ASM helps prioritize risks | Pentest7

top cybersecurity companies

The market researchers from Forrester declare Attack Surface Management (ASM) to be a new trend. ASM is designed to provide increased transparency, time savings and the ability to prioritize risks.

Many security and IT teams are struggling to gain the much-needed visibility into an increasingly complex and distributed IT environment, as much of an organization’s assets are lost due to shadow IT, mergers and acquisitions, and activity, according to a recent Forrester study is unknown or undiscovered by third parties/partners. Without proper visibility, it is impossible for a technology company to achieve the desired state of Application and Infrastructure Dependency Mapping (AIDM). Also, undetected software admins cannot deploy critical patches to applications and systems.

Enter Attack Surface management

Forrester defines Attack Surface Management (ASM) as the “process of continuously detecting, identifying, inventorying, and assessing the threats to an organization’s IT assets.” The attack surface is more than what is accessible via the Internet. It’s all about the environment. It’s an opportunity to integrate external visibility of ASM tools and processes with internal security controls, Configuration Management Database (CMDB) and other asset and tracking and management platforms to fully map all connections and assets in an organization .

Where is the ASM market headed?

While several companies are offering ASM as a standalone solution, Forrester is increasingly seeing these standalone offerings being adopted by vendors that offer threat intelligence, vulnerability management, and detection and response. Market researchers believe that ASM will become a standard feature in these categories within the next 12 to 18 months. The Log4j vulnerability has taken care of that, as well as increasing the importance of open source software management and software bills of materials (SBOMs).

If your organization is to achieve the desired state of mapping application and infrastructure dependencies, aligning an ASM program toward greater visibility and therefore observability—and positioning it as a key contributor to that desired state—will become security, technical, and business leaders and teams in a way that vulnerability risk management and internal patching SLAs certainly never could. Indeed, an ASM program should be a merger or matrix organization that encompasses multiple stakeholders, including infrastructure and operations, application development and delivery, and security, risk, compliance, privacy, marketing, social media, and other functions.

Leave a Reply

Your email address will not be published.