.jpg)
Congratulations – you’ve decided that you can no longer put external attack surface management on the back burner, and you’re on the hunt for a tool that’ll give you the heads-up about where your gaps and risks are.
This article will help you get the information you need about Microsoft Defender External Attack Surface Management (Defender EASM) and Glasstrail. After all, selecting a shortlist of tools can be time-consuming. Superficially, many external attack surface scanning tools appear to be similar when, in practice, they function differently.
For Cyber professionals and IT managers, making the wrong choice can be painfully expensive - not just licence costs but investment getting it set up. This is why it’s essential to make your first EASM purchase a well-informed one.
Given the risk that external attack surface vulnerabilities present to businesses, it’s important to consider what a tool scans for as well as how it works with your operations. Here we’ll break down this comparison between Defender and Glasstrail into three essential points of difference: Scan types, operations, and usability.
Where are the differences?
Scan types: How Microsoft Defender EASM and Glasstrail match up
Both Glasstrail and Defender scan for the common vulnerabilities as well as related issues like expiring SSL certificates. Both also build an inventory of the external assets you have – domains, IP addresses and websites. These are the basics that every external attack surface monitoring tool should cover.
An external attack surface monitoring tool like Glasstrail however, with broader vulnerability monitoring and asset discovery capability, can make a tremendous difference to the risk profile of a business.
Glasstrail’s vulnerability discovery covers extra scan areas not done by Defender EASM such as:
Breached email account and password checks
Email security checks – things like DMARC and SPF
DNS security checks
Exposed Google API key checks
Glasstrail also takes a broader approach to vulnerability discovery than Defender by scanning for similar domains and favicon reuse.
We’re seeing more and more bad actors use these tactics to trick people into trusting fake websites – and therefore, these need to be regularly monitored.
Defender EASM does have some dedicated CWE top 25 scanning though most of these CWE are either hard to detect from an external scan automatically (or reliably), or are already covered by the OWASP Top 10 scans and CVE scanning that Glasstrail does - so there is little real difference in this area.
Like Glasstrail, Defender also can inventory the tech stack, such as what libraries and CMS a website uses. But it doesn’t make this information easy to find.
For example, while Glasstrail will let you, “identify all my websites using React”, you can’t do this easily in Defender leaving the user to go into each review each one.
Day-to-day operations: How Microsoft Defender EASM and Glasstrail match up
When comparing external attack surface monitoring tools, we spend a lot of time thinking about information they should scan for, which, to be fair, is a pretty important consideration.
But operational features – the capabilities that allow you to work and remediate (or tolerate) the risks – are no less vital.
One of the major differentiators between Glasstrail and many competitors, like Defender, is that rather than offering a simple list of issues, Glasstrail gives you the full picture of your attack surface in a platform designed to help you monitor, track and report on their remediation.
The Glasstrail platform includes:
The ability to work and then close findings as remediated or tolerated.
Weekly summary emails that give you the big-picture results at a glance. This saves you from remembering to log into another platform to see what has changed.
Downloadable and shareable reports.
View of findings by priority over time is a handy chart demonstrating your commitment to remediation.
Webhooks and API support so you can pull your findings by severity into other remediation/monitoring and service desk tools.
Usability: How Microsoft Defender EASM and Glasstrail match up
Like any software, if it’s hard to use or lacks an intuitive interface, the software will struggle to be adopted successfully.
To make sure we’re super usable, we’ve included things like:
For each vulnerability, Glasstrail outlines the next steps for remediation. Users are not left thinking, “I know there’s a problem, but I have no idea how to fix it.” They know exactly what to do next.
The summary screen gives big-picture results in a simplified dashboard.
Reports and findings as easily shareable with quick share links.
Drill down into the specifics quickly without any lengthy delays wading through data that’s not relevant.
AI Analysis - Glasstrail includes an AI analysis of all findings per category. This is a plain language 'why should I care report' that tells users where to focus their attention and how attackers can combine multiple vunerabilities together to mount an attack.
While Defender has some of these features, like reports, they are less flexible and harder to work with. Overall, our product reviewer found the Defender user experience to be clunky with too many nested layers which made information hard to find.
Key takeaways
When you’re looking for an external attack surface monitoring tool, Glasstrail should be part of this consideration if:
A complete picture of your external attack surface is important, including breached email accounts, email security settings and similar domain names is important
Ability to work and close off items is important. This also relies on guidance on the next steps to remediate each vulnerability. Glasstrail is particularly useful if cyber security isn’t your full time role as it tells you exactly what to do next
Cost certainty is important. Glasstrail starts at $99/month. Defender pricing is based on a per-asset/month basis which is hard to predict cost for.
Want to see more? Get in touch or see what Glasstrail uncovers about your domain in our free 14 day trial.
