Attack surface management
Unknown assets become risk when they are exposed, outdated or unowned. LuminaKite's ASM module reconciles passive discovery with controlled probing so teams can understand the external surface tied to verified domains.
Operational outcomes
ASM
- Discover related assets from CT, DNS and lightweight web evidence.
- Track asset changes over time instead of relying on one-off scans.
- Use ASM Normal on every plan, with cadence and capacity limits that scale by plan.
- Use ASM Plus on Business with allowlists, rate limits and scanning windows.
Core capabilities
How the module works
Start from verified domains
ASM runs from assets the organization has authorized, reducing noise and keeping scope explicit.
Discover related assets
Passive sources and light probes create an inventory of observed hosts, services and evidence.
Run controlled scans when allowed
ASM Plus applies plan policy, allowlists, rate limits and time windows before active scanning.
Review findings and changes
Teams prioritize new services, risky exposures and changes that need ownership or remediation.
Signals and evidence
Common use cases
Find untracked internet-facing assets
Identify hosts and services that were created outside the standard inventory workflow.
Review exposure after launches
Check whether a new product, region or infrastructure migration exposed unexpected services.
Support security operations
Give analysts evidence-backed findings instead of raw scanner output with little context.
Frequently asked questions
Is ASM Plus an uncontrolled internet scan?
No. ASM Plus is gated by plan, scope, allowlist, rate limit, concurrency and scanning-window controls.
What is the difference between ASM Normal and ASM Plus?
ASM Normal focuses on passive discovery and lightweight web probes. ASM Plus adds controlled active checks for top-risk services.
Which plans include ASM?
ASM Normal is included on every plan, with stricter cadence and capacity on Free. ASM Plus is designed for Business because active scanning needs stricter governance.
Does ASM replace a vulnerability scanner?
No. It provides external exposure inventory and evidence. It can complement vulnerability management by showing what should be assessed first.