Loading...
Loading...
Continuous discovery and monitoring of every internet-facing asset tied to your organization. Find the shadow IT, exposed cloud, and forgotten subdomains before an attacker does.
Attack Surface Management (ASM) is the continuous practice of discovering every internet-facing asset your organization is responsible for, classifying each by ownership and criticality, and monitoring each for new exposures over time.
In a typical Malaysian enterprise, ASM uncovers 30–60% more assets than the CMDB reports — abandoned marketing microsites, dev environments still on legacy IPs, contractor-spun staging boxes, SaaS subscriptions IT never approved, and cloud resources spun up by individual business units. Every one of those is a credible entry point for an attacker, and most are also exam points for an RMiT or PCI auditor.
Unlike a one-shot vulnerability assessment, ASM runs continuously. When a new subdomain appears, a certificate is issued, a port opens, or a vendor's exposure changes — you find out within hours, not at the next quarterly review.
Six core capabilities that together cover the discovery, classification, monitoring, and reporting lifecycle of your external attack surface.
Continuous OSINT-driven discovery of every internet-facing asset tied to your domains, IP ranges, ASNs, and brand — including assets your IT team has forgotten about.
Identify SaaS subscriptions, dev/test environments, marketing microsites, and contractor-spun infrastructure that your CMDB doesn't know exists.
Track exposed S3 buckets, public storage, misconfigured Kubernetes, open management ports, and IAM-leaked credentials across AWS, Azure, GCP, and Alibaba Cloud.
Monitor the external surface of your supply chain. Get alerts when a vendor's exposure could become your incident — required for RMiT-regulated outsourcing.
Daily passive re-scan of every discovered asset. Active probing on configurable cadence. New asset = immediate alert, not a quarterly surprise.
Every report is a diff: what changed since last week, which exposures are new, which closed, which moved category. Built for board-level review and RMiT audit packs.
RMiT 11.x requires regulated financial institutions to maintain an accurate technology asset inventory and to continuously monitor those assets for security exposure. Annex 1 audit walk-throughs increasingly ask "show me the inventory" — and then "show me how it's kept current." ASM is the operational answer to both questions.
Designated National Critical Information Infrastructure (NCII) entities must demonstrate continuous-monitoring controls under NACSA's implementing guidelines. ASM provides the daily evidence of monitoring and the alerting trail regulators expect to see.
Under the 2024 PDPA amendments, breach notification timing is triggered by awareness of the breach. ASM compresses the gap between exposure and awareness — meaning your notification window starts as early as legally possible, not as late as your last manual review.
We seed with your known domains, IP ranges, brand keywords, and key personnel. Initial discovery typically surfaces 30-60% more assets than the CMDB.
Every discovered asset is classified by ownership confidence, criticality, and exposure severity. False positives are filtered before they reach you.
Daily passive + weekly active monitoring. Real-time alerts for new assets, new ports, new vulnerabilities, new certificate changes, new DNS records.
Monthly executive deck plus weekly delta report. Optional remediation support via nCrypt's pentest and incident-response teams.
Indicative starting prices. Final scope and cost depend on asset count, cloud footprint, and the depth of vendor inclusion.
Quarterly snapshot
From RM 4,000
Monthly + weekly deltas
From RM 8,000
Always-on with response
From RM 15,000/mo
Common questions about Attack Surface Management in Malaysia.
Attack Surface Management is the continuous discovery, inventory, classification, and monitoring of every internet-facing asset that belongs to your organization. It answers the question every security leader gets blindsided by during an incident: 'wait, we owned that domain?' Modern ASM is OSINT-led, runs continuously rather than as a one-time exercise, and integrates with vulnerability management, pentest, and incident-response workflows.
A vulnerability assessment (VA) scans assets you already know you own. ASM finds the assets you don't know you own and then maintains that inventory continuously. In practice ASM is the upstream input to VA — you cannot scan what you have not discovered. Mature enterprises run both: ASM for discovery and exposure, VA for deep vulnerability detail on known assets.
Penetration testing is a deep, time-boxed adversarial exercise against a defined scope. ASM is a continuous breadth-first discovery and monitoring function. Pentest answers 'can an attacker compromise this specific application'; ASM answers 'what does an attacker see when they look at us today'. Most regulated Malaysian organizations need both, on different cadences.
On the Standard plan: daily passive scans (DNS, certificate transparency, public records) and weekly active scans (port discovery, banner grabbing, web fingerprinting). On Continuous: same-day discovery of new assets, with critical alerts pushed inside business hours. Active scans are rate-limited and respect your in-scope rules of engagement to avoid accidental impact.
Operational teams get the weekly delta report — every new asset, every new exposure, every closed item. Executive leadership gets the monthly summary deck with trend charts, risk-weighted exposure score, and remediation status. Auditors get the RMiT/PCI/ISO 27001 audit pack on request. All reports are PDF-portable and version-controlled.
RMiT 11.x (Risk Management in Technology) requires financial institutions to maintain an accurate inventory of technology assets and to continuously monitor them for security exposure. The Cybersecurity Act 2024 (NACSA) brings similar continuous-monitoring expectations to designated National Critical Information Infrastructure (NCII) entities. ASM is the operational practice that produces the evidence auditors expect.
nCrypt's ASM stack combines commercial discovery platforms (under license), open-source OSINT tooling, certificate transparency log monitoring, passive DNS feeds, cloud-vendor API enumeration, and our own enrichment layer. Tool choice is deliberately tool-agnostic — the deliverable is the curated, classified, prioritised inventory, not the raw tool output.
A scoped ASM seed scan typically returns an initial inventory inside one business week. Book a 30-minute discovery call to scope it.