Belgium
Denmark
Finland
Germany
Malaysia
Netherlands
Norway
Poland
Sweden
UK
You have probably heard of it. Maybe you’re already using it. Attack Surface Management (ASM) and External Attack Surface Management (EASM) are popular cyber security solutions. Many companies that used to market their products have today changed their focus to ASM. In this article, we will touch on the background of ASM and whether it’s here to stay. We will also discuss the relationship between ASM and vulnerability management.
ASM - just a hype or a long-lasting defense technology?
Some cyber security products come and go. Some never bring value to the user or customer while others provide lasting value. For example, Gartner recently announced SOAR as “obsolete,” while vulnerability management was introduced in around 2000 and is still one of the most established technologies for strengthening cyber defense.
But what about ASM? Well, ASM is here to stay. Why? Because ASM is a natural part of the information and cyber security workflow. ASM helps you understand what to protect, and you can’t protect what you don’t know about. This creates a natural and obvious area of use, which is the best foundation for a long-lasting and value-bringing cyber defense.
Hype cycle for security operations
In 2023, Gartner put EASM in the “Innovation Trigger” phase, but it will definitely stay there for a long time.
What is ASM?
ASM is a cyber security practice that focuses on identifying, monitoring, and managing an organization's entire attack surface to reduce the risk of security breaches. The attack surface includes all digital assets, both internal and internet-facing.
The difference between ASM & EASM
ASM provides a holistic approach by addressing internal and external assets, while EASM focuses solely on internet-facing assets, such as web and domain assets, and managing shadow IT risks.
What about ASM & vulnerability management?
So how does ASM relate to vulnerability management? It’s simple: ASM is an integral part of vulnerability management, as it has always been.
Asset discovery has been an essential component of vulnerability management since its beginning. This technology automatically identifies assets within a network, both local and internet-facing. Some vulnerability management platforms have added capabilities to identify other asset types, such as web and domain assets.
Other platforms automatically include discovered assets in vulnerability assessments, automating the process of not only identifying assets but also finding vulnerabilities in these assets.
This creates a complete and automated workflow from asset discovery to finding vulnerabilities in these assets.
Summary
ASM and EASM are cyber security practices that focus on identifying, monitoring, and managing an organization's entire attack surface to reduce the risk of security breaches. ASM is an integrated component of vulnerability management, creating a powerful, efficient, and affordable cyber security practice that helps meet modern threats by reducing the attack surface and finding vulnerabilities – before cybercriminals exploit them.
Get started with ASM today!
ASM and EASM are integrated into our platform. Reach out, and we will tell you more! If you’re already a customer, read about ASM in our Knowledge Base.
Contact your primary contact or send an email to sales@holmsecurity.com.
