The external attack surface refers to the externally visible endpoints hosted by any company. External scanning can be performed to identify the number of publicly-facing assets. CSM provides functionality to scan these external assets, and based on the scanning results, patching can be performed to address any identified vulnerabilities. The best part about Qualys CSAM is that it continuously pulls data. We can either install a cloud agent on all our machines or use IP wave scanning to identify the IP subnet. Qualys CSAM will identify any machine that spins up within that IT subnet during its scheduled scans. Once it finds a new machine within the subnet, it will register it as a new asset and populate it on the dashboard. Qualys CyberSecurity Asset Management was able to identify an additional 50 to 100 assets that were not part of our vulnerability management program. The key functionality of CSAM is a new feature update that Qualys releases periodically. It provides organizations and IT professionals with key metrics to understand how assets behave within their infrastructure, addressing the issue of unfamiliarity. CSAM focuses on efficacy, efficiency, and improved asset tracking. Better asset tracking enhances security posture, enabling timely patching and streamlining the entire vulnerability management lifecccccycle. Asset management is the first phase, and when asset tracking is simplified, the entire vulnerability management cycle becomes easier. When discussing additional risk factors, CSAM provides crucial insights into the nature of the host, including basic information like hostname, IP address, operating system, installed applications, initial discovery date by Qualys, and current online/offline status. Leveraging risk factors like initial discovery date and the presence of malicious or outdated applications allows for collaboration with patch management teams to assess machine compliance. Effective asset management lifecycle practices empower organizations to comprehensively address many risk factors. The True Risk Scoring was accurate. While false positives are always possible, they were minimal in Qualys, making it nearly perfect. I have leveraged active and passive sensors, such as Qualys Cloud Agent models, to gain better visibility into our assets. Qualys will send a probe whenever we have passive sensors and an established IP connection. This probing timeline indicates how frequently the network needs to be probed—for example, every 30 minutes. Based on the timeline, the sensor will probe the entire IP range and detect any new machines that appear, improving our visibility.