Inventory of all digital presence
Starting from the root domain, CSURFACE maps academic portals, learning environments, departmental websites and exposed applications — including assets across multiple campuses and units.
EDUCATION
Educational institutions operate inherently open digital environments and custodiate sensitive student data. CSURFACE discovers, classifies, and continuously monitors the external attack surface of the sector — without compromising the culture of academic openness.
THE SECTOR CONTEXT
Education institutions coexist with a naturally extensive digital surface: academic portals, registration systems, virtual learning environments, research repositories, departmental websites, and projects published by professors and laboratories. Decentralized IT across campuses and departments, reflecting academic autonomy, disperses responsibility for what goes live.
The result is a fragmented inventory: classrooms that remained active, old event sites, platforms contracted by isolated units and multiple campuses with their own infrastructure. At the same time, much of the data entrusted involves children and adolescents, whose handling is subject to enhanced protection under the LGPD. The unconsolidated exposure without a unified view is exactly what an attacker exploits first.
HOW CSURFACE HELPS
The platform maps the external exposure of educational institutions from the attacker's perspective — without agents and without interfering with internal operations.
Starting from the root domain, CSURFACE maps academic portals, learning environments, departmental websites and exposed applications — including assets across multiple campuses and units.
The analysis is entirely external and does not affect internal operations. The institution gains visibility into the exposure without altering the open posture that sustains academic activity.
The order weighs observed active exploitation and how much the asset exposes student and research data — including children and adolescents, whose treatment under LGPD is subject to enhanced protection. Systems with personal data such as enrollment and student portals are prioritized.
Departments' and laboratories' published environments for each semester enter the surface as soon as they appear — without relying on manual registration.
| Asset | Type | Data |
|---|---|---|
| matricula.exemplo.edu.br | Enrollment system | minor data |
| portal-aluno.exemplo.edu.br | Student portal | sensitive data |
| campus2.exemplo.edu.brDecentralized IT | Campus environment | high risk |
| pesquisa.exemplo.edu.br | Research portal | public |
Enrollment and student portals — with a focus on LGPD-protected minor data — in a single inventory, even with decentralized IT across campuses.
FREQUENTLY ASKED QUESTIONS
No. The discovery is entirely external and does not interfere with internal operations or student and researcher access. The institution gains visibility of its exposure while maintaining its culture of openness.
Yes. The discovery consolidates assets from all campuses and units into a single inventory, including independently published environments by departments and labs.
Yes. Systems handling registration and portals dealing with children and adolescent data are identified and highlighted in the inventory, supporting enhanced protection as required by LGPD for such data and providing evidence of due diligence by the institution.
Enter your institution's domain and receive a preliminary analysis of external exposure. No card, no meeting required.
Receive preliminary analysis