Criminal IP ASM Reviews

Overall, Criminal IP ASM has been a solid addition to our security stack. It’s not flashy, but it’s dependable, and that matters more. We use it as a reference tool to sanity-check our external exposure and support internal security discussions. It’s especially useful for periodic reviews and leadership-level visibility, which makes it easy to justify keeping it in our workflow.

Criminal IP ASM is refreshingly straightforward. You log in, you see what’s exposed, and you immediately understand where the risks are. As someone responsible for security decisions but not too knowledgable about it, I appreciate how fast it gets to the point. Asset discovery works well, the data feels reliable, and it helps validate assumptions we already had while also catching things we missed.

Some parts of the interface feel very security-focused and could be simplified for non-security stakeholders. A bit more explanation or context in certain views would help when sharing results outside the core technical team.

Criminal IP ASM helps enterprise security, IT operations, and risk teams gain continuous visibility into their external attack surface, identify exposed assets, and prioritize remediation based on risk. It’s clearly designed to complement traditional vulnerability scanning and security tooling by delivering continuous, real-time insights into internet-facing exposures that attackers could exploit.

- Can automatically discover and inventory all internet-facing assets associated with an organization — including IPs, domains, cloud services, open ports, certificates, and other externally exposed infrastructure. This includes shadow IT and unknown assets that are often missed in asset inventories.
- Unlike periodic scanning approaches, Criminal IP ASM provides continuous monitoring of external assets against evolving threat data. Detected exposures and vulnerabilities are automatically scored (e.g., High/Medium/Low), helping security teams quickly identify and focus on critical risks.
- The findings add context to vulnerabilities, that possibly help teams understand not just what’s exposed but how vulnerable it is to specific attacks, enabling better decision-making.
- As a SaaS solution, it's quick to deploy, requiring minimal setup. This is especially valuable for large enterprises where fast onboarding and scalability are crucial.

- While Criminal IP ASM is effective for external attack surface monitoring, deeper integration with internal systems (like SIEM or CMDB) may require additional configuration. Teams should assess integration capabilities during evaluation.
- The tool primarily addresses external attack surfaces, which means internal vulnerabilities or deeper network issues still need to be managed separately with other tools.
- The platform’s effectiveness in scoring risk and identifying relevant threats relies heavily on the quality of its external threat intelligence. Enterprises should ensure they’re comfortable with the data sources used.

Overall, Criminal IP ASM is a powerful and well-designed attack surface management platform that offers deep visibility into an organization’s external exposure. It works especially well for security, threat-intelligence, and risk teams that already have some experience, while beginners may need a learning period to fully take advantage of everything the platform offers.

What I appreciated the most was the comprehensive nature of the platform. Criminal IP ASM offers an extensive perspective on the external attack surface, revealing assets that you might not even be aware of. The inclusion of threat intelligence, OSINT enrichment, screenshots, and metadata transforms the findings into tangible and actionable insights rather than mere theories. It’s evident that the platform has been designed with the mindset of a security professional in mind.

Because the platform is very feature-rich, it can feel overwhelming at the beginning. For users who are new to attack surface management or security tooling in general, it takes some time to understand how to interpret, prioritize, and act on all the information provided.

Overall, my experience has been very positive.
We use it in our quarterly meetings to quickly review that all of our products’ IPs and external assets are properly monitored and not exposing unnecessary risks.

As a CTO, what I value most is clarity and signal over noise, and Criminal IP ASM does a good job there.

It gives a clear picture of our external attack surface without overwhelming the team. Asset discovery is solid, risks are easy to understand, and the platform feels practical rather than academic.

It’s something you can check regularly and act on, not just generate reports that no one reads.

Some features take a bit of time to fully understand if you’re new to ASM tools, and a few dashboards could be more customizable depending on how different teams like to review data.