Learn
External risk, explained
Plain-English guides to the exposures attackers find from outside your network — leaked credentials, lookalike domains, email spoofing, and more — plus free tools to check your own domain.
What your external attack surface is, why it keeps growing, and how EASM finds the internet-facing assets and exposures attackers see first.
Read guide →Gartner's five-stage program for continuously finding, prioritizing, and validating the exposures most likely to be exploited — and where EASM fits in.
Read guide →How attackers register lookalike domains to phish your customers and staff — the common patterns, the warning signs, and how to find them.
Read guide →The three email-authentication records that stop spoofing of your domain — what each does, how they work together, and how to check yours.
Read guide →How credentials leak through breaches, infostealers, and combolists — why password reuse turns one leak into account takeover, and how to check if yours are exposed.
Read guide →The authoritative list of vulnerabilities under active exploitation — how it differs from CVSS scores, and how to use it to prioritize patching.
Read guide →How dangling DNS records let attackers serve content on your own subdomains — why it's dangerous, and how to find and prevent it.
Read guide →What dark web monitoring watches for, what it realistically can and can't do, and how it fits alongside external attack surface management.
Read guide →Three terms that sound alike but solve different problems — what each does, where they overlap, and which to start with.
Read guide →