ACD 2.0: Insights from the external attack surface management trials

blog post ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Download.9707f7cfb011873c42d284fb1469de73.svg) Download / Print article PDF ##### ShareCopied to clipboard ##### Share![Facebook](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.695a42932737575e03881b3dae4c729f.svg)##### Facebook![Linkedin](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.9c46437a494eb1e6c877fc3e1634aa99.svg)##### Linkedin![X](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/x-icon-black.8bab2404a5e5c1a0f3e748f82fdcb2e4.svg)##### X![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.594f762f40cab3b56f5f0248d0cb306a.svg)##### Copy LinkCopied to clipboard ##### Share![Facebook](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.695a42932737575e03881b3dae4c729f.svg)##### Facebook![Linkedin](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.9c46437a494eb1e6c877fc3e1634aa99.svg)##### Linkedin![X](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/x-icon-black.8bab2404a5e5c1a0f3e748f82fdcb2e4.svg)##### X![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.594f762f40cab3b56f5f0248d0cb306a.svg)##### Copy LinkACD 2.0: Insights from the external attack surface management trials====================================================================We publish the results of our ACD 2.0 external attack surface management (EASM) trials Ollie Whitehouse, Jonathon Ellison Invalid DateTime ![](https://www.ncsc.gov.uk/images/library/ACD2-cover3030.png?mpwidth=545&mlwidth=737&twidth=961&dwidth=618&dpr=1&width=800) We [updated you in January](active-cyber-defence-2-easm-update) about the first stage of the NCSC’s ACD2.0 experiments, thanking those who had taken part.We said we would report more fully, and today we publish an account of what we have learned.This experiment gave the NCSC many insights, including:* Providers were keen to collaborate with us, highlighting the industry’s commitment to advancing cyber defence through innovative solutions.* Getting organisations to take part in trials as customers was more challenging, underscoring the need to have a better understanding of the risk to their external attack surface and how EASM products can help manage this.* Users gain significant cyber security benefits from a range of EASM features, not just from specific risks and issues data. Notably, features providing improved visibility of digital footprint allowed defenders to commission work to protect or decommission assets previously unknown to security teams.* Automated discovery provides valuable visibility of an organisation’s digital footprint, which is essential for effective cyber defence.* Guidance on what constitutes a good EASM product and how organisations should select one is lacking, and would be welcomed by both provider and customer organisations.* The commercial market for EASM is thriving, offering quality services at various price points — and there is no one-size-fits-all solution.* A wide variety of loosely defined language is used to describe scanning activities, leading to confusion and concern among customers.* Cost remains a crucial factor for organisations when selecting tools and solutions — where budget is limited they need confidence they are choosing the right solution to meet their needs. The insights from our experiments highlight the importance of collaboration, clear communication, and authoritative guidance in the evolving field of attack surface management.The NCSC, as the UK’s National Technical Authority for cyber security, will look to address the identified gaps, and support organisations in making informed decisions about their cyber security strategies.By promoting a deeper understanding of EASM and its benefits, the NCSC will help UK organisations to enhance their cyber defences and navigate the complex landscape of digital threats. *** ** * ** ***Downloads———[![Report cover reading Active Cyber Defence 2.0 external attack surface management experiments](https://www.ncsc.gov.uk/images/library/acd 2 report cover.png?mpwidth=160&mlwidth=190&twidth=190&dwidth=160&dpr=1&width=800)* pdf* 923 KB#### ACTIVE CYBER DEFENCE 2.0 Attack surface management experimentsReport on the ACD2.0 external attack surface management trials](https://www.ncsc.gov.uk/files/Active-Cyber-Defence-2-ASM-experiment.pdf) Topics——[Active Cyber Defence](https://www.ncsc.gov.uk/section/advice-guidance/all-topics?topics=Active Cyber Defence)| ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Chevron_blue_up-CA.0731190020f3afd1faf8227c16c32bfd.svg) | Back to top | ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Download.9707f7cfb011873c42d284fb1469de73.svg) | Download / Print article PDF || ##### Share|| Copied to clipboard || ##### Share|| ![Facebook](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.695a42932737575e03881b3dae4c729f.svg)|| ##### Facebook|| ![Linkedin](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.9c46437a494eb1e6c877fc3e1634aa99.svg)|| ##### Linkedin|| ![X](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/x-icon-black.8bab2404a5e5c1a0f3e748f82fdcb2e4.svg)|| ##### X|| ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.594f762f40cab3b56f5f0248d0cb306a.svg)|| ##### Copy Link|| Copied to clipboard || ##### Share|| ![Facebook](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.695a42932737575e03881b3dae4c729f.svg)|| ##### Facebook|| ![Linkedin](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.9c46437a494eb1e6c877fc3e1634aa99.svg)|| ##### Linkedin|| ![X](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/x-icon-black.8bab2404a5e5c1a0f3e748f82fdcb2e4.svg)|| ##### X|| ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.594f762f40cab3b56f5f0248d0cb306a.svg)|| ##### Copy Link|| ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Blogger.34b9cc54e1e80c3f8282efbe1412c4d9.svg) || ##### Written By|| Ollie Whitehouse|| Chief Technology Officer (CTO), NCSC | ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Blogger.34b9cc54e1e80c3f8282efbe1412c4d9.svg) || ##### Written By|| Jonathon Ellison|| NCSC Director of National Resilience | * || ##### Published|| * 6 March 2025| *|| ##### Written For|| * [Cyber security professionals](/section/advice-guidance/cyber-security-professionals)| *|| ##### Part of blog|| * [Events and initiatives](/section/keep-up-to-date/ncsc-blog)| ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Blogger.34b9cc54e1e80c3f8282efbe1412c4d9.svg) || ##### Written By|| Ollie Whitehouse|| Chief Technology Officer (CTO), NCSC | ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Blogger.34b9cc54e1e80c3f8282efbe1412c4d9.svg) || ##### Written By|| Jonathon Ellison|| NCSC Director of National Resilience| * || ##### Published|| * 6 March 2025| *|| ##### Written For|| * [Cyber security professionals](/section/advice-guidance/cyber-security-professionals)| *|| ##### Part of blog|* [Events and initiatives](/section/keep-up-to-date/ncsc-blog) ![](https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Chevron_blue_up-CA.0731190020f3afd1faf8227c16c32bfd.svg) Back to top

Related Tags:
NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

Blog: NCSC Reports

Guidance and Blog-post

Clipboard Data

Associated Indicators:

Threat Intel Solutions

Search

Popular Posts

Carding tool abusing WooCommerce API downloaded 34K times on PyPI

OpenAI tests watermarking for ChatGPT-4o Image Generation model

Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION

Categories

Archives

Tags

Follow Us