Unveiling CrowdStrike Falcon Surface: The Industry’s Most Complete Adversary-Driven External Attack Surface Management (EASM) Technology

Resilient cybersecurity posture can only be achieved with a full understanding of your internal and external attack surface. CrowdStrike Falcon® Surface builds on our award-winning adversary intelligence with cutting-edge external attack surface management (EASM) capabilities for a complete picture of known and unknown externally exposed assets, all delivered via the unified CrowdStrike Falcon® platform. 

As the attack surface expands, so does the “community” of adversaries and cybercriminals exploiting externally exposed assets to break into organizations around the globe. Gartner identified attack surface expansion as the number one trend in its most recent Top Security and Risk Management Trends for 2022,1 turning EASM into a critical tool in the cybersecurity arsenal.

As an organization’s digital footprint rapidly expands, the risk created by exposed assets grows accordingly. Broad trends such as digital transformation, hybrid work, Internet of Things (IoT) and more have led to an explosion of internet-facing assets. As a result, cloud workloads, websites, user credentials, cloud storage, SSL certificates, IoT, operational technology (OT), rogue IT devices and more exist in the thousands across most organizations. In the past, these internet-facing assets were carefully itemized, cleared and managed by a central IT team. Today, most digital assets are located outside the traditional enterprise perimeter — falling outside of IT’s visibility and control. 

This can dramatically increase an organization’s risk profile as every internet-connected asset represents an exposure point that adversaries could use to break into an organization. According to the Enterprise Strategy Group’s Research Report on Security Hygiene and Posture Management, “Nearly seven in ten (69%) organizations admit that they have experienced at least one cyber-attack that started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.” 

Risk exposure of this magnitude can lead to a breach that could result in shutdown of operations, loss of productivity and heavy financial losses. For many companies, the hazard of attacks exploiting internet-facing assets has become a clear and present risk.                                                                                   

Cybersecurity is a cat-and-mouse game, with adversaries’ techniques for finding exposed and vulnerable assets often outpacing an organization’s ability to discover and enforce good security hygiene on a digital asset. The unfortunate truth is that the adversary often has a better sense of the organizational risk exposure than the organization itself.

Do You Really Know the Attack Surface of Your Organization?

Stopping an attack before it begins requires an understanding of where critical exposures exist, starting with the external attack surface. EASM tools ease security teams’ most impossible task: accounting for their asset inventory in real time and identifying the most critical risks to mitigate. EASM can help security teams identify and map shadow IT exposures that create risk for their organizations. It also delivers a clear understanding of how subsidiaries affect security posture and provides insights into the cloud’s digital footprint and whether third-party vendors pose a security risk. 

External attack surface visibility enables an organization to identify and monitor all exposed digital assets — known and unknown — in real time. In addition to identifying exposed assets, EASM solutions go one step further by determining which assets are high risk or vulnerable, prioritizing their categorization based on this risk assessment. Security teams can use EASM for actionable insight into where further investment is needed to improve their security posture.

EASM is critical to maintaining a strong security posture and moving away from a reactive approach to security. CrowdStrike Falcon Surface brings cutting-edge EASM capabilities to the CrowdStrike Falcon platform as both a new module and as planned integrations across our threat intelligence and vulnerability management products and more. 

CrowdStrike Falcon Surface Keeps Adversaries in the Dark 

Falcon Surface provides a uniquely differentiated EASM offering, delivering the industry’s most complete adversary-driven EASM capability that minimizes risk from unknown, externally exposed assets. With Falcon Surface, security teams can close security gaps by employing an outside-in view of the enterprise attack surface. This empowers teams to prioritize and manage all exposed internet-facing assets that are centralized or remote across on-premises environments, subsidiary, cloud and third-party vendors — all with a zero-touch approach. Falcon Surface’s high-fidelity data sets it apart from competition, powered by the most comprehensive database of internet exposures that is updated in real time, beyond known network ranges.

Prioritizing Attack Surface Risks Based on Adversary Intelligence 

Falcon Surface automatically prioritizes risks by leveraging CrowdStrike’s industry-leading adversary intelligence to guide precise actions based on the most critical risks, including natively integrating context of industry-specific risks, CVE scores for vulnerabilities on exposed assets, geolocation, attack history and asset type. Combined with powerful automation capabilities that auto-generate quick-to-implement, actionable remediation steps for real-time vulnerability mitigation, Falcon Surface enables security teams to focus on what matters to rapidly de-risk their organization. 

Mapping the World’s Internet Exposures in Real Time 

Falcon Surface uses a proprietary real-time 24/7 engine to scan the entire internet across the globe, enabling organizations to see how their attack surface looks from an adversary’s view. Unlike other EASM solutions, Falcon Surface does not require an inventory of known assets before beginning the mapping and identification process. Only domain addresses are needed to map an organization’s entire ecosystem — including third-party vendors, subsidiaries and partners. Falcon Surface maps and indexes over 7 billion exposed assets globally each year, with 160 million identified each week. This gives organizations the ability to uncover all internet-facing assets, including owned assets, those of third-party vendors, subsidiaries, cloud environments and even potential fraud or phishing websites that are part of a malicious campaign targeting the organization.

Using advanced attribution techniques, Falcon Surface’s AI-enabled association engine correlates each asset to its source regardless of its “official” ownership. It does this through multiple identifiers such as certificates, subdomains, or other means, ensuring teams get an accurate and complete view of their exposed asset inventory and no precious time is wasted on false positives. In addition, it is able to match an organization to its industry — a key component to contextualizing the highest priority risks, maximizing known and unknown asset distribution in the process.

Supercharge Risk Reduction Across Your Global Attack Surface with the Holistic Falcon Platform

From whatever angle you approach cybersecurity strategy, the CrowdStrike Falcon platform provides organizations with 360 degrees of visibility across their entire attack surface. The platform combines the power of EASM (Falcon Surface) with award-winning threat intel (CrowdStrike Falcon® Intelligence), vulnerability management (CrowdStrike Falcon® Spotlight) and IT hygiene (CrowdStrike Falcon® Discover) for an unrivaled view — internal and external — of risk across all exposed assets, offering proactive protections with guided remediation steps, otherwise not possible with siloed and open source solutions.

Drawing on the industry’s richest adversary intelligence, risks are prioritized, remediated in record time and drastically reduced in one fell swoop. Now, security teams can focus proactively on what matters, enabling organizations to evolve and drive business in the cloud-first world.   

Additional Resources


  1. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Related Content