Attack Surface Analysis
The External Attack Surface Analysis is an assessment process carried out to determine the potential attack surfaces by examining all domains, servers, and services open to the internet within the company.
Along with all sub-domains related to your company domain, other domains that might be related to your company are automatically detected. Subsequently, relevant domains, services, servers, and web pages are identified in an automated manner, and your attack surface is revealed along with the relevant security tests.
With continuous attack surface analysis, your newly launched services on the internet are also constantly monitored.
Features
Automated Asset Discovery
Automatically discovers servers, devices, websites, and other services open to the internet that belong to your company.
Risk Scoring
By continuously monitoring more than 30 parameters, risks associated with your company and assets are calculated
Certificate and TLS Security.
It detects vulnerabilities by examining your certificates and configurations used in TLS communication.
Vulnerability Detection
It periodically scans your servers and services to detect potential vulnerabilities.
Domain and Mail Security
By monitoring your DNS and Whois records, it detects misconfigurations and potential vulnerabilities that might affect your Domain and Mail security.
Reporting and Notification
In addition to periodic reports, significant findings, critical ports, and services are notified 24/7 via Email and SMS.
About Us
By examining attacks on a global scale, we keep AttackPoint updated with new vulnerability detection methods.
Continuous Attack Surface Analysis
Along with all sub-domains related to your company domain, other domains that might be related to your company are automatically detected. Subsequently, relevant domains, services, servers, and web pages are identified in an automated manner, and your attack surface is revealed along with the relevant security tests.
Risk Analysis and Prioritization
To take swift action, determining and prioritizing focal points from hundreds of vulnerabilities might be as crucial as uncovering the attack surface itself. AttackPoint's unique scoring algorithm allows you to prioritize by showing both the riskiest assets among your resources and the riskiest areas for each of your assets.
Easily Understandable Finding Descriptions
Along with detailed technical explanations, with user-friendly dashboards, you can see the impacts of the findings obtained from the relevant security controls on your systems.
Our Solutions
At AttackPoint, we consistently monitor the industry and develop new solutions.
Inventory Management Deficiency in Companies
Although it varies according to the size of the organization, inventory management open to the internet in companies is still one of the biggest problems today.
- 83% of cyber attacks come from exposed assets.
- It's impossible to defend an asset that is unknown to be exposed externally.
- The more infrequent the routine penetration tests become, the higher the attack risk.
- Due to forgotten or misconfigured configurations, servers can be compromised.
Continuous Attack Surface Analysis
Along with all sub-domains related to your company domain, other domains that might be related to your company are automatically detected. Subsequently, relevant domains, services, servers, and web pages are identified in an automated manner, and your attack surface is revealed along with the relevant security tests.
Risk Analysis and Prioritization
To take swift action, determining and prioritizing focal points from hundreds of vulnerabilities might be as crucial as uncovering the attack surface itself. AttackPoint's unique scoring algorithm allows you to prioritize by showing both the riskiest assets among your resources and the riskiest areas for each of your assets.
Easily Understandable Finding Descriptions
Along with detailed technical explanations, with user-friendly dashboards, you can see the impacts of the findings obtained from the relevant security controls on your systems.
AttackPoint
Within AttackPoint, you can examine explanations in great detail, and you can also observe summary explanations that are not too technical.
AttackPoint
Continuous Attack Surface Analysis & Vulnerability Detection
With our online scans, you can detect the following crucial findings and many more within AttackPoint.
- All assets connected to the internet belonging to your company.
- All your domain names and subdomains.
- All technologies used in your company.
- All certificates in use and misconfigurations.
- Mail & DNS configurations.
- Vulnerable servers and services.
- Ports that shouldn't be open to the internet.
- Risk scores of all your assets.
Frequently Asked Questions
For AttackPoint | Continuous Attack Surface Analysis and Vulnerability Detection tool, if you have any more questions, you can always contact us.
What is Attack Surface Analysis?
Attack surface analysis is the assessment process to determine the surfaces of an organization that are potentially exposed to attacks.
How is vulnerability scanning conducted?
We conduct scans on your assets using both up-to-date open-source tools and tools developed by our Cybersecurity team within Turkcell, without causing any interruptions.
Will my assets be scanned continuously?
AttackPoint includes several types of scans. Depending on the selected package, your entire company is scanned either weekly or monthly, while the status of your independent services is scanned hourly.
Will the scans damage the systems?
We perform scans both with current open-source tools and with tools developed by our Offensive Security team within our company. In conclusion, our scans will not cause any damage to your systems.
Do you conduct scans over the internet?
AttackPoint requires all scans to be carried out entirely over the internet, assessing risks with an attacker's perspective.
Should I disable solutions like Firewall, WAF?
Since AttackPoint conducts scans over the internet, it can be blocked by your company's WAF and Firewall rules. For our vulnerability scanning tools to detect more findings, you may exclude our scanning IPs within your WAF solution. However, it is not mandatory and is entirely up to you.
Can I scan another company?
When using AttackPoint, you can only scan servers and domain names you have authority over.
How can I purchase?
You can contact us through the contact form, and we can provide an offer depending on the size of your company.
How is the pricing determined?
We determine the pricing based on the size of your company, the number of domains and servers, and the total number of assets you have.