What EASM discovers
EASM focuses on identifying assets that are accessible from the internet, including domains, subdomains, cloud infrastructure, certificates, and shadow IT resources. Unlike periodic assessments, EASM employs continuous monitoring to track changes and new exposures in real time. This contrasts with point-in-time scans which offer a snapshot but fail to capture dynamic shifts in an organisation's external footprint. The scope extends beyond owned assets to include those potentially managed by third parties.
Microsoft Defender EASM in Australian tenants today
For AU mid-market organisations, Microsoft Defender External Attack Surface Management offers a streamlined approach to EASM, integrating with the broader Microsoft Defender suite. It complements Defender Vulnerability Management, allowing security teams to correlate external exposure data with identified vulnerabilities. This aligns with the ACSC Essential Eight, particularly guidance around initial access vector mitigation. Organisations subject to APRA CPS 234 or CPS 230 should consider EASM as a control to manage third-party risk and protect critical data assets, and to support reporting obligations under the Notifiable Data Breaches scheme.