Mandiant Attack Surface Management

See your organization through the eyes of the adversary

Through Mandiant Attack Surface Management (ASM), discover and analyze your internet assets across today’s dynamic, distributed, and shared environments, while continually monitoring the external ecosystem for exploitable exposures. 

Features

Continuous monitoring

Control how often asset discovery and analysis are conducted with daily, weekly, or on-demand scans.

Technology and service identification

Get an inventory of applications and services running in the external ecosystem.

Outcome-based asset discovery

Specify the type of asset discovery workflow run against the attack surface based on specific outcomes or use cases.


Read more about outcome-based asset discovery.

Active asset checks

Active asset checks are benign payloads or scripts designed from Mandiant IOCs and frontline intelligence, and are used to validate when an asset is susceptible to exploitation. 

How It Works

Mandiant Attack Surface Management (ASM) offers the adversary's view of your organization's attack surface. Starting with simple information about the organization (such as a domain, known networks, or SaaS accounts), it collects asset and exposure information like an attacker would.

Mandiant Attack Surface Management dashboard which shows high-level reporting and summary information from the latest asset discovery scan.
Learn how Mandiant Attack Surface Management helps customers mitigate external cyber exposure risks by continually discovering and analyzing their assets for vulnerabilities, misconfigurations, and exposures.

Common Uses

Assess high-velocity exploit impact

Know when and where external assets are impacted.

Use active checks to quickly identify external asset exposures, allowing security teams to prioritize remediation efforts.
Learn more about MOVEit
Image of the Mandiant ASM GUI, featuring the Library which contains a list of the available active checks. The library is filtered for MOVEit, to show several active checks related to the vulnerability.

    Know when and where external assets are impacted.

    Use active checks to quickly identify external asset exposures, allowing security teams to prioritize remediation efforts.
    Learn more about MOVEit
    Image of the Mandiant ASM GUI, featuring the Library which contains a list of the available active checks. The library is filtered for MOVEit, to show several active checks related to the vulnerability.

      Identify shadow IT

      Uncover unmanaged or unknown assets

      Continually monitoring for shadow IT provides visibility of the known systems, and a running list of these assets to your security team, so they can keep watch for anything out of the ordinary. Your security team will receive daily summaries of new assets and technologies added.

        Uncover unmanaged or unknown assets

        Continually monitoring for shadow IT provides visibility of the known systems, and a running list of these assets to your security team, so they can keep watch for anything out of the ordinary. Your security team will receive daily summaries of new assets and technologies added.

          Multicloud asset discovery

          Assess cloud-hosted external assets for exposures

          A centralized view of hybrid and multicloud environments allows security teams to answer critical questions when it matters most.
          Learn about multicloud visibility

            Assess cloud-hosted external assets for exposures

            A centralized view of hybrid and multicloud environments allows security teams to answer critical questions when it matters most.
            Learn about multicloud visibility

              Mergers and acquisitions due diligence

              Evaluate an acquisition’s external security posture

              Your organization can take preventative measures during an acquisition with visibility into that acquisition’s unknown systems and a running list of assets. The security team can specify security posture requirements before and after the transaction closes.
              Graphic showing the perception of an acquisition target having secured infrastructure on the left. While on the right the graphic shows the reality of the acquisition target having security issues, such as, unsanctioned apps with read and write access and internet-accessible misconfigurations.

                Evaluate an acquisition’s external security posture

                Your organization can take preventative measures during an acquisition with visibility into that acquisition’s unknown systems and a running list of assets. The security team can specify security posture requirements before and after the transaction closes.
                Graphic showing the perception of an acquisition target having secured infrastructure on the left. While on the right the graphic shows the reality of the acquisition target having security issues, such as, unsanctioned apps with read and write access and internet-accessible misconfigurations.

                  Subsidiary monitoring

                  Centralize portfolio visibility and risk mitigation

                  Assess the external security posture of each subsidiary, while enabling each to maintain autonomy. Mandiant ASM comes with role-based access controls (RBAC), equipping each organization to independently monitor and manage its own attack surface scope. All while centralizing visibility for the parent organization.
                  Graphic showing a parent organization in the top center with connections to the individual subsidiaries within the portfolio.

                    Centralize portfolio visibility and risk mitigation

                    Assess the external security posture of each subsidiary, while enabling each to maintain autonomy. Mandiant ASM comes with role-based access controls (RBAC), equipping each organization to independently monitor and manage its own attack surface scope. All while centralizing visibility for the parent organization.
                    Graphic showing a parent organization in the top center with connections to the individual subsidiaries within the portfolio.

                      Pricing

                      How pricing works Mandiant Attack Surface Management pricing is based on the number of employees at your organization, and all paid subscriptions include a base fee.
                      SubscriptionDescriptionPrice

                      Self-assessment

                      Continuously monitor the expanding attack surface. 

                      Connect with sales to discuss tailored enterprise pricing. 

                      How pricing works

                      Mandiant Attack Surface Management pricing is based on the number of employees at your organization, and all paid subscriptions include a base fee.

                      Self-assessment

                      Description

                      Continuously monitor the expanding attack surface. 

                      Price

                      Connect with sales to discuss tailored enterprise pricing. 

                      Get a demo

                      See Mandiant Attack Surface Management in action.

                      Talk to Sales

                      Contact us today to explore a trial of Mandiant Attack Surface Management.

                      Learn about Mandiant ASM

                      See it in action

                      Experience a day in the life of a customer

                      Attack surface discovery at scale

                      Automate attack surface reduction with Chronicle

                      FAQ

                      What is attack surface management?

                      Attack surface management is an approach to cyber defense that assesses and monitors external and internal assets for vulnerabilities, as well as risks that can potentially impact an organization.

                      An attack surface management solution continuously discovers and assesses an organization’s assets for vulnerabilities, misconfigurations, and exposures.

                      An attack vector is an exploitable asset in the attack surface. An attack vector can be used by a threat actor for initial compromise.

                      At Google Cloud, we define external attack surface management as the automated and continuous discovery of internet-facing assets and cloud resources, assessed for technology relationships and the identification of vulnerabilities, misconfigurations, or exposures.

                      Examples of attack surfaces include domains, IP ranges, data repositories, websites, servers, email, cloud resources, applications, microservices, and employees.

                      Onboarding is simple. All we need is a domain, IP address, URL, or netblock.

                      To reduce the overall attack surface, attack surface management solutions generate an asset inventory and alert the security team to exposed assets that can be targeted for exploitation.

                      Customers are empowered to use their preferred SIEM, SOAR, or ticketing system to facilitate remediation and attack surface reduction. Mandiant Attack Surface Management supports integrations with Chronicle Security Operations, Cortex XSOAR, Splunk Enterprise, and ServiceNow. Customers often use the API to retrieve data from Mandiant Attack Surface to send to their preferred SIEM, SOAR, or Ticketing Systems.

                      Learn about complementary products
                      Google Cloud
                      • ‪English‬
                      • ‪Deutsch‬
                      • ‪Español‬
                      • ‪Español (Latinoamérica)‬
                      • ‪Français‬
                      • ‪Indonesia‬
                      • ‪Italiano‬
                      • ‪Português (Brasil)‬
                      • ‪简体中文‬
                      • ‪繁體中文‬
                      • ‪日本語‬
                      • ‪한국어‬
                      Console
                      Google Cloud