Continuous Security

Attack Surface Management

Continuous discovery and monitoring of every internet-facing asset you own — including the ones you don't know about — with exposure alerts in Sentry.

Attack surface management is the practice of continuously discovering and monitoring all internet-facing assets belonging to an organisation — rather than relying on static inventories that become outdated as soon as new assets are provisioned.

Sentry ASM is Blackfoot's managed attack surface management service. It delivers continuous automated discovery of domains, subdomains, IP addresses, exposed services, and cloud assets, with all findings consolidated in the Sentry platform for real-time visibility, asset inventory management, and exposure alerting.

The service exists to eliminate the visibility gap between what an organisation believes is exposed to the internet and what is actually accessible to an attacker. Technology environments change constantly — new assets are provisioned, old ones are forgotten, and shadow IT expands without security oversight. Sentry ASM surfaces these assets and exposures as they emerge, enabling organisations to act before attackers exploit unknown or unmonitored assets.

What attack surface management covers

Asset discovery runs continuously from the seed assets you provide — primary domains, IP ranges, and cloud accounts — using both passive and active techniques, including certificate transparency log monitoring and DNS enumeration. Exposure monitoring watches for open ports, exposed services, SSL/TLS issues, misconfigurations, and unexpected changes, alerting you when something significant appears. Certificate monitoring tracks expiry dates, weak ciphers, and new certificates issued against your domains. Cloud asset enumeration finds internet-facing services in Azure, AWS, GCP, and Microsoft 365 that traditional inventories miss.

Tiers are sized by the number of seed assets — Starter, Standard, Pro, and Enterprise — so the service scales from a single domain to a large multi-brand estate.

Why Blackfoot

Blackfoot is CREST-accredited, and Sentry ASM is run by the same team behind our penetration testing and vulnerability management practices. Because everything lives in the Sentry platform, discovered assets can feed straight into Sentry CVM scanning and your pentest scoping — one platform, one picture of your external exposure.

What you get

Complete external asset inventory

Know exactly what is exposed, including assets you may not know exist.

Continuous monitoring

New assets and exposure changes detected in near-real-time, not at the next scheduled review.

No more unknown asset risk

Shadow IT, forgotten assets, and new cloud deployments discovered automatically.

Reduced attacker advantage

Surface new exposures before attackers discover them.

Feeds straight into scanning

Discovered assets integrate seamlessly with Sentry CVM vulnerability scanning.

Minimal operational burden

Blackfoot manages the discovery infrastructure and operations end to end.

How it works

  1. 01

    Onboarding

    Over weeks one to four we confirm your seed assets — primary domains, IP ranges, cloud accounts — configure discovery, and provision Sentry access. Onboarding concludes with your initial asset inventory and a guided walkthrough.

  2. 02

    Continuous discovery

    Discovery and monitoring run continuously, not on a schedule, expanding from your seed assets via certificate transparency monitoring, DNS enumeration, OSINT, port scanning, and service fingerprinting.

  3. 03

    Alerting in Sentry

    New assets and significant exposure changes appear in Sentry in near-real-time, with Blackfoot handling infrastructure, ingestion, and false-positive review.

  4. 04

    Review and refine

    A quarterly check-in reviews your inventory, tier fit, and any changes to your estate.

Frequently asked questions

Straight answers to what prospective clients ask us most.

What is the difference between Sentry ASM and Sentry CVM?

Sentry ASM discovers and monitors your external attack surface — it finds assets you may not know exist. Sentry CVM scans known assets for known vulnerabilities. ASM defines the scope; CVM scans within it. Together, they provide complete external security visibility.

How does Sentry ASM discover assets I don't know about?

Starting from seed assets you provide (primary domains, IP ranges, cloud accounts), Sentry ASM uses automated discovery techniques to identify related assets — subdomains, associated IP addresses, cloud-hosted services, and more. This includes passive techniques such as certificate transparency log monitoring and DNS enumeration.

Is Sentry ASM a replacement for penetration testing?

No. Sentry ASM identifies and monitors internet-facing assets and their exposures. It does not perform manual exploitation or validate the real-world impact of findings. Penetration testing provides expert-led depth at defined intervals; Sentry ASM provides continuous breadth coverage of the external attack surface.

Does Sentry ASM cover internal assets?

No — the service covers internet-facing assets only. For internal infrastructure visibility, Sentry CVM's internal scanning domain assesses patch status, CVEs, and misconfigurations from inside your network.

Ready to talk about attack surface management?

Get a fixed-scope quote, usually the same working day.