GrayScope

EXTERNAL ATTACK SURFACE MANAGEMENT

Solution

GraydScope discovers, inventories, and monitors an organization’s exposed digital footprint – including IPs, domains, services, and web applications – as seen from the outside world.

KEY FEATURES

Continuous discovery of assets via DNS, certificate transparency, and proprietary scanning
Mapping of IPs, domains, subdomains, and cloud services
Detection of shadow IT, forgotten infrastructure, and risky exposures
Passive risk assessment
Real-time exposure tracking with historical context
Fully passive and non-intrusive – no internal access required

STRATEGIC VALUE

EASM is the foundation of Graydaxe. It defines the real attack surface of an organization and serves as the basis for all other modules. The more precise the discovery, the more accurate the risk assessment – and the stronger the long-term engagement with the platform.

PLATFORM WALKTHROUGH

ADD primary search sources

Discovery starts by adding Primary Search Sources (PSS) like domains, IPs, or ASNs. GrayScope mimics attacker techniques to find and enrich exposed assets.

Primary Search Sources (PSS): domain, IP/IP range, ASN
Automated lookups across multiple internet sources
Initial asset inventory created within minutes
High discovery accuracy with complete external asset input from the organization

Initial discovery

Discovery starts by adding Primary Search Sources (PSS) like domains, IPs, or ASNs. GrayScope mimics attacker techniques to find and enrich exposed assets.

Initial discovery completes in ~ 5 minutes (faster than competitors)
Discovered assets appear immediately under the Assets section
Enables near real-time visibility into internet-facing infrastructure

validation

GrayScope verifies discovered assets to confirm ownership – reducing false positives, resource usage, and operational noise.

Discovered assets must be verified to confirm customer ownership
Only verified assets trigger the next discovery iteration
Avoids false positives, saves resources, and prevents legal violations in certain countries

aditional discovery

Verified assets trigger additional discovery based on MITRE ATT&CK framework to uncover related and hidden exposures.

Verified assets trigger axtended discovery
Uses DNS, ASN, WHOIS, CT log lookups, internet scan data
Iterative logic reveals hidden or related assets
Unique discovery logic based on MITRE ATT&CK techniques

risk assessment

GrayScope uses dynamic risk assessment based on real-world statistics like EPSS, CVSS, KEV, and active exploit data – recognizing that not every high severity is truly high risk.

Dynamical generation of risk entries for verified assets
Risks linked by category, and real-world exploitability
Prioritized through dynamically calculated Risk Level to guide response

risk details

Each risk entry in GrayScope provides actionable, real-world context to support fast and informed decisions.

Compact, structured view with essential risk metadata
Risk Level reflects dynamic scoring based on real-world threat data
Each entry includes context: affected service, exposure point, and timeline
Actionable mitigation steps provided for fast resolution decisions

continious monitoring & alerting

GrayScope continuously monitors your external attack surface and alerts you to new risks in real time.

Daily scans automatically detect changes in exposed assets
Optional scan jobs available hourly (additional costs based on usage)
On-demand scans can be triggered as needed (additional costs based on usage)
Alerts delivered via Email, Slack, MS Teams, or SIEM integration

iNTEGRATION IN TICKETING-SYSTEME

GrayScope integrates with ticketing systems to steamline remediation workflows.

Supports integration with platforms like Polarion, Jira, ServiceNow, and others
Automatically creates tickets for new or critical risk findings
Includes full risk context: asset, severity, description, and mitigation
Enables status syncing and escalation tracking across teams