Managed Services
Managed ASM
Continuously assess what assets are visible to an attacker and identify security gaps and misconfigurations that create risk.
Attack Surface Management (ASM) is the continuous discovery, analysis, remediation and monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an organisation’s attack surface.
​
ASMaaS is Performanta's ASM service.
​
Performanta ASMaaS analyses both:
-
your internal attack surface, providing visibility of the coverage and policy compliance of the security controls on your internal assets.
​
-
your external attack surface, providing an attacker's perspective of the assets and vulnerabilities that could be exploited.
ASMaaS is delivered via Performanta's proprietary Encore ASM platform.
Benefits
-
See gaps in security tool coverage and identifies IT asset misconfigurations that create risk
​
-
Proactively alerts you to exposure risks before they are exploited.
​
-
Shows you how prepared you are to repel at attack
​
-
Provides proactive tactical recommendations to harden the security posture.
​
-
Implements recommendations for you, as part of the service.
Features and benefits
CAASM identifies:
-
Gaps in your attack surface without security controls
​
-
Configuration changes that improve security
​
-
Unused objects within tools that create unnecessary security risk
​
-
The most appropriate risk-reducing controls
As part of ASMaaS, we implement the most appropriate risk-reducing controls.
EASM identifies:
-
External systems or servers associated with a client
​
-
Potential open ports that may give information useful to an attacker
​
-
Potential vulnerabilities identified by passive scanning that need to be verified.
​
-
Website component information that can be used by an attacker
​
-
Security certificates that have or are about to expire.
​
-
Website Header Security Rating
​
-
Domain hijacking and impersonation
​
-
Status of DMARC and SPF email security configurations.
EASM includes:
-
Reporting and Analysis
​
-
Incident Response Planning for External Incidents
​
-
Vulnerability scanning and reporting