor's Perspective](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#understanding?ts=markdown) * [Ethical Hackers and Attack Surface Management: A Unique Use Case](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#the?ts=markdown) * [Examples of Attack Surface Management Use Cases](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#use?ts=markdown) * [Common Use Cases for Attack Surface Management FAQ](https://www.paloaltonetworks.com/cyberpedia/common-use-cases-for-attack-surface-management#faqs?ts=markdown) * [What Is Continuous Threat Exposure Management (CTEM)?](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management?ts=markdown) * [Continuous Threat Exposure Management (CTEM) Explained](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#CTEM?ts=markdown) * [The Five Stages of Continuous Threat Exposure Management](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#five-stages?ts=markdown) * [Understanding the Landscape of Exposure Management](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#understanding-the-landscape?ts=markdown) * [Benefits of Implementing Continuous Threat Exposure Management](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#benefits?ts=markdown) * [How to Deploy a CTEM Program: Best Practices](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#deploy?ts=markdown) * [CTEM FAQs](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management#faq?ts=markdown) * [How Does a CISO Effectively Manage the Attack Surface?](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management?ts=markdown) * [The Value of Modern ASM Solutions](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management#asmsolutions?ts=markdown) * [A Comprehensive Approach to ASM](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management#approach?ts=markdown) * [Attack Surface Measurement Defined](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management#attacksurface?ts=markdown) * [5 Core Capabilities of Modern Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management#modern?ts=markdown) * [A CISO's Guide to Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/a-cisos-guide-to-attack-surface-management#faqs?ts=markdown) * [What Is the Attack Surface Management (ASM) Lifecycle?](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle?ts=markdown) * [The 6 Stages of Cyberattacks](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle#the?ts=markdown) * [4 Stages of the Attack Surface Management Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle#lifecycle?ts=markdown) * [Strategies to Complement the ASM Lifecycle](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle#strategies?ts=markdown) * [Challenges that the ASM Lifecycle Addresses](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle#challenges?ts=markdown) * [Attack Surface Management Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-management-lifecycle#faqs?ts=markdown) * [What is Attack Surface Assessment?](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment?ts=markdown) * [What Is an Attack Surface?](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment#attack-surface?ts=markdown) * [Types of Attack Surfaces](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment#types?ts=markdown) * [Examples of Attack Surfaces](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment#examples?ts=markdown) * [How to Reduce Attack Surfaces](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment#reduce?ts=markdown) * [Attack Surface Assessment FAQs](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment#faqs?ts=markdown) * [ASM Tools: How to Evaluate and Select the Best Option](https://www.paloaltonetworks.com/cyberpedia/asm-tools?ts=markdown) * [The Need for Attack Surface Management (ASM) Solutions](https://www.paloaltonetworks.com/cyberpedia/asm-tools#need?ts=markdown) * [The Key 7 Components of ASM Tools](https://www.paloaltonetworks.com/cyberpedia/asm-tools#key?ts=markdown) * [How to Select and Evaluate the Right ASM Solution](https://www.paloaltonetworks.com/cyberpedia/asm-tools#how?ts=markdown) * [Common Challenges in Implementing ASM](https://www.paloaltonetworks.com/cyberpedia/asm-tools#common?ts=markdown) * [Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/asm-tools#faqs?ts=markdown) * [What is the Difference Between Attack Surface and Threat Surface?](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface?ts=markdown) * [Defining the Attack Surface](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#defining?ts=markdown) * [Attack Vectors and Threat Vectors](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#attack?ts=markdown) * [Attack Surface Management and Analysis](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#analysis?ts=markdown) * [Real-World Examples of Attack Surface Exploits](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#real?ts=markdown) * [Protecting Your Digital and Physical Assets](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#protecting?ts=markdown) * [Frequently Asked Questions](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface#faqs?ts=markdown) * What Is External Attack Surface Management (EASM)? * [External Attack Surface Management Explained](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#external?ts=markdown) * [Internal vs. External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#vs?ts=markdown) * [How External Attack Surface Management Works](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#how?ts=markdown) * [Why EASM Is Important](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#why?ts=markdown) * [Use Cases for External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#use?ts=markdown) * [Benefits of EASM](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#benefits?ts=markdown) * [Approaches to Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#approaches?ts=markdown) * [EASM Challenges](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#challenges?ts=markdown) * [How to Choose an Attack Surface Management Platform](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#platform?ts=markdown) * [External Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#faqs?ts=markdown) # What Is External Attack Surface Management (EASM)? 5 min. read Table of content * * [External Attack Surface Management Explained](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#external?ts=markdown) * [Internal vs. External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#vs?ts=markdown) * [How External Attack Surface Management Works](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#how?ts=markdown) * [Why EASM Is Important](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#why?ts=markdown) * [Use Cases for External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#use?ts=markdown) * [Benefits of EASM](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#benefits?ts=markdown) * [Approaches to Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#approaches?ts=markdown) * [EASM Challenges](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#challenges?ts=markdown) * [How to Choose an Attack Surface Management Platform](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#platform?ts=markdown) * [External Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#faqs?ts=markdown) 1. External Attack Surface Management Explained * * [External Attack Surface Management Explained](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#external?ts=markdown) * [Internal vs. External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#vs?ts=markdown) * [How External Attack Surface Management Works](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#how?ts=markdown) * [Why EASM Is Important](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#why?ts=markdown) * [Use Cases for External Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#use?ts=markdown) * [Benefits of EASM](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#benefits?ts=markdown) * [Approaches to Attack Surface Management](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#approaches?ts=markdown) * [EASM Challenges](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#challenges?ts=markdown) * [How to Choose an Attack Surface Management Platform](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#platform?ts=markdown) * [External Attack Surface Management FAQs](https://www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management#faqs?ts=markdown) External attack surface management (EASM) refers to the continuous discovery, monitoring, and analysis of internet-facing assets that attackers can see and target. It exposes unknown, unmanaged, and vulnerable assets --- domains, APIs, cloud services, or shadow IT --- that create real entry points into an organization's digital perimeter. ## External Attack Surface Management Explained EASM identifies and monitors every internet-facing asset an organization owns, even those the organization is unaware of owning. These assets can include cloud-hosted applications, forgotten subdomains, third-party APIs, exposed storage buckets, development environments, marketing microsites, or anything else that accepts traffic from the public internet. Attackers don't discriminate based on IT ownership or asset age. They scan continuously and exploit what's reachable. Organizations lose track of assets for many reasons. Developers spin up infrastructure outside centralized IT control. M\&A activity introduces unknown systems with inherited risk. Legacy domains linger beyond their business purpose. EASM addresses this by replicating the perspective of an external attacker. It catalogs assets, fingerprints technologies, detects misconfigurations, tracks changes over time, and enriches findings with threat intelligence and vulnerability data. Traditional asset inventories break down at scale, especially in multicloud environments with ephemeral workloads and [infrastructure-as-code](https://www.paloaltonetworks.com/cyberpedia/what-is-iac?ts=markdown) deployments. EASM operates continuously, adapting to dynamic environments and surfacing exposures before attackers find them. Instead of relying on internal records or CMDB entries, EASM starts with external discovery, enumerating what the world can see, and then pulling in context and correlations to drive remediation. Security teams use EASM to reduce unknowns, prioritize based on risk, and eliminate entry points before they're exploited. It serves as the foundation for any serious exposure management strategy. ## Internal vs. External Attack Surface Management Internal attack surface management (IASM) deals with the risks inherent to systems under organizational control. It covers known assets --- managed [endpoints](https://www.paloaltonetworks.com/cyberpedia/what-is-an-endpoint?ts=markdown), user identities, internal services, and the relationships between them. IASM maps trust boundaries and inspects the paths an attacker could take post-compromise. It identifies privilege escalation opportunities, [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) vectors, and the residual exposure left by poor segmentation, misconfigured permissions, and incomplete patching. Operating within a defined boundary, IASM assumes authentication, agent presence, or API-level visibility into managed infrastructure. Its scope enables detailed modeling of internal communications, access rights, software versions, and control plane interactions. Security teams use that detail to simulate post-breach scenarios, limit blast radius, and harden internal architecture against privilege abuse. In contrast, external attack surface management addresses the domain of public exposure. EASM accounts for any asset reachable by an unauthenticated external actor. It focuses on first exposure, entry points that allow attackers to gain an initial foothold. And the purview of EASM includes externally reachable cloud services, developer environments pushed to production, unauthenticated APIs, and services with public IP addresses that were never meant to be exposed. EASM operates in the absence of internal context and treats every asset as untrusted and exposed until proven otherwise. Its role is to uncover the unknown, validate what's externally reachable, and determine whether the exposure introduces risk. Where IASM assumes visibility, EASM assumes ignorance and works to eliminate it. ## How External Attack Surface Management Works Like most approaches to [attack surface management (ASM)](https://www.paloaltonetworks.com/cyberpedia/attack-surface-assessment?ts=markdown), EASM is recursive and can be viewed as a continuous loop of steps or stages. ### Discovery from an Attacker's Perspective EASM begins with unauthenticated reconnaissance. It maps what an attacker can observe without credentials, internal access, or cooperation from the target environment. The process interrogates public data sources --- DNS records, WHOIS records, TLS certificates, autonomous system allocations, GitHub metadata, web content, exposed APIs --- to enumerate assets linked to an organization. The goal is to build a complete picture of what an attacker sees from the outside, particularly assets the organization doesn't realize it owns. Exposure attack surface platforms begin with a known domain or IP range and follow infrastructure relationships using techniques like subdomain enumeration, JavaScript variable scraping, historical DNS pivots, reverse IP resolution, and certificate chain analysis. The platform clusters findings using heuristics and entity resolution models to attribute uncovered assets back to the organization. ### Real-Time Monitoring of Surface Changes Discovery runs continuously because the external attack surface never stops changing. Developers ship new services. Cloud teams spin up new regions. Third-party providers change their infrastructure. EASM platforms track configuration drift and alert on the emergence of exposed services --- new login portals, API endpoints, storage buckets, expired certificates, and forgotten assets reactivated by DNS or traffic changes. Monitoring includes web-layer behavior. Platforms fingerprint application frameworks, detect login functionality, parse headers and JavaScript behaviors, and identify server responses that reveal software versions or error states. They also capture metadata about the supply chain, such as embedded third-party services or links to other exposed infrastructure. ### Contextual Risk Scoring and Prioritization Once it maps and monitors the surface, EASM scores assets based on exploitability and potential impact. It flags conditions that attackers can automate against. Such conditions might include: * Publicly writable storage * Open databases * Exposed admin panels * Authentication endpoints with no rate limiting * Services with known critical CVEs. Asset importance varies by business function, ownership, and the role it plays in the broader infrastructure. A test environment behind a vanity domain may pose less risk than a forgotten subdomain pointing to an abandoned server that still accepts requests. EASM surfaces these distinctions and guides teams toward the most urgent actions, reducing attacker opportunity before exploitation occurs. ## Why EASM Is Important Your organization's public footprint expands beyond what internal teams track. Developers deploy infrastructure that never enters official inventory. Business units launch services without routing through security review. Third-party platforms introduce exposure you can't configure but are held accountable for. Each of these, sanctioned or not, becomes an attack vector the moment it's reachable. Exposure becomes [ransomware](https://www.paloaltonetworks.com/cyberpedia/what-is-ransomware?ts=markdown) entry points, [data leaks](https://www.paloaltonetworks.com/cyberpedia/data-leak?ts=markdown), supply chain compromise. EASM exists to ensure that your security strategy accounts for everything that tracks back to you. ### Attackers No Longer Rely on Perimeter Breaches Modern adversaries don't need to compromise hardened endpoints or guess internal architecture. They target the internet-facing layer, where exposure is easy to find and often the least governed. Organizations continue to expand their public presence through cloud adoption, acquisitions, third-party integrations, and developer-led deployments. Expansion, of course, tends to create sprawling, unmanaged digital perimeters. Attackers look for neglected infrastructure, DNS records that weren't deleted, cloud storage made public by default, outdated applications left online, etc., knowing they can exploit these without alerting anyone to their activity. ### Legacy Asset Inventories Can't Keep Pace Organizations can't defend what they haven't observed, nor can they reduce risk they haven't quantified. Traditional asset management systems depend on integration, authentication, or manual entry. They miss what isn't formally documented, connected, or managed. As organizations push infrastructure out through multiple vendors and platforms, central IT teams lose visibility. Security teams inherit blind spots they didn't create and can't mitigate without continuous, autonomous discovery. EASM closes the gap. ## Use Cases for External Attack Surface Management EASM use cases span visibility, governance, incident response, and strategic risk reduction --- each grounded in the need to understand and control what the world can see before attackers exploit it. ### Eliminating Unknown and Unmanaged Assets Every organization has assets it doesn't track --- forgotten subdomains, deprecated applications, cloud instances left running outside governance, or services deployed by contractors. EASM discovers those untracked assets, mapping them to the organization through infrastructure, certificate, and behavioral correlations. Once identified, security teams can either bring them under management or decommission them. Reducing asset unknowns narrows the window of attack and lowers operational noise. ### Validating Cloud Hygiene at Scale Cloud environments change hourly. Teams spin up new regions, expose services through misconfigured security groups, or publish storage buckets with default settings. EASM continuously scans cloud assets from the outside, detecting exposed ports, unauthenticated access points, DNS misrouting, and drift from approved configurations. It enforces external accountability, confirming the intentionality of exposure. ### Monitoring for Forgotten and Orphaned Infrastructure Legacy infrastructure often outlives its operational relevance. Marketing microsites, test environments, and third-party integrations remain exposed long after the projects end. EASM flags dormant assets based on traffic patterns, error responses, and stale metadata. Those assets often escape internal patch cycles and receive no security monitoring, yet they remain discoverable to attackers. Identifying and decommissioning them reduces surface area and liability. ### Mapping M\&A Exposure in Real Time Acquisitions introduce digital sprawl. Target companies bring DNS records, third-party integrations, legacy web apps, and unmanaged cloud assets. EASM enables acquiring organizations to quickly map the public footprint of a new business --- even when documentation is missing. It exposes inherited risk immediately and accelerates the integration of those assets into existing security governance. ### Enforcing Third-Party and Supply Chain Security Posture Vendors and partners expand your attack surface. Many host systems under your brand integrate with your APIs or expose their infrastructure, which links back to your environment. EASM identifies third-party assets operating under your DNS, sharing infrastructure, or referencing your organization in configuration artifacts. It supports continuous assurance of vendor exposure beyond static assessments or one-time audits. **Related Article** : [Ungoverned Usage of Third-Party Services](https://www.paloaltonetworks.com/cyberpedia/ungoverned-usage-third-party-services-cicd-sec8?ts=markdown) ### Supporting Threat Intelligence and Incident Response EASM provides [cyber threat intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-cyberthreat-intelligence-cti?ts=markdown) that enriches [incident response](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown). When [SOC](https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc?ts=markdown) teams detect an inbound scan or [credential stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing?ts=markdown) attempt, they can correlate the attacker's activity with exposed assets EASM already identified. The resulting context accelerates containment. EASM also detects typo-squatting domains and [phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) infrastructure, enabling preemptive takedown before an attack materializes. ### Enabling Continuous Threat Exposure Management EASM is a foundational capability in [CTEM](https://www.paloaltonetworks.com/cyberpedia/ctem-continuous-threat-exposure-management?ts=markdown) programs. It provides the external-facing telemetry necessary to identify exploitable conditions in real time. Combined with internal posture tools, it closes the visibility gap and feeds exposure data into risk-based prioritization pipelines. Security leaders use EASM findings to drive remediation SLAs, adjust red team scenarios, and inform executive-level risk reporting. ## Benefits of EASM Visibility aside, organizations adopt EASM to shift operational posture --- to reduce attacker opportunity, accelerate remediation, improve governance, and enable strategic risk reporting. Its benefits extend across technical, operational, and executive domains. ### 1. Reduces Mean Time to Discovery Security teams often discover exposure after attackers. EASM flips that dynamic by proactively surfacing unknown assets and misconfigurations. Faster discovery shortens the attack window and constrains opportunity before threat actors gain traction. ### 2. Eliminates Blind Spots Created by Shadow IT Developers move fast. So do business units, contractors, and vendors. EASM captures what gets launched without security review. By identifying nonstandard deployments, standalone test environments, or forgotten DNS entries, it closes the visibility gap left by asset inventory systems and CMDBs. ### 3. Breaks Down Organizational Silos EASM enables security teams to map asset ownership across lines of business, subsidiaries, and third parties. It provides cross-functional clarity, bridging gaps between [AppSec](https://www.paloaltonetworks.com/cyberpedia/appsec-application-security?ts=markdown), infrastructure, and cloud operations. Essential visibility accelerates triage and pushes remediation responsibility to the teams equipped to act. ### 4. Improves Risk-Based Prioritization Not all exposed assets carry equal risk. EASM platforms assign severity based on exploitability, business context, and attacker interest. A forgotten web admin panel with default credentials poses more danger than a public S3 bucket containing non-sensitive files. Risk scoring drives efficient response, reducing noise and sharpening focus where it matters. ### 5. Supports Continuous Governance Periodic audits can't keep pace with the rate of infrastructure change. EASM provides continuous validation that security policies around DNS, SSL, cloud posture, or software stack exposure remain enforced in the wild. Drift becomes immediately visible, enabling policy enforcement through monitoring. ### 6. Strengthens Regulatory and Cyber Insurance Readiness Boards and insurers increasingly demand proof of control over public exposure. EASM provides defensible evidence that external assets are monitored, managed, and derisked. It helps CISOs respond to governance questionnaires, cyber insurance assessments, and regulatory reviews with authoritative data, which is backed by continuous scanning and documented response actions. ### 7. Enables Attack Surface Reduction at Scale The most reliable way to prevent an exploit is to remove the target. EASM identifies what shouldn't exist or no longer needs to. Doing so allows security leaders to drive sustainable exposure reduction --- not through patching alone, but by eliminating orphaned infrastructure and consolidating domains, in addition to decommissioning nonessential services. ## Approaches to Attack Surface Management Security teams often confuse external attack surface management with broader asset and vulnerability strategies. The differences matter. While the tools may overlap in some functions, their vantage points, use cases, and operational assumptions diverge. Understanding the distinctions clarifies how EASM complements adjacent disciplines. ### ASM vs. EASM ASM encompasses the identification, classification, and monitoring of all potential entry points into an environment, internal and external. Many vendors use ASM generically, covering any surface reachable by an attacker. In practice, ASM platforms often blend internal asset discovery, vulnerability enumeration, and risk scoring into a unified interface, leaning on integrations with endpoint agents, configuration managers, and [IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) systems. EASM operates from outside the firewall. It identifies assets visible to unauthenticated users on the public internet. That includes subdomains, CDN endpoints, public S3 buckets, exposed APIs, external login panels, and infrastructure unintentionally left open. EASM doesn't depend on integrations or existing inventories. Its independence makes it uniquely capable of detecting shadow infrastructure, unauthorized deployments, and assets left behind by organizational drift. ASM tools typically begin with what the organization already knows and attempts to assess risk based on internal telemetry. EASM starts with no assumptions, building an external view through active scanning, passive data correlation, and infrastructure attribution. ### Vulnerability Management vs. EASM [Vulnerability management](https://www.paloaltonetworks.com/cyberpedia/what-Is-vulnerability-management?ts=markdown) focuses on known assets under organizational control. It operates on authenticated hosts, scanning for CVEs, software misconfigurations, and missing patches. Vulnerability management assumes visibility, agent presence, or authenticated access. The asset must already be part of a managed environment before the vulnerability scan can occur. EASM solves the problem before vulnerability management begins by identifying assets that haven't been onboarded to the vulnerability management system. It flags exposures that exist independently of CVEs, such as exposed admin portals or leaked credentials. It also tracks external signs of software composition that vulnerability management may miss entirely --- issues such as third-party JavaScript on a marketing microsite or default configurations on cloud storage platforms. Vulnerability management addresses what's known and reachable through authenticated channels. EASM addresses what's visible to attackers, regardless of internal ownership or management state. The two approaches intersect only after exposure becomes part of the official asset inventory. By then, the attacker may have already found it. ### EASM vs. CAASM and CSPM Cyber asset attack surface management (CAASM) provides internal visibility across assets, identities, and controls. It aggregates data from existing systems --- CMDBs, [EDR](https://www.paloaltonetworks.com/cyberpedia/what-is-endpoint-detection-and-response-edr?ts=markdown) platforms, IAM providers, cloud APIs --- and normalizes them into a searchable index. CAASM excels at understanding configuration state, identity sprawl, control gaps, and relationships between known systems. [Cloud security posture management (CSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-security-posture-management?ts=markdown) evaluates cloud resource configurations against policy. It identifies misconfigurations within [IaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-infrastructure-as-a-service?ts=markdown) and [PaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-pass?ts=markdown) environments, such as overly permissive IAM roles, insecure storage settings, or open inbound ports. CSPM works through authenticated access and focuses on [cloud-native](https://www.paloaltonetworks.com/cyberpedia/what-is-cloud-native?ts=markdown) resource hygiene. EASM, unlike CAASM and CSPM, doesn't rely on internal control plane access. It doesn't require an agent or permissioned API. It evaluates reality from the outside --- what an attacker sees. While CSPM can confirm whether an S3 bucket is marked public, EASM can determine whether it's discoverable, accessible, and serving content. And while CAASM can report whether a [workload](https://www.paloaltonetworks.com/cyberpedia/what-is-workload?ts=markdown) exists, EASM can identify when it's externally exposed without authorization. ## EASM Challenges EASM provides visibility into one of the most volatile and ungoverned areas of modern infrastructure. But its power introduces complexity. The same capabilities that make EASM indispensable create friction across ownership, accuracy, and operational maturity. ### Attribution Complexity Identifying assets is half the challenge, The other half, proving ownership, is ornery. EASM platforms often detect infrastructure that belongs to the organization but lacks formal ties to known business units, accounts, or teams. Attribution requires correlating certificates, naming conventions, web content, behavioral patterns, and third-party telemetry. Without accurate attribution, teams can't effectively remediate. Security ends up holding risk they can't assign, and operations stall while parties debate ownership. ### Signal-to-Noise in Asset Discovery Not every discovered asset is a risk. Misconfigured attribution engines can inflate asset counts with false positives --- domains that share infrastructure but don't belong to the organization, test sites built by vendors, or benign subdomains with no operational exposure. Overclassification leads to alert fatigue and wasted triage cycles. EASM requires continuous tuning to maintain signal quality. ### Continuous Monitoring at Enterprise Scale The external attack surface changes by the hour, especially in cloud-native and [CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) environments. Keeping pace requires more than point-in-time scans. Continuous enumeration, fingerprinting, and validation strain bandwidth, budgets, and human capacity. Without automation, EASM creates backlogs. Without prioritization, it overwhelms response teams. ### Integration with Risk and Remediation Workflows EASM's findings must route to the right owners and tie into vulnerability management, [DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown) workflows, ticketing systems, and GRC platforms. Many organizations struggle to connect externally discovered assets with internal remediation pipelines. Without that integration, discovery doesn't lead to action. EASM becomes a watchtower without a defense system. ### Managing Scope Across Subsidiaries and Vendors Large enterprises operate across business units, joint ventures, acquisitions, and embedded third parties. Public infrastructure may serve multiple legal entities or originate from vendors using shared hosting. Security teams must decide whether to accept, assign, or escalate the exposure. EASM can't adjudicate those relationships. Risk ownership becomes a governance problem, rather than something tooling alone can solve. ### Measuring Exposure in Business Terms Executives don't ask how many S3 buckets are public. They want to know what's at risk, what it means for compliance, and how it maps to business operations. EASM surfaces technical exposure. Translating that exposure into business risk requires additional enrichment --- details such as asset criticality, data sensitivity, regulatory scope, or incident correlation. Without that context, EASM data stays trapped in technical silos. ### Resistance to Organizational Change EASM demands accountability for assets launched outside policy. Some teams resist integration. Others dispute ownership. Organizations that lack a clear mandate for external surface governance often see EASM stall after initial deployment, as no one is empowered to act on its insights. ## How to Choose an Attack Surface Management Platform EASM platforms vary widely in architecture, discovery methods, enrichment quality, and integration depth. Selecting the right one requires an understanding of how the platform will function across environments, organizational structures, and remediation pipelines. ### Discovery Depth and Attribution Fidelity Platforms differ in how they identify assets and attribute them to your organization. High-fidelity systems leverage DNS resolution, TLS fingerprinting, WHOIS relationships, autonomous system metadata, behavioral signatures, and infrastructure clustering to build accurate asset maps. Shallow tools rely on keyword matching and static domain lists, often producing high false positive rates. Evaluate how the platform handles gray-zone assets --- those without clear ownership metadata but linked through hosting providers, certificate reuse, or behavioral traits. Ask how the platform confirms attribution without inflating inventory with unactionable noise. ### Monitoring Frequency and Change Detection The value of EASM depends on how quickly it detects changes. Some platforms operate on weekly or ad hoc scans. Others monitor continuously using passive telemetry ingestion and real-time change detection pipelines. Organizations operating in CI/CD-driven environments or multicloud architectures need near-real-time updates. Lag introduces risk. Assess how frequently the platform rescans each asset type, how it detects configuration drift, and how it flags changes in exposure posture. You want visibility into new open ports, added subdomains, and altered certificate chains, for instance. ### Exposure Context and Risk Scoring Risk prioritization requires context --- asset criticality, exploitability, business role, and threat actor interest. Strong platforms correlate external exposure with CVE databases, misconfiguration signatures, known bad infrastructure patterns, and exploit frameworks. Examine how the platform scores exposure. Does it account for sensitive asset types? Can it distinguish between low-risk test systems and production infrastructure serving regulated data? Does it support custom risk modeling based on internal policy? ### Integration with Internal Systems EASM delivers value only when its findings lead to remediation. That requires integration with internal systems --- asset management, vulnerability management, ITSM tools, DevOps pipelines, and security orchestration layers. Evaluate how the platform maps external findings to internal ownership, whether it supports tagging, enrichment APIs, or automatic ticket creation, and whether it provides identity resolution mechanisms to route issues directly to responsible teams. ### Support for Subsidiaries and Third Parties Organizations with complex hierarchies need EASM platforms that manage visibility across subsidiaries, acquisitions, brand affiliates, and third-party vendors. The complexity level will require flexible scoping, role-based access controls, and entity segmentation. Verify that the platform can isolate findings by legal entity, line of business, or geography --- and that it supports delegated access while maintaining centralized governance. Also assess how it detects and attributes third-party assets operating under your domain, brand, or infrastructure. ### Transparency and Analyst Workflow Design Many EASM tools generate large volumes of data with minimal explanation. Security teams need to understand why an asset was flagged, what methods were used to attribute it, and how the platform arrived at its risk score. Inspect the interface from an analyst's perspective. Can users trace the discovery chain for a given asset? Can they validate exposure manually if needed? Does the platform support annotation, evidence exports, and feedback loops to improve classification over time? ### Data Sovereignty, Retention, and Access Controls For regulated organizations, the EASM platform's handling of discovery artifacts, scan metadata, enrichment records, and other data must align with compliance requirements. These include data residency, [access control](https://www.paloaltonetworks.com/cyberpedia/access-control?ts=markdown), logging, and retention settings. Confirm whether the EASM solution offers deployment flexibility and whether its data handling practices align with regulatory frameworks relevant to your business. Granular audit trails and encryption controls are baseline requirements for any serious EASM deployment. ## External Attack Surface Management FAQs ### What is passive DNS? Passive DNS is a historical record of DNS resolutions collected from recursive resolvers and sensors across the internet. Unlike live DNS queries, passive DNS allows analysts to see which IP addresses previously resolved from a domain or which domains shared the same IP --- essential for tracking malicious infrastructure reuse, understanding asset history, and attributing external infrastructure. ### What is favicon hashing? Favicon hashing generates a cryptographic hash from a site's favicon file. Because many services reuse default favicons, identical hashes can reveal shared hosting platforms, cloned environments, or phishing infrastructure. Security teams use it to correlate assets during reconnaissance and surface visually distinct but operationally related systems. ### What is CNAME hijacking? CNAME hijacking occurs when a subdomain's CNAME record points to an external service that has been decommissioned, but the DNS record remains. If an attacker claims the unregistered external resource, they gain control over the subdomain, enabling impersonation, phishing, or malware distribution under the victim's domain. ### What is a zone transfer? A zone transfer is a DNS replication function that allows secondary name servers to copy DNS records from a primary server. If improperly configured to allow unauthenticated transfers, it leaks a complete list of subdomains and their associated records --- exposing internal structure and surfacing hidden assets. ### What is a reverse IP lookup? A reverse IP lookup identifies all domain names hosted on a single IP address. Analysts use it to detect co-hosted domains, uncover shared infrastructure, and trace relationships between assets that lack direct metadata links. It supports infrastructure correlation in investigations and exposure mapping. ### What is Shodan indexing? Shodan indexes internet-exposed devices by actively scanning IP space and capturing service banners, metadata, and response headers. It catalogs details about exposed ports, protocols, software versions, and sometimes vulnerabilities. Attackers and defenders use Shodan to identify misconfigured systems, weak services, or forgotten infrastructure. ### What are Certificate Transparency logs? Certificate Transparency logs are public, append-only registries of all TLS certificates issued by trusted certificate authorities. They enable domain owners and security teams to monitor for unauthorized or unexpected certificates, which can signal typosquatting, shadow services, or malicious issuance targeting their brand. ### What is ASN mapping? ASN mapping links IP addresses to their corresponding autonomous system numbers, which identify the organizations that route traffic for those addresses. Analysts use ASN mapping to attribute infrastructure, monitor changes in hosting behavior, and detect malicious operations spread across different geographies or service providers. ### What is typosquatting detection? Typosquatting detection identifies domains that mimic legitimate brands by introducing minor character changes --- such as omitted letters, adjacent keyboard swaps, or alternate top-level domains. These lookalike domains are frequently used in phishing, credential theft, or redirection attacks. ### What is brand impersonation infrastructure? Brand impersonation infrastructure includes domains, applications, and services intentionally designed to resemble a specific brand. They may host fake login portals, mimic support systems, or serve malicious content behind a trusted visual façade. These assets erode user trust and often go undetected without continuous monitoring. ### What is an open redirect? An open redirect is a web application flaw that allows users to be redirected to external sites based on URL parameters without validation. Attackers abuse it to craft legitimate-looking links that route victims to malicious destinations, often bypassing filters or appearing trustworthy in phishing campaigns. ### What are exposed development artifacts? Exposed development artifacts are publicly accessible files or directories left over from the development process --- such as .git folders, environment variable files, logs, or debug endpoints. They often contain sensitive information, such as credentials, configuration details, or code logic. ### What is unauthenticated service enumeration? Unauthenticated service enumeration refers to the identification of running services, open ports, or endpoints without needing credentials or session tokens. Attackers perform it to map an organization's external footprint and identify exploitable services without alerting defenses tied to authenticated access. ### What is fingerprintable software? Fingerprintable software reveals its identity, version, or configuration through response headers, default pages, error messages, or other metadata. These signals allow attackers to match known vulnerabilities to specific services, enabling automated targeting and tailored exploits. ### What is digital footprint expansion? Digital footprint expansion is the uncontrolled growth of internet-facing assets --- domains, APIs, containers, cloud functions --- across regions, accounts, or business units. It's driven by rapid scaling, decentralized deployment, and weak governance, increasing the volume of untracked and potentially exposed infrastructure. ### What is third-party digital exposure? Third-party digital exposure results from vendors, partners, or service providers that host or process data on your behalf. Their assets --- while not directly under your control --- still affect your external attack surface and can introduce risk if they're improperly configured or poorly maintained. ### What is asset sprawl? Asset sprawl refers to the proliferation of unmanaged or redundant internet-facing infrastructure across teams, clouds, or service providers. It often occurs without central visibility, leading to redundant services, unclear ownership, and exposure risk across the attack surface. ### What is infrastructure drift? Infrastructure drift describes divergence between declared infrastructure configuration and its live state --- caused by manual changes, automation errors, or cloud behavior. Drift undermines policy enforcement, introduces unknown exposure, and makes remediation more difficult when systems behave unpredictably. ### What is unmanaged SaaS exposure? Unmanaged SaaS exposure happens when teams adopt software-as-a-service platforms without security review, configuration oversight, or identity integration. These services may store sensitive data or integrate with production systems but fall outside monitoring and control, creating silent liabilities. ### What are shadow environments? Shadow environments are systems deployed outside formal governance --- often by developers, vendors, or business units. These include test servers, trial accounts, or ad-hoc deployments. While operationally useful, they rarely follow security protocols and often remain exposed long after their original purpose ends. ### What is CI/CD pipeline leakage? CI/CD pipeline leakage occurs when components of build and deployment pipelines become publicly accessible. Exposed scripts, logs, tokens, or environments can reveal internal logic or grant attackers access to deploy code, tamper with releases, or extract sensitive credentials. ### What is external service chaining? External service chaining involves dependencies between public-facing services --- such as CDNs, APIs, or authentication brokers --- that link systems across multiple domains or vendors. A weakness in any link can expose the entire chain to compromise or create unexpected trust paths between unrelated assets. ### What are public code leaks? Public code leaks refer to the unauthorized or accidental publication of proprietary code, configuration files, or infrastructure templates to public repositories or artifact hubs. They often contain hardcoded secrets, internal logic, or software composition details that attackers exploit during reconnaissance. ### What is DNS misconfiguration? DNS misconfiguration includes errors in DNS records --- such as stale entries, unclaimed CNAMEs, wildcard records, or broken MX configurations --- that expose subdomains to takeover or operational disruption. Improper DNS hygiene often leads to exposure long after an asset is decommissioned. ### What is SaaS misattribution? SaaS misattribution occurs when external platforms expose content, login portals, or dashboards under your domain or brand --- without centralized knowledge or ownership. These misaligned assets confuse users, introduce reputational risk, and make remediation difficult when discovered during incident response. ### What is subdomain takeover? Subdomain takeover happens when a subdomain points to an external service that's no longer in use, and the underlying resource becomes available for re-registration. Attackers exploit the leftover DNS pointer to serve content or launch phishing campaigns under your trusted domain. ### What are exposed telemetry endpoints? Exposed telemetry endpoints are monitoring, logging, or metrics interfaces left accessible from the internet. They often leak system internals, debug information, or operational metadata that help attackers map system behavior or extract sensitive information without authentication. ### What is forgotten marketing infrastructure? Forgotten marketing infrastructure includes legacy microsites, campaign landing pages, or third-party assets launched for short-term initiatives and then abandoned. These assets often remain live, unpatched, and exposed --- inviting attackers to exploit overlooked systems carrying organizational branding. ### What is asset lifecycle ambiguity? Asset lifecycle ambiguity refers to uncertainty about whether an asset is in use, who owns it, or when it should be decommissioned. Without lifecycle clarity, organizations retain infrastructure they no longer manage, creating untracked exposure across business units and cloud accounts. ### What is domain parking abuse? Domain parking abuse involves attackers registering expired or typo-variant domains and using them for malicious purposes --- ads, phishing, credential harvesting, or malware. In some cases, attackers hijack previously legitimate domains that were abandoned, capturing residual traffic and trust. Recommended for you [Stop Cloud Attacks with Cortex CDR Learn how Cortex Cloud Detection and Response (CDR) is designed to provide unparalleled protection purpose built for the cloud, ensuring your hybrid and multicloud environment rema...](https://www.paloaltonetworks.com/resources/datasheets/cloud-detection-response-cdr?ts=markdown) [Cloud Discovery \& Exposure Management In this whitepaper, you'll gain a thorough understanding of how internet-exposed assets are discovered, what process is used to identify and prioritize risks, and how to remediate ...](https://www.paloaltonetworks.com/resources/whitepapers/cloud-discovery-exposure-management?ts=markdown) [Break Barriers in Cloud Security with Unified Protection Read our guide to unlock the answers to the who, what, when, where, why and how of unifying CloudSec with SOC for stronger, smarter protection.](https://www.paloaltonetworks.com/resources/guides/cortex-cloud-executive-guide?ts=markdown) [Stopping Cyberattacks in the Cloud: The Future of Cloud Detection and Response Learn how you can shut down today's cloud-first threats with effective threat detection, investigation and response from a unified, single-agent offering built on the world's most...](https://start.paloaltonetworks.com/stopping-cyberattacks-in-the-cloud-cdr-webinar) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20External%20Attack%20Surface%20Management%20%28EASM%29%3F&body=External%20attack%20surface%20management%20%28EASM%29%20continuously%20identifies%2C%20prioritizes%2C%20and%20eliminates%20internet-facing%20risk%20before%20attackers%20exploit%20unknown%20exposure.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/easm-external-attack-surface-management) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-attack-surface-vs-threat-surface?ts=markdown) What is the Difference Between Attack Surface and Threat Surface? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language