// THREAT DETECTION AND DATA PRIVACY TERM
Attack Surface
An attack surface is the total number of all possible entry points an unauthorized user or attacker can use to access a system and extract data. It represents all the different ways a system is exposed to potential threats.

TECHNICAL DEFINITION
The attack surface is the complete set of potential entry points (attack vectors) that a malicious actor can exploit to compromise a digital or physical environment's security. This includes all hardware, software, network services, cloud assets, APIs, and human elements that are exposed to threats and contain vulnerabilities.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- threat surface
- exposure area
- digital footprint
- attack vectors
- entry points
- security perimeter
USAGE NOTE
Security teams continuously work to minimize or 'harden' their organization's attack surface to reduce risk.
DEVELOPERS
Organizations developing technology related to Attack Surface.
Develops Cortex Xpanse, an External Attack Surface Management (EASM) platform that actively discovers and monitors all internet-facing assets of an organization, identifying unknown exposures and risks.
Offers Microsoft Defender External Attack Surface Management (EASM), which provides a comprehensive view of an organization's attack surface by continuously mapping its internet-exposed assets. This technology was acquired from RiskIQ.
Provides Tenable.asm for external attack surface management, which discovers and inventories internet-facing assets to identify potential exposures before they can be exploited by attackers. This is integrated with their broader vulnerability management platform.
Offers Falcon Surface, an EASM module within its Falcon platform that discovers and monitors external assets and services to identify security weaknesses, exposed credentials, and potential attack vectors.
Develops the Insight platform, which includes capabilities for attack surface monitoring by discovering external assets, identifying vulnerabilities, and prioritizing risks across cloud, on-premises, and remote environments.
Provides IBM Security Randori, an attack surface management solution that takes an attacker's perspective to discover unknown assets and prioritize exposures based on their potential for exploitation.
A specialized company that continuously scans the entire internet to create a comprehensive map of global assets. Their Attack Surface Management platform allows organizations to discover, inventory, and assess their external-facing digital footprint.
Offers an Attack Surface Management solution that combines Google's vast visibility of the internet with Mandiant's frontline threat intelligence to provide a continuously updated view of an organization's exposures and high-risk assets.