Entryscope is a Software-as-a-Service (SaaS) platform designed to support External Attack Surface Management (EASM). The Service provides continuous data analysis, monitoring, and security insights to help Clients identify, assess, and mitigate risks associated with their publicly exposed digital assets. Entryscope collects and processes data primarily through passive intelligence-gathering methods and, where explicitly enabled by the Client, through active assessment techniques.
2. Service Modules
2.1. Discovery Module
The Discovery Module performs analysis of Client-designated domains and related assets to identify potential security exposures. Core functionalities include:
Analysis of apex (parent) domains.
Subdomain enumeration and mapping.
Suggestions of potentially related apex domains (including those relevant to shadow IT).
Analysis of associated IP addresses.
Continuous monitoring of public sources (including known data breaches, credential dumps, and infrastructure leaks) for exposed credentials linked to Client domains, subdomains, and employee corporate email addresses.
Note: Data is obtained from publicly available or restricted-access sources using passive collection methods. As such, certain delays or inaccuracies may occur.
2.2. Monitoring Module
The Monitoring Module provides active analysis of Client-designated external assets to assess security posture. Core functionalities include:
Network port scanning of specified IP addresses and ranges to identify accessible services and firewall exposure.
Vulnerability scanning of identified services using commercial and proprietary tools, supplemented by threat intelligence feeds.
Presentation of findings in a consolidated dashboard, with vulnerabilities categorized by risk level and accompanied by recommended mitigation measures.
Note: This module actively interacts with Client resources. The Client is responsible for ensuring that all necessary authorizations, notifications, and preparations are in place prior to enabling such scans.
3. Service Scope
Entryscope services are limited to the modules, domains, IP addresses, and scanning parameters as defined in the applicable Service Order or Subscription/Services Agreement.
Entryscope does not penetration testing activities unless separately agreed in writing.
The Service provides information and recommendations for risk management purposes. Responsibility for remediation and implementation of security measures rests with the Client.
4. Limitations
Entryscope relies on external, publicly available, and third-party data sources; the accuracy, completeness, and timeliness of such data cannot be fully guaranteed.
Passive collection may result in occasional delays or incomplete visibility into certain exposures.
Active scanning may be subject to network conditions, Client infrastructure configurations, and external factors outside Entryscope's control.
5. Deliverables
Clients receive access to the Entryscope platform, including dashboards and alerts generated through the subscribed modules. Data is presented in an aggregated and structured manner to support timely decision-making regarding external security risks.
6. Client Responsibilities
Designate the domains, subdomains, IP addresses, and ranges to be monitored.
Obtain and maintain all necessary authorizations for active scanning and monitoring.
Ensure that organizational processes are in place for receiving, reviewing, and acting upon findings provided by Entryscope.
7. Exclusions
Unless explicitly agreed, the Service does not include: