External Attack Surface Management (EASM) is an automated security monitoring service included in your CyberVadis subscription. It scans your company's publicly accessible internet-facing assets, including your website, domain names, and subdomains, every 30 days to identify potential security misconfigurations and weaknesses, giving you a continuous view of your external security posture.
Think of it as a regular health check for your online presence, ensuring that your digital perimeter is monitored and that critical issues are identified before they can be exploited.
How it works
Our EASM service conducts a series of non-intrusive external tests on your internet-facing assets. It evaluates your external security settings and configurations without interacting with or modifying any of your internal systems or data.
The service was developed entirely in-house by CyberVadis's engineering and security teams, giving us full control over its performance, data handling, and security protocols.
Key features
Automated monthly scans
Your internet-facing assets are scanned automatically every 30 days. There is no manual action required on your part - the service runs continuously in the background.
Easy-to-understand reports
Each scan produces a report designed for both technical and non-technical audiences. The report includes:
Overview page: your external security score at a glance, with a high-level summary of your security posture
Action plan: a prioritized list of the most significant findings and recommended fixes, focused on the issues with the greatest impact on your security posture
Analytical page: detailed analytics with graphs and charts for a deeper understanding of your results
Technical details: in-depth technical information for your IT and security teams, including specific misconfiguration details and remediation guidance
Actionable PDF report: a downloadable version of the full report for sharing internally or with your security team
Time2Fix
When critical findings are identified, the Time2Fix feature tracks the resolution process until the issue is confirmed as fixed. This provides valuable insight into how quickly your team addresses critical weaknesses in your internet-facing assets and supports continuous improvement of your external security posture.
What EASM does not replace
EASM is a lightweight external monitoring tool focused on your internet-facing assets. It does not replace a full internal security audit or penetration testing. It is designed for continuous monitoring of your publicly accessible systems, not for deep internal security assessment.
Frequently asked questions
Does EASM affect my main CyberVadis score?
No. The EASM report is completely separate from your main CyberVadis scorecard. It is an additional report generated for your review and does not influence your assessment score in any way.
Is there an additional cost?
No. EASM is included as part of your existing CyberVadis subscription at no additional cost.
Is my internal data safe?
Yes. The EASM service only performs external checks on publicly accessible internet-facing assets, similar to how a visitor would access your public website. It does not interact with or modify your internal systems or data in any way.
How often is the scan run?
Your internet-facing assets are scanned automatically every 30 days. You do not need to take any action to trigger a scan.
What to do with your results
When you receive your EASM report:
Review the findings and familiarise yourself with your current external security score
Focus on any critical findings first - use the action plan to prioritize and address them
Share the technical details section with your IT or security team so they can implement the recommended fixes
Monitor your progress - critical findings are tracked via Time2Fix until they are resolved
Access your EASM results at app.cybervadis.com/domain-screening.
Questions
If you have questions about your EASM results or need help interpreting your report, contact our Customer Experience Team at support@cybervadis.com.