Pen Test Partners Attack Surface Management (ASM) is a continuous, human-assisted service for discovering and monitoring an organization's external internet footprint against a defined baseline. The service operates across four stages: baseline setting, change assessment, action taking, and baseline resetting. **Baseline Options:** - Host Discovery: client-provided hosting ranges are scanned to enumerate hosts and services - Range Discovery: combines client-provided data with tooling and human expertise to uncover unknown ranges and systems - Attack Surface Assessment: uses open-source intelligence (OSINT) to identify the full attack surface, including dark web leaked credentials, PII, web vulnerabilities, mail weaknesses, unpatched/misconfigured systems, and exposed risky services (e.g., RDP) **Ongoing Monitoring:** Daily testing against the baseline detects new hosts or services. Monthly rolling vulnerability assessments identify new vulnerabilities, with manual review to determine remediation steps. **Action Options (on change detection):** - Automatic vulnerability assessment triggered by new host or service discovery - Manual penetration test commission (additional cost) - Web/web application discovery with AI-assisted complexity assessment to determine scan depth - Dark web monitoring for compromised credentials, exposed data, and breach indicators (included in higher-tier plans) **Baseline Management:** The baseline is reset after each assessment cycle so that only changes are flagged, reducing alert noise. The service is offered in multiple tiers (ASM, ASM+, ASM++) with varying levels of included features.