Attack Surface Management Tools Are Not Created Equal

Cortex Xpanse is charting a new course for attack surface management (ASM) at a time of historic rise in cyberattacks on internet-facing enterprise assets. Here’s what Gartner has to say about ASM products.

Identifying and managing an attack surface is no easy task for security teams. Dealing with multiple cloud vendors, an increasingly remote workforce, supply chain vendors, third-party partners, and numerous security flaws inherited through M&A is just another day in the life of a security analyst.

Adding to the complexity are assets available on-premises, in the cloud, or co-located. Attack surfaces are changing fast, making it essential to be able to find and remediate issues before they are discovered by threat actors.

However, not all attack surface management (ASM) solutions are created the same or provide value in the same ways. The 2022 Gartner® Innovation Insight for Attack Surface Management report aims to bring clarity to the market and the differences customers need to understand when evaluating ASM products.

In the report, the analysts recommend that businesses should invest in understanding their organization’s attack surface with an automated attack surface management (ASM) solution. According to the report, “Gartner estimates that less than 10% of organizations have adopted one or more [attack surface assessment] ASA technologies to address their attack surface. Many rely on partial or manual ASM processes to assess their assets and any associated exposure.” From our understanding, this means the vast majority rely on manual processes for asset management.

Given the speed at which attack surfaces change and grow, this is clearly untenable, but organizations must ensure the tools and services used should have the capabilities to address the most important use cases that apply to their business. Not all ASM is created the same.

Types of ASM Products

This research focuses on ASM and three main capabilities that support it:

  • External Attack Surface Management (EASM)
  • Cyber Asset Attack Surface Management (CAASM)
  • Digital Risk Protection Services (DRPS)

External Attack Surface Management (EASM):

EASM is the process and technology that identifies and manages threats discovered in internet-facing assets using independent external scans of an organization’s attack surface. This method of discovery can continuously monitor servers, public cloud instances, expired certificates, and third-party partner software code vulnerabilities on all internet-connected assets that could be exposed to adversaries. EASM excels at supporting security processes like vulnerability management, penetration testing, and threat hunting.

Cyber Asset Attack Surface Management (CAASM):

An emerging technology, CAASM can enable organizations to see all assets (internal and external) regardless of where they are located. However, because it relies on API integrations with existing tools, visibility can be limited by existing inventory data and the value of CAASM is primarily in keeping track of internal assets only.

Digital Risk Protection Services (DRPS):

DRPS is a managed service that provides visibility into open source assets, such as social media and deep web sources. This means it will primarily be useful for performing risk assessments and brand protection, but it will not be able to provide an inventory of assets managed by your organization.

Choosing the Right ASM

Looking at the strengths and weaknesses of each solution, it becomes clear that organizations looking to boost overall security operations likely want to choose EASM as the main piece of an ASM program. EASM is the only option that provides a true source of record of all internet-connected assets to help in performing vulnerability management, penetration testing, cloud security and governance, and assessing the security of subsidiaries and third-party partners.

CAASM relies on other, already deployed, technologies and cannot provide a source of record, where EASM uses independent scanning to find both known and unknown assets.

Gartner also specifically notes that many attack surface tools are provided by small vendors. This means organizations should be wary of investing because those vendors may be targets for mergers and acquisitions. And, technical limitations, including reliance on or limited availability of APIs or blind-spots in scanning, can hinder the accuracy of results.

The recommendations from the report match closely with the key EASM features offered by Cortex Xpanse. Providing an outside-in view of attack surfaces, Xpanse independently and continuously scans the global internet to discover assets and exposures that were previously unknown. It also provides easy operationalizing of findings through two-way APIs and integrations with automation platforms like Cortex XSOAR.

The ASM Path Ahead

In the report, Gartner says that “By 2026, 20% of companies will have more than 95% visibility of all their assets, which will be prioritized by risk and control coverage by implementing cyber asset attack surface management functionality, up from less than 1% in 2022.”

Xpanse ensures that you can be one of those organizations. GigaOM Radar rated Xpanse as the highest value attack surface management product on the market, not only outperforming the competition, but out-innovating as well.

Xpanse is easy to integrate with Cortex XSOAR and Palo Alto Networks’ broader portfolio to create stronger security workflows that secure unknown risks on your attack surface.

A strong security posture involves strengthening security hygiene and increasing visibility. To learn more about attack surface management, please read the report. If you are ready to implement an ASM program, check out ESG’s ASM Buyer’s Guide.

Gartner, Innovation Insight for Attack Surface Management, Mitchell Schneider, John Watts, Pete Shoard, May 24, 2022

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.