Attack Surface

Attack surface means all apex domains, their subdomains, and IPs discovered by or added to Detectify, including other domains and IP-addresses such domains point to. This also includes all associated information to these assets, such as DNS records, open ports and applications and services run on them, plus much more.

The Attack Surface Page

The attack surface page is designed to give our Surface Monitoring customers a complete overview of all of their assets (a domain or IP). Each asset is classified according to a Surface state which describes whether an asset is to be considered as currently exposed on your attack surface.

Surface State

The surface state indicates to what level an asset is exposed on your attack surface. The 5 different levels are:

  1. Not Monitored: These are assets that you are currently not monitoring with Surface Monitoring. These are not assessed for open ports, technologies, or vulnerabilities.
  2. Inactive: These are assets that we haven’t seen for the last 14 days. For domains, this means that we haven’t been able to find a DNS record corresponding to this particular domain. For IPs, this means that we haven’t been able to reach that particular IP.
  3. Unreachable (active): These are assets that we’ve been able to see within the last 14 days, either through resolving a DNS record (for domains) or through reaching the IP (for IP assets). However, they are not reachable through pings or open ports.
  4. Reachable (active): These are assets that we have been able to reach during our monitoring but we have not been able to identify an open port.
  5. Open (active): The IPs that the asset points to have open ports that we have been able to reach.

The attack surface page aims to show you what you are currently exposing on your attack surface.Thus, these states can be filtered on using the surface state filter.

Open Ports

The attack surface page will, on each asset that has Surface Monitoring running, show the open ports that we have been able to reach on that asset. What is seen in the table are only the ports that have been reached within the last 3 days. However, if you click the link, you will be able to see all ports that we have ever found to be open on that asset, including historic ports (ports that we haven’t reached in the last 3 days).