The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor.
As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s in their IT environment have a lot in common with the odd but fascinating star-nosed mole. This hamster-sized creature is totally blind and, without its peculiar nose, would be unable to forage and detect its most important asset: food. In fact, Guinness World Records recognized the star-nosed mole as the world’s fastest forager. In cybersecurity, “you can’t secure what you can’t see.” The star-nosed mole evolved to gain crucial insight into its external environment and protect itself from predators, without the benefit of vision. Let’s think of attack surface management as just that: the star-nose mole finding exposures and context that organizations would otherwise be blind about.
Attack surface management (ASM) is an evolving market that saw its fair share of M&A activity over the last several years. Security teams now look to ASM solutions to discover dangerous blind spots and their associated risks. Forrester defines ASM overall as:
The process of continuously discovering, identifying, inventorying, and assessing the exposures of an entity’s IT asset estate.
ASM includes the outside-in view of external attack surface management (EASM) and the deeply detailed, context-driven, inside-out views with cyber asset attack Surface management. Periphery and complementary products, some of which are integrated within ASM, include breach and attack simulation, attack path modeling, and vulnerability risk management (VRM).
Forrester defines external attack surface management as:
Tools or functionalities that continually scan for, discover, and enumerate internet-facing assets, establish the unique fingerprints of discovered assets, and identify exposures on both known and unknown assets.
What can you use EASM for? Through our research, we’ve identified these core EASM use cases:
- Asset discovery. Dynamically find unknown, internet-facing assets; complement on-premises asset discovery tools and processes
- Asset inventory management. Automate the capturing and refreshing of data representing the IT asset estate; identify asset ownership
- Vulnerability risk management. Enumerate internet-facing assets; inform VRM teams and tools of asset exposures for remediation
- Cloud security posture management. Discover incorrect or weak configurations of cloud assets; identify cloud policy violations and potential compliance risks
- Merger and acquisition due-diligence assistance. Discover and enumerate unknown internet-facing assets of acquisition target; assess the risk to determine next steps in due diligence
To learn more about how EASM functionalities map to top use cases, additional/extended use cases, and the 36 vendors in this category, please check out The External Attack Surface Management Landscape, Q1 2023.
Please schedule an inquiry with me if you’d like to understand more about ASM, best practices, and how you can best leverage it.