Service

Attack Surface
Management
& Exposure

You cannot defend what you cannot see. Citadel Africa's Attack Surface Management service continuously discovers, monitors, and prioritises every external-facing asset in your environment — alerting you to new exposures the moment they appear, not months later at your next annual pentest.

Start Your Assessment How It Works ↓

24/7 Continuous Scanning

<1hr New Exposure Alert

360° External Visibility

Attack Surface Monitor — citadelafrica.com Live Scan

247 Assets Found

14 Exposures

3 Critical

New staging.company.co.ke — open port 22 exposed publicly 2m ago

Changed api.company.co.ke — TLS cert expires in 6 days 14m ago

New dev-portal.company.co.ke — unintentionally public S3 bucket 1h ago

Resolved legacy-vpn.company.co.ke — CVE-2024-21887 patched 3h ago

Active scan: Subdomain enumeration 73%

Next full scan: 23 minutes · Last full scan: 6h ago

The Problem

Your Attack Surface Is Bigger Than You Think

Most organisations have a good picture of their primary infrastructure — the servers, applications, and network assets they actively manage. But the modern attack surface extends far beyond what your IT team tracks on a spreadsheet.

Shadow IT, forgotten subdomains, misconfigured cloud buckets, expired certificates, and third-party integrations all create exposure. Attackers use automated tools to scan for these weaknesses continuously — but most enterprises only review their external exposure once a year, at a penetration test.

ASM closes this gap. By continuously monitoring your external attack surface — the way attackers do — we alert you to new and changed exposures within hours, not months. You get the attacker's view of your organisation, updated in real time.

Shadow IT & Unknown Assets

Development servers, staging environments, and cloud resources spun up and forgotten — invisible to IT, visible to attackers scanning the internet.

Annual Pentests Leave 364-Day Gaps

A point-in-time penetration test tells you your exposure on one day per year. Everything that changes after that day is invisible until the next test.

Cloud Misconfiguration Drift

Cloud environments change daily — new buckets, new services, new permissions. Misconfigurations that expose data take hours to create and months to detect without continuous monitoring.

Third-Party & Supply Chain Risk

Your vendors, partners, and suppliers extend your attack surface. A compromise at a third party is a potential entry point into your environment.

Asset Discovery

Everything We Find That You Might Not Know Exists

Our discovery engine maps your complete external footprint — from domains and IPs to cloud assets, certificates, and technology fingerprints.

Domains & Subdomains

Comprehensive enumeration of all domains and subdomains associated with your organisation — including forgotten subdomains, newly registered lookalike domains, and typosquatting sites targeting your brand.

Subdomain enumeration DNS record mapping Lookalike domain detection Expired domain monitoring

IP Addresses & Open Ports

Discovery and continuous monitoring of all internet-facing IPs, open ports, and exposed services — identifying risky services like SSH, RDP, and database ports exposed to the public internet.

IP range mapping Open port detection Exposed service identification Geolocation tracking

Cloud Assets & Storage

Discovery of cloud infrastructure across AWS, Azure, and GCP — including publicly accessible storage buckets, misconfigured cloud services, and exposed cloud-native applications.

Public bucket detection Cloud service fingerprinting Misconfiguration identification IAM exposure analysis

SSL/TLS Certificates

Comprehensive certificate monitoring — tracking expiry dates, weak cipher suites, misconfigured certificates, and certificate transparency logs that reveal previously unknown assets.

Expiry monitoring Weak cipher detection CT log monitoring Certificate mismatches

Web Applications & APIs

Discovery and fingerprinting of all internet-facing web applications, admin panels, login portals, and API endpoints — including shadow applications deployed without IT's knowledge.

Application fingerprinting Admin panel detection API endpoint discovery CMS version detection

Leaked Credentials & Data

Monitoring of data breach databases, paste sites, and dark web sources for leaked employee credentials, API keys, and sensitive data associated with your organisation's domains.

Credential breach monitoring API key leak detection Source code exposure Dark web monitoring

The Process

Continuous, Automated, and Always On

Unlike a point-in-time pentest, ASM never stops. Our four-stage cycle runs continuously — ensuring your exposure picture is always current.

Stage 01

Asset Discovery

Automated enumeration of all external-facing assets — domains, IPs, cloud resources, certificates, and applications — using the same techniques attackers use to map your organisation.

Continuous

Stage 02

Exposure Analysis

Each discovered asset is analysed for vulnerabilities, misconfigurations, and exposures — with every finding mapped to a risk score, CVE where applicable, and exploitability rating.

Every 6 Hours

Stage 03

Change Detection & Alerting

Any new asset, new exposure, or change in your attack surface triggers an immediate alert — ranked by severity, with context on what changed and why it matters to your security posture.

Within 1 Hour

Stage 04

Remediation Guidance

Every alert comes with clear, actionable remediation steps. Our analysts are available to validate findings, provide context, and support your team through the remediation process.

Per Finding

Continuous Monitoring

What We Watch, Every Hour of Every Day

ASM is not a one-time exercise. Our platform continuously monitors every layer of your external attack surface — generating alerts the moment something changes or a new exposure appears.

New Subdomain & Asset Alerts

Immediate notification when a new external asset is discovered — developer environments, cloud services, or third-party integrations that expand your attack surface without IT's knowledge.

CVE & Vulnerability Mapping

When new CVEs are published, our platform immediately checks whether any of your external assets are running the affected software — alerting you before attackers can exploit the window.

Certificate Expiry & Configuration

Advance warning on expiring SSL/TLS certificates — preventing outages and the security gaps that expired certificates create. Plus alerts for weak cipher suites and certificate misconfigurations.

Credential & Data Leak Detection

Continuous monitoring of breach databases, paste sites, and dark web sources for your organisation's credentials and data — alerting you to leaks before attackers can use them.

Sample ASM Report Snapshot

External Attack Surface Summary

Total Assets Discovered

247 external assets

Critical Exposures

3 require immediate action

High Exposures

11 require attention this week

Shadow Cloud Assets

7 unmanaged cloud resources

Credential Leaks Detected

28 corporate credentials on dark web

Expiring Certificates

4 certs expiring within 30 days

Assets Fully Monitored

229 assets — no issues detected

What You Get

ASM Deliverables

Attack Surface Inventory

A complete, continuously updated inventory of all your external-facing assets — domains, IPs, applications, certificates, and cloud resources — with ownership and risk context for each.

Real-Time Exposure Alerts

Immediate notifications when new assets are discovered, existing assets change, or new exposures are identified — delivered within one hour of detection, ranked by severity.

Weekly Exposure Report

A weekly summary of all new findings, changes, and resolved exposures — with trend analysis showing whether your attack surface risk is improving or growing over time.

Remediation Guidance per Finding

Every exposure alert includes specific, actionable remediation steps — so your team knows exactly what to do, not just that a problem exists.

Credential & Dark Web Monitoring Alerts

Real-time alerts when your organisation's credentials, domains, or data appear on dark web markets, paste sites, or breach databases — before attackers can use them.

Quarterly Executive Summary

A board-ready quarterly report on your attack surface risk trend — showing risk trajectory, major findings, remediation progress, and a forward-looking risk assessment.

Why Citadel Africa

ASM Built for the Kenyan Environment

Tuned to the Kenyan Threat Landscape

Our ASM platform is calibrated to the attack techniques and threat actors active in Kenya — not generic global attack patterns. When we flag a risk, it is because real actors targeting your sector are actively exploiting it.

Intelligence-Enriched Findings

Every ASM finding is enriched with threat intelligence from our Threat Intelligence practice — so you know not just that an exposure exists, but whether any known threat actors are actively scanning for or exploiting that specific vulnerability.

Feeds Directly into Your Pentest

Your ASM findings directly inform your annual penetration testing scope — ensuring your pentest focuses on the assets and exposures that are genuinely at risk, not a predefined scope that may miss what matters most.

Get Started

See Your Attack Surface the Way Attackers Do

Start with a free external attack surface assessment. In 48 hours we will show you every internet-facing asset we can discover — and which of them represent an immediate risk to your organisation.

Start a Free Assessment View All Services

Attack SurfaceManagement& Exposure