Synack Attack Surface Discovery

Synack Attack Surface Discovery (ASD) is an external attack surface management solution integrated within the Synack Platform. The product continuously discovers and monitors internet-facing assets including IPv4 hosts, web applications, and FQDN assets. ASD provides self-service asset discovery capabilities where users can add assets such as domains or IPv4 hosts to groups and launch scans. The discovery engine runs continuously to identify new assets and changes to existing assets. Discovered assets are presented in a centralized dashboard where security teams can confirm or reject assets individually or in bulk. The solution includes asset fingerprinting and inventory capabilities through Asset Insights, which provides detailed information about external host assets. Confirmed assets display SmartScan suspected vulnerabilities, while assets under active testing show exploitable vulnerabilities identified by the Synack Red Team (SRT). ASD offers role-based access controls (RBAC) to manage permissions for different groups of assets, enabling visibility into external asset inventories of subsidiaries, acquisitions, teams, or suppliers through passive scanning. The platform integrates asset discovery with on-demand penetration testing services, vulnerability management, and API access. The asset dashboard provides filtering capabilities by seed group or assessment, displaying discovered assets, top vulnerable assets, top CISA CVEs, and recently added assets in a single interface.