Attack Surface Monitoring | 360TPRM

Attack Surface Monitoring (ASM) is the continuous inventory and monitoring of all externally visible and potentially vulnerable components of a supplier — their digital attack surface.

What belongs to a supplier's attack surface?

A supplier's external attack surface includes: all registered domains and subdomains, IP addresses and hosting infrastructure, open ports and exposed services, SSL/TLS certificates and their expiry dates, web applications and APIs, cloud services and S3 buckets, email security configuration (SPF, DKIM, DMARC) and software versions and known vulnerabilities (CVEs).

Vollständiges ASM ohne Aufwand

A supplier's external attack surface includes: all registered domains and subdom...

ASM as the foundation for TPRM risk assessments

Attack surface monitoring provides the objective, externally verifiable data basis for TPRM risk assessments. While questionnaires rely on self-reporting, ASM shows the actual security posture. NIS2 and DORA require risk-based assessments — ASM is the technical foundation.

360TPRM

360TPRM automates continuous monitoring for all suppliers in your portfolio.

FAQ

What does continuous monitoring mean in practice?+

Automated daily checks across 200+ external data points per supplier — no manual effort, instant alerts on risk changes.

Is this required by NIS2 and DORA?+

Yes — both NIS2 Art. 21 and DORA Art. 28 explicitly require continuous, risk-based monitoring of third parties.

Monitor attack surfaces

See in a 45-minute demo how 360TPRM specifically meets your requirements.

Request free demo →