• AS BAS
  • AS EASM
  • Research
  • Penetration
  • Incident Response
  • Red Teaming
  • Security Training
  • Company
  • News
  • Join Us
    • Products
    AS EASM
    External Attack Surface Management
    AS EASM enables enterprises to continuously monitor the open internet, social media, the dark web, and the deep web. It evaluates and analyzes the attributes of digital assets, helping organizations identify and inventory unknown externally facing digital assets, systems, and sensitive data. The system prioritizes and alerts on risks and vulnerabilities, providing mitigation measures or orchestrated automated response workflows to help enterprises quickly reduce risk. Without requiring any internal network information, we leverages a series of built-in data probes to continuously monitor various data sources across both public and non-public networks worldwide, easily discovering all externally exposed surfaces of an enterprise and analyzing their vulnerabilities. Customers gain continuous visibility into exposures and risks from an attacker’s perspective, enabling them to eliminate threats before adversaries can exploit them—delivering stronger security assurance for enterprise business operations.

    Key Features

    Attack Surface Discovery

    Enterprise Information

    Enterprise-related data such as investment relations and shareholder information are exposed externally and retrievable via public platforms, including supplier, app, and social media details.

    Domain Information

    Identify enterprise domain assets through SSL certificates, subdomain enumeration, and DNS records, covering both active and historical domains.

    IP Assets

    Monitor exposed public IPs with attack surface discovery, leveraging internet-wide scanning and full-port probing to track changes and risks in real time.

    Web Assets

    Discover exposed web services through internet-wide scanning, collecting titles, SSL certificates, and fingerprints to map vulnerabilities across frameworks, components, and applications.

    Email Exposure

    Identify corporate email addresses exposed online using search engines and third-party aggregation platforms, enabling continuous and automated discovery of email-based attack surfaces.

    Sensitive Data Exposure

    Detect code leaks, document exposure, and other incidents in real time through monitoring of dark web markets, forums, and messaging platforms, enabling timely response to data leakage risks.

    Risk Assessment

    Asset Risk Assessment

    AS EASM supports both passive vulnerability detection and active scanning with detailed fingerprints and advanced web vulnerability assessment, covering misconfigurations, exposed services, and phishing sites.

    Data Risk Assessment

    Identify sensitive data such as credentials, source code, and configurations, assessing the security impact of data leaks to protect critical business information.

    Social Engineering Risk Assessment

    Combine AS BAS validation capabilities with EASM data to evaluate employee awareness and reduce risks from exposed email accounts.

    Third-Party & Supply Chain Risk Assessment

    Evaluate risks from insecure components, vendor backdoors or zero-days, outsourced workforce exposure, and supplier-related data breaches.

    Mobile Application Risk Assessment

    Assess mobile applications for sensitive data leakage and identify risks from counterfeit or malicious apps.

    Key Features
    Core Value
    Distributed Scanning Framework

    A self-developed C/S-based distributed scanning framework. By deploying numerous scanning engine nodes, it delivers high performance and high concurrency to dramatically improve scanning efficiency.

    Comprehensive Asset Visibility

    Comprehensive scope—map all downstream subsidiaries; comprehensive asset data—collect attack-surface signals from multiple sources; comprehensive risk view—full visibility into external risks.

    Accurate & Efficient Risk Identification

    Rich fingerprint data with active scanning plus passive identification ensures risky assets cannot hide; extensive historical high-risk vulnerability data with complete details and PoC-based detection plugins enables one-click discovery of vulnerable assets.

    Intelligent Operations

    Through operational feedback, MiYing continuously learns organization-related asset data to improve discovery accuracy and reduce false positives.