Capability architecture
SurfaceMap: context, validation and evidence.
This capability contributes to the same platform outcome: understanding realistic attacker exposure and proving what matters.
01Why it matters
- Security teams need to see exposure the way attackers approach it: by relationships and reachable services.
- Flat inventories hide which systems matter and which paths are emerging.
- A surface map becomes useful when it drives prioritisation and validation.
02ThreatCanary approach
- Visualise domains, IPs, services, cloud edges, certificates, technologies and API entry points.
- Cluster assets by relationship, ownership, technology, exposure and risk.
- Feed the graph with structured context that later testing can use.
03What it validates or reveals
- External attack surface structure.
- High-value exposed clusters.
- Exposure relationships that may support attack chaining.
04Evidence and outputs
- A clear explanation of the exposure, affected assets and likely attack path.
- Reproducible evidence suitable for analysts, developers and risk owners.
- Prioritisation based on exploitability, business impact, sensitive data and chainability.
- Owner, remediation and workflow context that can move into Jira, Slack, SIEM or reporting.
