- August 4, 2023: Exposure insight.
- December 2, 2021: Added Asset Type and App Grade fields.
- December 1, 2021: Renamed “Asset Analytics” to “Attack Surface Analytics.”
Attack Surface Analytics provides insight into your organization’s external digital footprint and allows you to manage the cybersecurity risk associated with the assets within them.
Not applicable to Mobile Application Security assets.
- Validate and manage the digital assets associated with your organization.
- Identify assets in unknown cloud service providers or geographies.
- Prioritize remediation efforts across Cloud and on-premise environments.
- Assess the security of assets hosted in the Cloud that your organization is responsible for securing. See Shared Responsibility with Cloud Service Providers.
- Export Page PDF
- Executive Report
- Download Company Report
- Company Preview Report
- NIST CSF Report
- ISO/IEC 27001 Report
Select the Actions dropdown at the top-right to complete the following actions:
Bitsight for 3rd Party
Attack Surface Analytics provides insight into your organization’s details in terms of:
In each section below the insights:
- The chart on the left shows the external footprint of the organization (such as the count of assets observed in each hosting provider, subsidiary, or country). These are useful for reconciling the externally visible data with your own understanding of your infrastructure.
- The chart in the right shows an assessment of your security. This highlights the areas of potential attack that are of high finding severity (material/severe).
- Comparing the chart on the left and right can highlight areas of exposure (e.g., few assets, but many findings).
- The maps and bar graphs can be filtered by clicking on the legend. This shows or hides that particular data field in the chart.
- Clicking on the charts brings up a tooltip that shows the detailed counts, relevant for that part of the chart.
- Clicking on the hosting provider, subsidiary name, or asset count on the tooltips of each chart on the left drills into the detailed list of the assets, including counts and the associated data.
Example: See a list of assets that are hosted by a particular external service provider.
The 4 insights cards at the top summarizes your digital footprint in each category: hosting providers, subsidiaries, geography, and services.
The Attack Surface Exposure panel shows the most prevalent vulnerabilities impacting your organization’s assets.
- Explore and gain in-depth Vulnerability Detection insights.
- Get insights into your external digital footprint.
- Manage cybersecurity risks associated with assets.
The chart dynamically and visually summarizes your exposure to vulnerabilities. The varying sized bubbles correspond with the number of assets with threat evidence. The largest bubble is selected by default.
- The vulnerability description and its CVSS score is displayed at the top of the table. Select the vulnerability name in the description to get to Vulnerability Detection.
- Select an asset in the Asset column to see the asset details.
- Select the number in the Findings column to see all the findings associated with that asset.
- Select the View Impacted Assets button on the bottom-right to see assets impacted by the selected vulnerability.
External Hosting Providers
External Hosting Provider Footprint: Asset Importance by External Hosting Provider
External providers (e.g. cloud providers, hosting providers and ISPs) and the count of assets associated with them. Toggle asset importance groups by clicking on the legend.
External Hosting Provider Asset Security: Material/Severe Findings by External Hosting Provider
The chart counts all findings with a severity of material or severe on the company’s assets in each external provider. It compares the company’s asset security between external providers.
Subsidiary Footprint: Asset Importance by Subsidiary
Companies in the same ratings tree as this company and the distribution of assets across them. Toggle asset importance groups by clicking on the legend.
Subsidiary Asset Security: Material/Severe Findings by Subsidiary
The chart counts all findings with a severity of material or severe on the assets of companies in the same rating tree as this company. It compares the company’s asset security between subsidiaries.
Product Footprint: Asset Importance by Product
Detected software and hardware products, and the count of assets associated with them. Toggle asset importance groups by clicking on the legend.
Products Security: Count of Assets running unsupported software versions
The number of assets running software versions that are no longer supported by the vendor. The chart shows which unsupported software versions are most common within the assets of a company.
Geographic Footprint: Asset Count by Geography
Size of circles represents the number of assets in a given country. Toggle asset importance groups by clicking on the legend.
Geographic Security: Material/Severe Finding Count by Geography
The size of the circles represents the number of findings with a severity of material or severe on assets within a given country. It compares the company’s asset security between countries.
Services Footprint: Asset Count by Service Category
Distribution of communication protocols (e.g. HTTP, FTP etc) grouped by service type to give a picture of what services the organization is making available externally.
Services Security: Count of Assets with Material/Severe Open Ports
The number of assets that have open ports recorded with severity of material or severe. The chart shows which risky services are most common within the assets of a company.