Continuous Security
Continuous discovery and monitoring of every internet-facing asset you own — including the ones you don't know about — with exposure alerts in Sentry.
Attack surface management is the practice of continuously discovering and monitoring all internet-facing assets belonging to an organisation — rather than relying on static inventories that become outdated as soon as new assets are provisioned.
Sentry ASM is Blackfoot's managed attack surface management service. It delivers continuous automated discovery of domains, subdomains, IP addresses, exposed services, and cloud assets, with all findings consolidated in the Sentry platform for real-time visibility, asset inventory management, and exposure alerting.
The service exists to eliminate the visibility gap between what an organisation believes is exposed to the internet and what is actually accessible to an attacker. Technology environments change constantly — new assets are provisioned, old ones are forgotten, and shadow IT expands without security oversight. Sentry ASM surfaces these assets and exposures as they emerge, enabling organisations to act before attackers exploit unknown or unmonitored assets.
Asset discovery runs continuously from the seed assets you provide — primary domains, IP ranges, and cloud accounts — using both passive and active techniques, including certificate transparency log monitoring and DNS enumeration. Exposure monitoring watches for open ports, exposed services, SSL/TLS issues, misconfigurations, and unexpected changes, alerting you when something significant appears. Certificate monitoring tracks expiry dates, weak ciphers, and new certificates issued against your domains. Cloud asset enumeration finds internet-facing services in Azure, AWS, GCP, and Microsoft 365 that traditional inventories miss.
Tiers are sized by the number of seed assets — Starter, Standard, Pro, and Enterprise — so the service scales from a single domain to a large multi-brand estate.
Blackfoot is CREST-accredited, and Sentry ASM is run by the same team behind our penetration testing and vulnerability management practices. Because everything lives in the Sentry platform, discovered assets can feed straight into Sentry CVM scanning and your pentest scoping — one platform, one picture of your external exposure.
Know exactly what is exposed, including assets you may not know exist.
New assets and exposure changes detected in near-real-time, not at the next scheduled review.
Shadow IT, forgotten assets, and new cloud deployments discovered automatically.
Surface new exposures before attackers discover them.
Discovered assets integrate seamlessly with Sentry CVM vulnerability scanning.
Blackfoot manages the discovery infrastructure and operations end to end.
Over weeks one to four we confirm your seed assets — primary domains, IP ranges, cloud accounts — configure discovery, and provision Sentry access. Onboarding concludes with your initial asset inventory and a guided walkthrough.
Discovery and monitoring run continuously, not on a schedule, expanding from your seed assets via certificate transparency monitoring, DNS enumeration, OSINT, port scanning, and service fingerprinting.
New assets and significant exposure changes appear in Sentry in near-real-time, with Blackfoot handling infrastructure, ingestion, and false-positive review.
A quarterly check-in reviews your inventory, tier fit, and any changes to your estate.
Straight answers to what prospective clients ask us most.
Sentry ASM discovers and monitors your external attack surface — it finds assets you may not know exist. Sentry CVM scans known assets for known vulnerabilities. ASM defines the scope; CVM scans within it. Together, they provide complete external security visibility.
Starting from seed assets you provide (primary domains, IP ranges, cloud accounts), Sentry ASM uses automated discovery techniques to identify related assets — subdomains, associated IP addresses, cloud-hosted services, and more. This includes passive techniques such as certificate transparency log monitoring and DNS enumeration.
No. Sentry ASM identifies and monitors internet-facing assets and their exposures. It does not perform manual exploitation or validate the real-world impact of findings. Penetration testing provides expert-led depth at defined intervals; Sentry ASM provides continuous breadth coverage of the external attack surface.
No — the service covers internet-facing assets only. For internal infrastructure visibility, Sentry CVM's internal scanning domain assesses patch status, CVEs, and misconfigurations from inside your network.
Get a fixed-scope quote, usually the same working day.