See a 10-minute overview of the platform.


The Edgescan Platform

One Platform. Five Full-featured solutions.

Edgescan is an integrated cybersecurity platform that unifies five-full featured security solutions into one single combative platform.

Platform Workflow
I have been an Edgescan customer for over five years and continue to be impressed by the Edgescan team hitting all the notes so well: innovation, quality, integration, scale, cost customer support, responsiveness, and true partnership.

Fortune 1000 Global Media Corporation

Five integrated solutions.

Our External Attack Surface Management solution identifies security blind spots and maps all assets discovered in your global IT ecosystems. It continuously evaluates information in real-time as new assets are deployed, decommissioned or as a system changes. It uncovers all attack vectors that can be used to breach your most critical assets, including data exposures and misconfigurations.
You simply can’t secure what you can’t see.

Edgescan’s Risk-based Vulnerability Management (RBVM) solution reduces exposures by prioritizing remediation based on the level of risk posed to an organization by identifying, evaluating, and properly (re)configures the security of hybrid infrastructures. The RBVM solution is both pre-production and production safe providing ‘full stack’ coverage that includes web application, network layer (host/server) and API security testing.
Actionable risk-rated vulnerability intelligence helps security teams know where to focus first.

Edgescan’s Application Security Testing solution (AST) inspects every web application by scanning JavaScript frameworks, React, Angular, HTML5 AJAX and single page applications, it also accesses hosting infrastructure and cloud resources for exposures.
Legacy scanning solutions cannot provide the breadth and depth of an Edgescan assessment.

The Edgescan API Security Testing solution is easy to deploy and discovers, tests, and verifies APIs running in hosts across multi-cloud environments. It identifies known and rogue APIs on each host across your IP/CIDR ranges using patented, multi-layer, production safe API probing technology to discover shadow APIs and vulnerabilities.
Prioritized risk-rated results differentiates Edgescan from legacy scanning tools.

The Edgescan Penetration Testing as a Services (PTaaS) is a hybrid solution that combines the breadth of automation with the depth of human assessment, while integrated with advanced vulnerability management and analytics. Penetration testing can be used to assess web applications, APIs and network/cloud devices.
Where traditional penetration testing fails, Edgescan’s PTaaS excels.

Risk Prioritization with Verified Vulnerability Intelligence

The Edgescan platform delivers validated vulnerability data that is rated for severity using the Edgescan Validated Security Score (EVSS). In addition, the following risk-based data systems are used to prioritize risks: 

  • EPSS – Exploit Prediction Scoring System
  • CISA KEV – CISA Known Exploited Vulnerability Catalogue
  • CVSS – Common Vulnerability Scoring System

Edgescan Platform Differentiators

Unique hybrid solution

The Edgescan platform provides automated vulnerability intelligence with validation done by humans. Applications are assessed using the platform’s automated tools combined with human expertise and advanced cyber analytics. 

This approach is what differentiates us from scanning tools providing real and actionable results.

Proprietary vulnerability data lake 

All vulnerability information gleaned from any assessment or test is added to a growing collection of intelligence that is stored in our proprietary data lake and shared amongst the solutions. This data helps ensure accuracy speeding up remediation.

Our data accuracy is exemplified by our unique dataset being part of the Verizon Data Breach Report.

Verified vulnerabilities

Upon discovery vulnerability data is run through our proprietary analytics models to determine if the vulnerability is a true positive. If the confidence level falls below the threshold, the vulnerability is flagged for expert validation by an Edgescan security analyst.

Only real and actionable results are delivered eliminating the noise of false positives.

Unlimited and on demand vulnerability retesting 

Unlimited testing and retesting of discovered issues and you can retest as often as needed.

You can verify mitigation at no additional cost – providing complete peace of mind.

Full stack coverage across web applications, network layer (host/server) and APIs

Application examples

Web applications (authenticated and unauthenticated), API’s (JSON, XML, WSDL, YAML and Graph), microservice architecture, single page applications, mobile applications.

laptop connected to the internet icon for the pen testing service page

Network asset examples

Servers, routers, switches, firewalls, domain controllers, data center, desktops (any layer 2 and layer 3 devices), printers, cloud assets, container hostnames, IOT and anything that has an IP address which is visible to Edgescan. Single IP’s, hostnames, blocks, CIDR and IPV6 are all supported.


Edgescan Platform Snapshots