Attack Surface Management

Overview

The Attack Surface Management Solution initiates from an organization’s root domains and organizational structure. Leveraging automated processes and penetration testing expertise, it adopts an attacker’s perspective to focus on digital assets. Builds a dynamic risk posture view for the organization, generates actionable risk intelligence, and integrates with defense systems to streamline attack surface reduction through a unified workflow.

Platform Architecture

The system adopts a microservices and distributed architecture. It incorporates rule repositories and a component-based mechanism, encapsulating functionalities into components or plugins as atomic capabilities to ensure system scalability. The front-end interface is built using the VUE framework, achieving backend logic separation and component-based development to enhance response speed and user experience.

The system consists of three layers: the Data Resource Layer, Function Support Layer, and Application Service Layer.

Application Scenarios

• Live-fireCyber Exercises

National, municipal, and industry-level live-fire cyber exercises are becoming increasingly routine. Before an exercise begins, the defending team proactively discovers and reduces its own potential attack exposure surface. Once the exercise commences, the defending team quickly locates compromised assets, precisely decommissions them, and initiates containment responses immediately.

• Exposure Surface Reduction

For traditional network protocol environments, the group headquarters conducts comprehensive asset inspections across subsidiaries, branches, and operational outlets. This brings the potential attack exposure surface assets of these branches under centralized management, providing visibility into the group’s overall attack exposure landscape. Branches can also independently procure or build exposure surface reduction solutions for self-audits, subsequently reporting the consolidated asset information to the headquarters or regulators to maintain initiative.

• Data Leakage Tracing and Forensics

Security teams correlate externally exposed data (e.g., sample data sold on the dark web or black markets) with internal data for mutual verification. This enables them to pinpoint compromised devices, assets, and even personnel, forming an attack evidence chain. This provides a legal basis for potential future litigation and facilitates horizontal checks across similar assets for analogous attack patterns, preventing recurrence of similar leaks.

• Security Operation Infrastructure

During the initial phase of security operations (SecOps) construction, the exposure surface serves as the basis and justification for other security investments. During SecOps development, an API-based exposure surface management platform acts as the foundation for platforms like SOC (Security Operations Center) and SIEM (Security Information and Event Management). Once SecOps capabilities mature, combining security effectiveness verification and quantitative assessment further reduces the exposure surface, continuously enhancing overall security operations maturity.

Product Features

• Quantitative Risk Assessment of Exposure Surface

The platform automatically collects assets related to the organization’s exposure surface. It categorizes them based on evaluation factors and calculates an overall organizational risk score using a comprehensive risk assessment formula.

• Digital Asset Exposure Discovery

Discovers and monitors enterprise digital assets and business operations across multiple dimensions, eliminating risks from forgotten assets and shadow IT. Provides comprehensive visibility into the organization’s complete exposure surface, enabling the discovery of vulnerabilities before attackers do, thereby reducing the likelihood of successful attacks.

• Comprehensive Data Leak Detection

Monitors physical and digital assets from an attacker’s perspective, promptly identifying leaks, analyzing their severity, and tracing the source of the leak.

• Continuous Digital Risk Monitoring

Supports regular security inspections of exposure surface assets, promptly identifying risks in web properties, Weibo, WeChat Official Accounts, Apps, etc. This systematic, automated digital risk monitoring transforms security work from “low-frequency” to “high-frequency” and shifts from post-attack blocking to daily operations.

• Risk Prioritization Analysis

Organizations cannot prioritize risks solely based on predefined base severity scores. They must also consider asset type, criticality, exploit prevalence, available controls, mitigation measures, and the likelihood of threat occurrence. This reflects the potential impact on the organization and prioritizes threats most likely to be exploited against it.

• Risk Remediation and Verification

For high-risk or specific risks, the system notifies security team members via SMS/email and provides complete remediation solutions. It features open ticket workflow functionality and external API interfaces, enabling closed-loop management of the threat exposure surface.

Product Advantages

• Automated Digital Asset Exposure Mapping

Input the organization name as the discovery clue. Initiate tasks with one click. Leverages third-party APIs (including cyberspace mapping engines, enterprise information platforms, etc.) to automatically build the digital asset exposure map.

• Asset Discovery Based on Extended Threat Intelligence Correlation

Leverages multi-source threat intelligence. Collects and analyzes hundreds of billions of data points from thousands of threat sources across the public and anonymous networks. Combines this with multi-dimensional correlation analysis (asset fingerprints, exploit data, intrusion/attack data) to promptly and accurately discover unknown assets (including non-compliant assets, shadow IT) and compromised assets.

• Automated Vulnerability Discovery Based on Intelligent Matching Technology

Utilizes asset fingerprint knowledge bases, exploit knowledge bases, and intelligent feature matching technology to rapidly identify assets potentially harboring vulnerabilities, providing predictive information. This helps users complete vulnerability screening in the shortest possible time.

• Asset Identification Technology Based on Deep Learning

Employs an AI-based (CNN model) asset fingerprint recognition method. Trained on feature datasets, it significantly improves the recognition rate of operating systems and service fingerprints compared to traditional fingerprinting methods.

• Comprehensive and Wide-Ranging Monitoring Channels

To ensure comprehensive data collection, the system integrates over 60 monitoring channels across 7 major categories and 20+ sub-types. These include Search Engines，Code Repositories, Asset Discovery Platforms, and continuously adds and optimizes channels.

User Values

Deliver Continuous Visibility into the Exposure Surface for Timely Reduction

Accelerate Vulnerability Detection and Response Times

Reduce Costs and Improve Operational Efficiency

Mitigate the Impact of Data Leaks and Reduce Overall Risk