You can't protect what you don't know you own. Perimeter continuously maps your external attack surface — every domain, subdomain, IP, open port, running service and TLS certificate reachable from the internet — then watches it for change and ranks every exposure by real-world exploit likelihood. Start free on one root domain.
Most breaches start on an asset the owner forgot existed: a stale dev subdomain, a marketing microsite, an exposed admin panel, a cert about to expire, an S3 bucket left dangling after a migration. External attack surface management (EASM) is the discipline of finding those assets the way an attacker would — from the outside, continuously — and closing the gaps before someone else finds them.
Passive enumeration from certificate-transparency logs and passive DNS, plus active fingerprinting of live hosts, ports, services and TLS certs. We surface assets you didn't know you owned.
We re-scan on a schedule and diff week over week. A new subdomain, a newly-opened port, an expiring wildcard cert, a dangling DNS record — you hear about it the moment it appears.
Every exposure is scored with CVSS + EPSS (exploitation likelihood) + CISA KEV (confirmed in-the-wild) + asset criticality, so you fix the handful that matter — not a wall of noise.
| Exposure type | What we detect |
|---|---|
| Shadow / forgotten assets | Subdomains, hosts and services discovered passively + actively that aren't in your inventory |
| Subdomain takeover | Dangling DNS pointing at unclaimed cloud resources, flagged as high priority |
| Attack-surface drift | Week-over-week diff: new subdomains, newly-open ports, new services |
| TLS / certificate risk | Expiring certs, weak ciphers, mismatched hostnames, deprecated protocols |
| Exposed services & secrets | Open databases, admin panels, default credentials, leaked keys via Nuclei templates |
| Known-exploited vulnerabilities | CVEs cross-referenced against the CISA KEV catalog and EPSS scores |
External discovery and finding generation use Nuclei on a hosted runner. We never scan a target until you've verified ownership by DNS TXT — abuse-safe by design.
Pure-play ASM tools stop at the perimeter. Perimeter pairs external attack-surface management with internal authenticated scanning and container/SBOM scanning via the Lookout agent, and turns every finding into audit evidence mapped to PCI, HIPAA, SOC 2, ISO 27001 and CMMC. One tool, the full triad, at an SMB price.
It's the continuous discovery and monitoring of everything an attacker can reach from the public internet — domains, subdomains, IP ranges, ports, services, certificates and exposed apps — so new or risky exposures are caught before they're exploited.
A scanner checks assets you already know about; ASM first discovers the assets you may not know you own, then watches them for change. Perimeter does both — see our external vulnerability scanner page.
Yes — the MSP tier gives per-client workspaces with isolation and cross-client dashboards so you can monitor every client's attack surface from one console.