Glossary of digital security and external risk
Definitive definitions, FAQs and operational context for the disciplines that make up external digital risk intelligence: EASM, DRP, dark web monitoring, typosquatting and more. Maintained by the Kalir team.
What is EASM (External Attack Surface Management)?
EASM (External Attack Surface Management) is the discipline of discovering, inventorying and continuously monitoring all digital assets an organization exposes to the internet — domains, subdomains, IPs, certificates, code repositories and cloud services — in order to detect exposures, vulnerabilities and attack paths before adversaries can exploit them.
What is DRP (Digital Risk Protection)?
DRP (Digital Risk Protection) is the discipline of continuously monitoring digital threats that occur outside the corporate perimeter — dark web, underground forums, social media, Telegram, leak sites and media — to detect leaked credentials, brand impersonation, data leaks and executive mentions before they turn into incidents.
What is Dark Web Monitoring?
Dark Web Monitoring is the continuous, automated surveillance of forums, markets, leak sites and communication channels on the dark web (primarily Tor) and underground internet (Telegram, closed forums) to detect leaked credentials, stolen data, mentions of an organization and targeted threats — before they are exploited.
What is Typosquatting?
Typosquatting is the deliberate registration of domain names that mimic a legitimate brand through typographical errors, character substitutions or visual variations (homoglyphs), with the goal of deceiving users into entering credentials, downloading malware, falling victim to fraud or being redirected to illegitimate content.