See Your Attack Surface Before Attackers Do
Continuous external ASM and cloud-native iASM — subdomain discovery, IAM attack path visualization, and MITRE ATT&CK mapping. Know what you have, what's exposed, and how an attacker would chain it together.
- Cloud Platforms
- 3
- MITRE Techniques Mapped
- 200+
- Scan Interval
- Continuous
- Attack Path Graph
- Live
External & Internal Attack Surface — Both Covered
Most ASM tools only see what an attacker sees from the internet. CATAAM adds internal cloud visibility — because most breaches pivot through misconfigured cloud resources, not perimeter gaps.
External Attack Surface Management
CATAAM continuously monitors your external-facing infrastructure — everything an attacker sees before they touch your perimeter. New subdomains, misconfigured DNS records, and exposed services are detected and triaged automatically.
- Subdomain discovery via certificate transparency logs (crt.sh)
- DNS health checks — SPF, DMARC, DNSSEC, MX record validation
- Open port detection and service fingerprinting
- Exposed admin interfaces and unauthenticated endpoints
- TLS cipher strength and certificate expiry monitoring
- MITRE ATT&CK technique mapping for every finding
Internal Attack Surface Management (iASM)
iASM connects to your cloud providers and maps every internal resource, permission boundary, and lateral movement path. The attack graph makes complex cloud relationships immediately understandable to both security teams and executives.
- Cloud asset auto-discovery: AWS EC2, RDS, S3, Lambda, VPC
- Azure and GCP resource inventory and security posture
- IAM policy analysis — over-permissioned roles and privilege escalation paths
- Attack path visualization as interactive force-directed graph
- Automated security audit against CIS Benchmarks
- Untagged and shadow asset detection
From Connection to Attack Graph in Minutes
CATAAM starts mapping your attack surface the moment you connect your cloud accounts — no agents, no complex onboarding.
Connect cloud accounts in minutes
OAuth-based AWS, Azure, and GCP integrations. CATAAM uses read-only IAM roles — no credentials stored. Asset discovery begins immediately.
Discover your full attack surface
External discovery runs via certificate transparency logs and DNS probes. Internal discovery enumerates every cloud resource across all connected accounts.
Visualize attack paths
The interactive attack graph shows how an attacker could move from an external entry point through your cloud environment. Filter by tactic, asset type, or risk score.
Prioritize and remediate
Findings are ranked by attacker impact, not just CVSS score. Each finding includes the MITRE ATT&CK technique ID, CVE reference, and a specific remediation step.
Every Finding Mapped to MITRE ATT&CK
CATAAM automatically tags every ASM finding with the relevant MITRE ATT&CK technique — giving your team attacker-perspective prioritization, not just CVSS scores.
| Tactic | Technique ID | Technique | Sample Finding |
|---|---|---|---|
| Initial Access | T1190 | Exploit Public-Facing Application | Exposed admin panel on port 8080 |
| Reconnaissance | T1596 | Search Open Technical Databases | Subdomain enumerated via crt.sh |
| Credential Access | T1078 | Valid Accounts | IAM user with console access, no MFA |
| Privilege Escalation | T1548 | Abuse Elevation Control Mechanism | IAM policy allows iam:PassRole to lambda |
| Exfiltration | T1530 | Data from Cloud Storage | S3 bucket with public list access |
| Defense Evasion | T1562 | Impair Defenses | CloudTrail logging disabled in region |
Attack Surface Management — Frequently Asked Questions
- What is Attack Surface Management (ASM) and why does it matter?
- Attack Surface Management (ASM) is the continuous discovery, inventory, and security assessment of all assets reachable by potential attackers. Unlike point-in-time vulnerability scans, ASM operates continuously — because your attack surface changes every time you deploy a new service, add a DNS record, or grant a new IAM permission. CATAAM's ASM covers both your external perimeter (what attackers see from the internet) and your internal cloud environment (what attackers can reach once inside).
- What is Internal Attack Surface Management (iASM) and how does it differ from CSPM?
- Cloud Security Posture Management (CSPM) checks whether your cloud resources comply with security benchmarks — misconfigurations, policy violations, CIS Benchmark gaps. Internal Attack Surface Management (iASM) goes further: it maps attack paths between resources to show how an attacker could chain individual misconfigurations into a full compromise. Where CSPM says "this IAM role is over-permissioned," iASM says "this over-permissioned IAM role can be assumed by this Lambda function, which is triggered by this public S3 bucket — here's the full blast radius."
- How does CATAAM discover subdomains and external assets?
- CATAAM uses certificate transparency log monitoring via crt.sh — the same technique professional penetration testers use — to continuously discover all TLS certificates issued for your domain. Every new subdomain triggers automatic DNS health checks (SPF, DMARC, DNSSEC), port scans, service fingerprinting, and TLS cipher analysis. Results are compared against your known asset inventory to surface shadow IT and forgotten assets.
- How does CATAAM map ASM findings to MITRE ATT&CK?
- Every finding in CATAAM is automatically tagged with the relevant MITRE ATT&CK technique ID. For example, an exposed admin interface maps to T1190 (Exploit Public-Facing Application), while an IAM role with iam:PassRole maps to T1548 (Abuse Elevation Control Mechanism). The tactic category (Initial Access, Privilege Escalation, Exfiltration, etc.) is also displayed. This lets security teams prioritize fixes by attacker impact rather than CVSS score alone, and gives auditors evidence that controls address specific threat vectors.
- How does iASM feed into GRC compliance evidence?
- CATAAM's iASM and GRC modules are fully integrated. Asset inventory from iASM automatically populates your asset register for ISO 27001 A.8, SOC 2 CC6.1, and PCI-DSS Requirement 2. Attack path findings feed into risk assessments for ISO 27001 Clause 6.1 and HIPAA §164.308(a)(1). When you remediate an iASM finding, the evidence of remediation is automatically linked to the relevant compliance control — eliminating duplicate work.
- What cloud platforms does iASM support?
- CATAAM iASM currently supports AWS (EC2, RDS, S3, Lambda, IAM, CloudTrail, VPC, Security Groups), Microsoft Azure (VMs, storage, IAM, networking), and Google Cloud Platform (GCE, GCS, IAM). Multi-account and multi-region discovery is supported for all three providers. The attack graph visualizes cross-cloud attack paths when organisations run workloads across multiple providers.
Ready to Map Your Full Attack Surface?
100 free iASM credits on sign-up. No credit card required.