Perimeter unifies asset discovery, internet intelligence, attack surface mapping, threat correlation, API and AI exposure, supply-chain risk, dark-web monitoring, credential intelligence and brand protection — under one CTEM workflow.
Perimeter operationalises the full Continuous Threat Exposure Management lifecycle — turning unknown internet exposure into validated, owner-routed findings, continuously.
Continuous internet-wide discovery across domains, subdomains, IPs, cloud, apps, APIs, certificates, and public mentions. Forgotten and shadow assets included.
Crown-jewel context, business criticality, exploitability, and threat intelligence drive a single exposure score per asset. No more endless CVE lists.
Razor-focused rule chains (10–20 levels deep) confirm whether each finding is real, exploitable, and unique — before a human ever sees it.
Findings flow into dashboards, alerts, ticketing, and SOC workflows — tagged with asset owner, environment, severity, and SLA from the moment they're raised.
Each layer has a single, well-defined responsibility — discovery, ownership truth, contextual mapping, focused validation, AI consolidation, and supply-chain analysis. Together they take an asset from "unknown" to "actionable finding" with full traceability.
Continuously sweeps the internet to identify domains, subdomains, IPs, cloud assets, applications, exposed services, APIs, and other digital assets that may belong to the organisation. Discovers what you own — before an attacker does.
| Domains | Primary, parked, forgotten domains |
|---|---|
| Subdomains | Active, inactive, orphaned, shadow |
| IP Addresses | Public IPs, infra, cloud IPs |
| Cloud Assets | Cloud apps, storage exposure, SaaS |
| Web Apps | Portals, login panels, admin interfaces |
| APIs | Exposed, undocumented, public references |
| Certificates | SSL/TLS, SAN entries, expired certs |
| Internet Mentions | Repos, paste sites, forums, public sources |
The eight-stage Perimeter flow takes a discovered asset and walks it through ownership validation, contextual mapping, change detection, focused validation, AI consolidation, and supply-chain & threat correlation — ending with prioritised, actionable findings in dashboards and workflows.
Continuous internet-wide sweep. Eight discovery channels — domains, subdomains, IPs, cloud assets, web apps, APIs, certificates, internet mentions — feed candidate assets into validation.
discovered → pending_validationModern attack surfaces go far past domains and ports. Perimeter brings AI exposure management, API intelligence, agentic supply-chain analysis, and consent-based advanced testing under the same Registry and Surface Map.
Teams ship AI APIs, copilots, internal chatbots, automation agents and plugins faster than security can track. Perimeter monitors ten AI exposure categories alongside traditional surface risks.
Exposed AI apps, chatbots, APIs, internal AI tools
OpenAI, Azure OpenAI, Gemini, Claude, other API keys
Public references to AI tools used by the org
Exposed prompts, system instructions, guardrails
Public model configs, API routes, deployments
Unapproved AI tools used by employees or devs
Data entering external AI systems
Browser, IDE plugins, AI agents
Risky AI packages, models, datasets, deps
AuthN, authZ, abuse risks in AI apps
Perimeter studies the broader internet landscape around your organisation — where your name, domains, employees, applications, APIs, credentials, and sensitive data may appear — and brings the relevant signals into one place. No raw, noisy feeds.
Continuous monitoring of dark-web sources, Telegram, underground forums, paste sites, breach dumps and credential markets. Alerts within ~24 hours of detection.
| Leaked Credentials | Employee emails, passwords, accounts |
|---|---|
| Breach Mentions | Org name in breach dumps |
| Executive Mentions | Leadership in risky channels |
| Threat Actor Chatter | Discussions of the company |
| Data Dumps | Records, files, customer data |
Watches for misuse of identity, brand, domains, executives, products, and customer trust — phishing sites, lookalikes, social impersonation, and customer-targeted deception.
| Phishing Websites | Lookalike domains, fake portals |
|---|---|
| Social Impersonation | Fake support, executive accounts |
| Scam Campaigns | Targeting customers, partners |
| Logo & Name Abuse | Unauthorised use, counterfeit pages |
| Phishing Kits | Kits targeting brand or staff |
Continuous monitoring for credentials tied to your domains, employees, vendors and exposed systems. Act before attackers do.
| Employee Credentials | Passwords, accounts, sessions |
|---|---|
| Cloud Keys | AWS, Azure, GCP, SaaS |
| API Keys | Third-party + internal |
| Developer Secrets | GitHub tokens, CI/CD secrets |
| Historical Breaches | Re-used credentials matching |
Once intelligence is consolidated by Prism, Perimeter generates outputs for dashboards, reports, alerts, and workflows. Executive Summary, Asset Inventory, Attack Surface, Change, Risk, Dark Web, Brand Protection, API, AI Exposure, and Supply Chain reports — every finding tied back to the right asset.
Public admin panel, exposed storage, leaked key
Employee credentials in a fresh breach dump
Unknown subdomain or cloud asset appears
RDP, database, SSH, or admin service exposed
Fake domain targeting the brand
Provider key found in a public source
Malicious or high-risk package detected
Sensitive API discovered without proper control
Tell Perimeter how aggressively to assess each asset, which exposures are intentional, and what severity should reach your team. Surface Map respects approved state and stops alerting on known-good exposures — so the team focuses on real issues.
Daily, weekly, monthly, custom
Passive, standard, deep, consent-based
Known approved open ports
Include or exclude specific domains
Crown jewel, high, medium, low
Notify only on specific severity or change
Approved exposures with validity period
Owner, department, environment
Each SecureNexus module shares intelligence and shared context with Perimeter — so a discovery in CSPM, a vulnerability in VM, or a package risk in SOVA flows straight into your CTEM workflow without manual correlation.
Get answers to common questions about SecureNexus Perimeter.
Get a continuously updated view of your external exposure — across infrastructure, APIs, AI, supply chain, dark web, brand, and credentials — with validated, prioritised findings.