Glossary

Attack surface management is the overall processes and methods used to discover assets and map the attack surface, identify vulnerabilities and assess risk, prioritize vulnerabilities based on the risk level and likelihood of exploitation, and the remediation efforts to mitigate or eliminate attack surface risks. It also includes attack surface reduction measures. For example, if the asset discovery process identifies previously unknown assets that are no longer in use, eliminating these assets reduces the attack surface.