Attack Surface Management

GigaOm Radar

Published April 2022

GigaOm - Security & Risk

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria.

The difficulties and challenges of rapid digital growth, cloud adoption, and sprawling public internet space create a bonanza of opportunities for attackers. Organizations are unable to accurately identify their rapidly changing attack surface and vulnerabilities. Compounding this problem is the lack of visibility into the risks presented by the dynamic nature of the attack surface. In response, attack surface management (ASM) provides value through continuous discovery and insight into an organization’s attack surface.

Before going further, it is important to define a few key concepts that allow us to better understand ASM. The “attack surface” includes all of your public-facing services, APIs, applications, IPs, domains, certificates, and infrastructure regardless of the host type (VM, container, bare metal) or location (on-premises or cloud). ASM takes the attack surface (“AS”) and builds a proper management process (“M”) around it. This includes automated asset discovery and tracking of asset details. Adding this “M” to the “AS” gives us ASM.

An organization’s attack surface is a dynamic object. It can change daily, if not more often. Tracking these changes in an automated fashion is key for an ASM solution. But simply knowing the entirety and composition of the attack surface is not sufficient. Enumerating the types of assets in your attack surface and the severity of those risks, then helping teams prioritize and remediate those risks efficiently, rounds out the value proposition that an ASM solution creates.