A company’s external attack surface is the collection of all publicly accessible digital assets that could potentially be exposed to cyber threats. Accurately identifying these assets is a critical foundation of Panorays’ Cyber Posture Assessment.
Panorays’ Asset Discovery capability automatically detects and maps this attack surface—starting from a single known asset and expanding outward—providing a comprehensive, accurate view of a company’s internet-facing presence.
🔎 Over 97% of assets in Panorays are detected automatically, making manual asset addition the exception rather than the rule.
🔍 What Is an “Asset” in Panorays?
In Panorays, an asset is an internet-facing resource that can be evaluated for security risk.
Supported asset types:
Asset Type | Examples | Definition |
DOMAIN | panorays.com, panorays.co.uk | Fully qualified first-level domain |
SUBDOMAIN | blog.panorays.com, level2.level1.panorays.com | Fully qualified subdomain (all levels) |
IP | 172.67.36.185 | Individual IP address |
IP_RANGE | 172.67.32.0/20 | IP range registered to the company |
ℹ️ Other elements (e.g., employees, credentials, cloud services, URLs) may be associated with a company but are not classified as assets for discovery purposes.
🧭 Where Discovery Begins: The Primary Domain
When a new company (such as a supplier) is added to Panorays, the user must define a primary domain—typically the company’s main website (e.g., panorays.com).
This primary domain acts as the starting point for all further asset discovery.
🔄 Discovery Methodology: How Panorays Finds Assets
Panorays uses multiple proprietary, non-intrusive discovery collectors to identify additional domains, subdomains, and IP addresses. Each newly discovered asset can then be used recursively to discover more assets—until the full attack surface is mapped.
Discovery techniques include:
🔁 Reverse IP – Identifying domains hosted on the same IP
🌐 DNS records – Mining DNS data for related assets
🔍 Public search engines (Google dorking) – Finding exposed assets
🔐 TLS certificate mining – Identifying domains sharing certificates
🔗 Web crawling – Discovering assets via hyperlinks
🧠 Additional proprietary methods (Panorays Intellectual Property)
✅ All discovery methods rely on public data sources or non-intrusive probes only.
🧠 Asset Affiliation: Preventing False Positives
Discovery can surface many potential assets—but not all of them necessarily belong to the company being assessed. To ensure accuracy, every asset passes through Panorays’ Affiliation Pipeline.
Affiliation signals include:
📄 WHOIS – Domain registrant details
🌍 DNS – Shared IPs and infrastructure
🔁 Redirects – HTTP redirection between domains
🔗 Web relationships – Cross-linking between sites
🧪 Additional proprietary affiliation checks
🧱 Domain Discovery Logic
Fixed Domains
Domains that always remain attached:
The primary domain
Domains manually added by users or evaluators
Domains verified by Panorays’ back office
Ignored Domains
Domains explicitly marked as not belonging to the company (often following disputes).
These domains will never be auto-attached again.
Auto Discovery Process
Starts from existing Fixed Domains
Runs in three iterative cycles
A domain is added only if:
It has at least two strong affiliation signals
It meets a predefined similarity threshold
🛑 Built-in safeguards
If more than 25% of discovered domains are new, discovery pauses for manual review
Domain relationships are re-evaluated on every assessment
Domains that no longer meet criteria are automatically removed
🧩 Subdomain Discovery
For every confirmed domain, Panorays automatically discovers subdomains using:
TLS certificate analysis
Reverse DNS lookups
Additional reconnaissance techniques…
✅ Once a parent domain is confirmed, all of its subdomains are automatically attributed—no affiliation model required.
Special cases:
Ambiguous ownership (e.g., looker.company.com) → handled via dispute
Subdomains without active IPs → removed from the company
Manually added subdomains → never auto-removed
🌐 IP & IP Range Discovery
Some organizations register IP ranges for internal or external use. Panorays identifies and attributes IP ranges using public registration data
⚠️ Disputing Asset Affiliation
The full discovered attack surface is visible to both:
Panorays evaluators
Assessed suppliers
If an asset is believed to be incorrectly attributed, users can submit a dispute directly from the platform.
All disputes are reviewed by a Panorays Cyber Analyst, ensuring transparency and accuracy.
📌 Summary
Panorays’ Asset Discovery is designed to be:
⚙️ Highly automated and scalable
🎯 Accurate, using intelligent affiliation modeling
🛡️ Protected against false positives, with built-in safeguards
✍️ Transparent and customizable, supporting manual review and disputes
Together, these capabilities ensure a precise and comprehensive view of a company’s external attack surface—directly improving the quality and trustworthiness of its Cyber Posture rating.