Sold by: Escape
Discover and validate exposure of modern apps, APIs, and AI services across your entire distributed engineering org in real time. From code to cloud.
Overview
Image
Asset discovery and inventory
Image
Shadow API discovery
Image
Automations and workflows
Legacy EASM finds hosts and ports. Your engineers ship APIs, SPAs, MCPs, and AI apps.
Escape Attack Surface Management maps your actual application layer. Every REST API, GraphQL endpoint, SPA, MCP, gRPC and SOAP service your engineers are shipping across your distributed org. If it's exposed, Escape finds it. Including the ones nobody filed a ticket for.
What you get with Escape ASM
-
Application-layer discovery, not just hosts and ports. Customers find 30% more attack surface on average from shadow APIs alone. The endpoint that shipped without a ticket, the staging service nobody took down, the MCP a developer prototyped and forgot. Agentless scanning plus native connectors map your full attack surface in under an hour.
-
Findings that route themselves to owners. Every asset is mapped to the team that built it, pulled from your repos. No more "who owns this?" Slack threads. Findings reach the right engineer with the asset context already attached. Security engineers save roughly 12 hours per month on triage and routing.
-
Proof of exploitability, not just inventory. There's a difference between a vulnerability that exists and one that can actually be exploited. Every asset comes with a code fix and a proof-of-exploit trace - the request sequence that demonstrates the issue is real and reachable. Engineers trust what was found and ship the fix.
-
Scales with your org, including M&A. Public API, CLI, custom reporting, programmable workflows. New acquisition, new product line, new team, every new asset is discovered, attributed, scanned, prioritized, and routed without anyone filing a ticket.
-
Multiplies your existing stack. Every discovered asset flows into Wiz with full application-layer context: owner, type, exposure level, associated risk. Your risk platform gets smarter. Manual asset hygiene drops.
Highlights
- Application-layer discovery, not ports and hosts Map every REST API, GraphQL endpoint, SPA, MCP, gRPC, and SOAP service your engineers are shipping. Find 30% more attack surface from shadow APIs alone.
- From asset to action in one hour. Agentless scans and native code-repo connectors map your full API attack surface in under an hour. Every asset routed to the team that built it, with proof of exploit attached.
- Built to scale with M&A and distributed orgs. Programmable via public API and CLI. New acquisitions, product lines, and teams onboarded automatically. Every asset flows into Wiz with full application-layer context.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Attack Surface Management: 250 assets, annual | AWS Marketplace offer. Continuous discovery and monitoring of up to 250 application-layer assets (REST APIs, GraphQL endpoints, SPAs, MCPs, gRPC and SOAP services, AI apps). Includes agentless discovery, code-owner mapping, proof-of-exploit, RBAC, integrations (Wiz, Jira, Slack), public API and CLI. For all other scenarios, request private offer instead. | $12,000.00 |
Vendor refund policy
Refunds are not generally provided for AWS Marketplace contract purchases. For billing disputes or service issues, contact support@escape.tech within 30 days of subscription start.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Support
Vendor support
Escape support is included with every subscription, you can always reach us at support@escape.tech . Customers get a dedicated Slack channel with the security engineering team, a named CSM for production deployments, and 24/5 support across business hours.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Thanks to evolving technologies, hackers, and other cyber criminals it has become easier than ever to find and exploit weaknesses in your organization’s defenses.
Escape is the only DAST that works with your modern stack and tests business logic instead of missing headers.
Designed from the ground up by Escape Technology, Sherpa is a simple-to-use cloud-resource management tool ideally suited to creative teams looking to leverage the power of AWS. Sherpa provides a unified, user-friendly platform that empowers businesses to maximize the potential of their AWS cloud investments while minimizing operational overhead.
Realize savings on your on-premise VMware deployment and transform your infrastructure at the same time at little to no cost. IO Connect Services evaluates your entire VMware implementation, its associated licensing, and infrastructure to develop your VMware to cloud migration, modernization, and transformation readiness roadmap. As an AWS Advanced Technology Partner, skilled in migration, integration and transformation IO Connect will perform a VMware Specific Migration Readiness (MRA), solidified in AWS best practices, delivering financial and technological recommendations in under two weeks for potential in-year savings upwards of 43%.
Realize near-immediate savings on your VMware on-premise implementation. IO Connect Services evaluates your entire VMware deployment its associated licensing, sizing, and infrastructure to identify key areas for cost optimization, license reduction and bloat removal. As an AWS Advanced Technology Partner, skilled in migration, integration and modernization IO Connect Services will perform a VMware Specific Optimization License Assessment (OLA), delivering financial and technological recommendations in under 3 weeks for potential in-year savings upwards of 43%.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.