Inside-out meets outside-in: the complete threat picture
Every organisation is looked at from two directions at once. From the inside, you see what you run and how it's configured. From the outside, an attacker sees only what's exposed — and starts there. Most tools show you one view or the other. Real risk lives in the gap between them.
Two views of the same estate
Security visibility has two halves. The inside-out view is everything you can see because you own the systems: which software is installed, which devices are unpatched, how your Microsoft tenant is configured, what your posture score says. The outside-in view is what anyone on the internet can see without any access at all: which hosts you expose, which ports answer, whether your email can be spoofed, which look-alike domains are impersonating your brand.
Attackers only ever start with the second view. Defenders usually only have the first. Closing that gap — and, crucially, connecting the two — is where a genuine reduction in risk comes from.
What ClearVisibility already gave you (inside-out)
ClearVisibility doesn’t treat security as a separate scanning project. Because it already reconciles a trustworthy inventory of every device, user, application and licence, it turns your posture into prioritised recommendations against real assets and their owners:
- CVE exposure — known vulnerabilities matched to the software actually installed, and the devices running it.
- Microsoft Secure Score & Defender — recommended actions and vulnerability signals, surfaced against the assets they relate to.
- Azure & Microsoft 365 posture — advisor and tenant recommendations reconciled into the same source of truth.
All of it lands in one recommendations engine, ranked by exposure and reach, and routed to owners as accountable tasks — not left flagged in a dashboard nobody actions.
What’s new: the external attack-surface scanner (outside-in)
Historically the external view — what an attacker can discover about you — was the one thing ClearVisibility didn’t generate itself; it came from a paid, generic third-party feed that refreshed rarely. We’ve now built our own. It’s an in-house, multi-source external attack-surface scanner that runs on a schedule and writes straight into the same recommendations engine, so internal and external findings finally sit side by side.
Passively — using only public data, with no scanning of your systems and no authorisation required — it surfaces:
- Your real attack surface. Every host the internet can see for your domains, discovered from public certificate-transparency logs — including the forgotten and shadow ones you’d stopped tracking.
- Exposed services and known CVEs. Open ports and internet-facing services, with any publicly-known vulnerabilities against them.
- Email spoofing gaps. SPF, DMARC, DKIM, MTA-STS, DNSSEC and CAA — the records that decide whether an attacker can send mail as you.
- Look-alike domains. Registered typosquats and near-misses that could be used to phish your staff and customers.
- Subdomain-takeover risk. Dangling DNS records pointing at services someone else could claim.
- Unprotected and ageing edges. Hosts sitting directly on the origin with no WAF in front, and TLS certificates that are weak or about to expire.
Where you want to go deeper, an authorised, scoped active scan adds web-exposure checks — exposed configuration, secrets and misconfigurations — and direct port and service testing. That’s effectively penetration-testing activity, so it only ever runs against domains you’ve explicitly authorised, and stays off by default.
Why building it in changes the answer
A standalone scanner finds exposures but works blind — it can list a finding, but it can’t tell you whose it is or whether it matters. Because ClearVisibility already holds the inventory, the external findings become actionable:
- Attribution. “Port open on host X” becomes “asset A, owned by team B, running that service” — a finding with an owner, not an orphan.
- Shadow-IT detection. An exposed host that isn’t in your inventory is exactly what you most want to know about: something internet-facing that nobody is managing.
- Inside-out ✕ outside-in correlation. The sharpest signal of all — a service that is externally exposed and internally unpatched to the same CVE. Neither view shows that on its own; together they light up the risks worth fixing first.
- Prioritisation by business context. An exposure on a critical production system outranks the same exposure on a test box — because ClearVisibility knows which is which.
- Closing the loop. Every external finding becomes a task routed to the owner and tracked to closure, then re-checked — the same remediation path as your internal recommendations.
Detection is the commodity half of security — plenty of tools can list what’s exposed. The valuable half is context: whose it is, whether it’s also unpatched, how much it matters, and getting it fixed. That context is exactly what an accurate inventory provides.
See it for yourself
The passive, outside-in view is genuinely something anyone can run in seconds — so we’ve made a slice of it public. Enter your domain into the free exposure check and see what an attacker can already discover: your email-spoofing posture, exposed services, certificate health and more, graded and explained in plain English.
Then imagine that same picture refreshed on a schedule, mapped to the assets and owners you already hold, correlated with your internal posture, and turned into tasks that actually close. That’s the complete threat picture ClearVisibility now gives you — from both directions at once.
What does a hacker already know about you?
Run the free, passive exposure check on your own domain — no sign-up, results in seconds.
Check my exposureSee it on an estate like yours
A 30-minute demo shows ClearVisibility doing this on data that looks like yours.
Book a demo