The modern digital attack surface is everything outside the firewall, a collection of far-flung, client-facing assets hackers can and will discover as they research their next threat campaigns.
The attack surface is global, living inventory of all exposed assets. Available for adversaries to compromise your brand, people, data & infrastructure.
1) Known Assets: Inventoried and managed assets such as your corporate website and servers and the dependencies running on them.
2) Unknown Assets: (Such as Shadow IT or Orphaned IT) Infrastructure stood up outside the purview of your security team such as forgotten websites.
3) Rogue Assets: Malicious infrastructure spun up by threat actors such as malware or a website or mobile app impersonating your brand.
When organizations manage their entire digital attack surface, they understand what they look like from the outside-in. This way, they can begin developing a strategy that allows them to discover everything associated with their organization on the internet, both legitimate and malicious, and shrink its digital attack surface down to size.