Attack Surface

An attack surface is the sum of all digital entry points an adversary could exploit in a target organization: exposed IP addresses, open ports, web applications, DNS records, subdomains, email servers, and more. In third-party cyber risk management, an organization's effective attack surface includes not just its own assets but those of every vendor with access to its systems or data.