Mastering Your Attack Surface: Simplifying Attack Surface Discovery & Management with the BreachLock Unified Platform

Unify your security testing with one seamless platform that consolidates all your product solutions and test findings. Leverage a common data model, validate attack paths, and map your entire attack surface – all in one place.

BreachLock breaks down silos and connects solutions to deliver a unified view of your security landscape for comprehensive asset visibility. By leveraging the power of integration, BreachLock consolidates PTaaS, Attack Surface Management, continuous pentesting and automated scanning, as well as red teaming capabilities in one data model for endless clarity and reporting.

Attack Surface Discovery & Management

This capability showcases the Attack Surface Management (ASM): External (EASM) and Internal (supported by PTaaS). These features in the BreachLock Unified Platform are integrated alongside BreachLock’s other offensive security solutions. Once the ASM process begins, and BreachLock experts have an internal foothold to the user’s organization, internal attack surface mapping can still be performed for the organization.

Asset Discovery: Overview

Asset Discovery provides a complete overview of all assets that were either discovered in Domain Discovery scans, or manually added into inventory. In this feature, the user is able to view the assets classified as:

• Domains
• Subdomains
• IP Addresses
• IP Blocks and
• Asset Groups

In the Asset Discovery dashboard, the user can view the name of each asset that was scanned, whether it is active or inactive, and auto or manually discovered. Auto Discovered refers to those assets that were discovered based on the original scope. Manually added denotes those assets that were manually added by the user. Users can click on easy drop-down menus to filter between labels.

Asset Discovery: Scan Status

To the right of each domain is the Scan Status represented by B for Data Breach or D for Domain Discovery. Data Breaches refer to external scans on domains that were discovered on the Dark Web. Domain Discovery refers to subdomains, IPs, IP Blocks that were discovered and then mapped and populated as part of the attack surface.

For easy consumption, the colored rings around that Scan Status simply represent whether the asset has yet to be scanned (gray), the scan has been completed (green), or the scan has failed (red).

Asset Discovery: Vulnerability Count

Adjacent to Asset Labels you will see subdomain count, ASN or an autonomous system number which is a unique number that identifies a group of networks on the internet allowing routing control and sharing of information within the organization’s networks and Internet Service Providers or ISPs, and, to the right of this, Vulnerability Count – meaning the number of vulnerabilities automatically discovered on that domain.

Asset Discovery: Domain Details

Contextual details are available for all assets. By simply clicking on a domain, a screen will pop-up denoting all subdomains discovered within that domain. It will include the number of subdomains discovered, which of these were reachable, and the last update.

Asset Discovery: Domain Vulnerability Details

In addition to ASN vulnerabilities, the Vulnerability tab itemizes each vulnerability discovered showing the risk severity (from Critical to High, Low, Medium, and Informational), CVSS Score and last update. This will help users with vulnerability prioritization and remediation.

These details and data analytics are also available for subdomains, IPs, IP Blocks and Asset Groups listed within Asset Discovery.

Asset Discovery: Attack Path Mapping & Validation

One of the more innovative and useful features within the entire platform is Attack Path Validation & Mapping. This feature is truly revolutionary as it will provide a comprehensive, but simple and easy-to-navigate overview of the attack surface that helps in understanding the relationship between different entities like domains, subdomains, IP addresses, and vulnerabilities.

By clicking on the domain (red node) it opens all discovered subdomains, and the user can the view the IP addresses associated with a subdomain. All the vulnerabilities identified on the subdomain and IP address can be viewed and are categorized by risk.

Simply hover over the subdomain you wish to investigate, and you will see the IP addresses associated with that subdomain, the specific vulnerability and its severity. The user can click on the vulnerability to learn more, and each attack path view is the action available against each domain on the Asset Discovery page.

By showing the connections between different nodes (representing assets, vulnerabilities and attack steps), teams can see the broader context for each the vulnerabilities within the network allowing teams to focus on securing these high-risk points. It can identify the shortest or most likely path an attacker might take to reach valuable assets, helping prioritize defenses along these paths.

Asset Discovery: Run a Scan Live or Scheduled

Within this main Asset Discovery screen users can initiate a domain discovery and/or a data breach scan on a domain.

Asset Discovery: Scheduling a Scan

Users can select the domain and will have the option to execute either a Domain Discovery or Data Breach scan in real-time (live) or to schedule the scan. If the user decided to run a scheduled scan, a schedule will appear whereby you can designated the month, week, hour, and minute and the frequency – such as daily or weekly or monthly – that the user would like the scan to run.

Asset Discovery: Add Asset

ASM scans identify web and network assets specifically. However, users can add any asset they would like, such as an API, as discovery is not limited only to what BreachLock uncovers. So, if users would like to add an API or multiple APIs for scanning, they can do so.

Users can easily add an asset by clicking on the “Add Asset” box and a pop-up will appear. Simply select the domain from the drop-down menu and then select the asset type. Users can add another domain, subdomain, URL, IP, IoT device, a cloud or mobile asset, or users can select other by doing the same in the drop-down menu.

Once users have added an asset it will appear in Asset Discovery and users can then determine the scan frequency for this new asset and whether the user would like to run a live or scheduled scan by clicking on the new asset and hitting Run Scan.

Users can add as many additional assets that they would like as part of the attack surface discovery and scanning process. Please note that users should also review their subscription model for credit consumption as additional assets are added to ensure users have the credits needed and/or need to purchase more.

Asset Discovery: Export

The export button on the far right allows users to download a CSV file of all Asset Discovery and details for all domains.

Effective asset discovery, scanning, and continuous management of an organization’s assets are the cornerstone of robust security and IT governance. Asset Discovery provides users with visibility, risk reduction, and compliance, and provides insights into infrastructure for scaling operations securely and effectively.

Asset Discovery is not just a technical exercise; it is the foundation of a robust security posture. Whether performed manually or through automated solutions, identifying and understanding all assets provides visibility into your organization’s true attack surface. Without a complete and accurate inventory, vulnerabilities remain undetected, shadow IT proliferates, and security gaps widen—making your organization a prime target for cyber threats. Comprehensive Asset Discovery empowers security teams to take control, enabling informed decisions about risk prioritization, mitigation strategies, and proactive defense mechanisms.

Watch all demos of the BreachLock Unified Platform here.

Author

Ann Chesbrough

Vice President of Product Marketing, BreachLock