According to Frost & Sullivan, attack surface management (ASM) solutions sit loosely in the vulnerability management market, which is expected to become a $2.51 billion market by 2025 as organizations look for scalable solutions to secure their environments. However, too often with existing ASM platforms, security teams are drowning in a flood of ineffective tools that only provide internal visibility or limited views of owned assets. As a result, they struggle to discover, classify, prioritize, and manage external assets, which leaves them vulnerable to attack, and defending their organization proactively is a significant challenge.
To highlight such obstacles that security professionals are facing with their existing ASM solutions, Team Cymru surveyed 440 security practitioners in the U.S. and Europe. The findings aim to help senior security leaders better understand what needs to change for ASM to evolve and truly add value across the organization.
"This report offers cyber risk stakeholders a basis for making the changes necessary to improve their ASM program," said Rabbi Rob Thomas, CEO of Team Cymru. "For years, ASM has been a basic tool to discover hidden assets, and inventory them. This report demonstrates that this is no longer sufficient when faced with the growing risk of breach from external vulnerabilities, especially those posed by third parties."
Focusing on legacy ASM platforms, the report found:
- 21.1% felt they overpaid for their current ASM solution. Of the 48.5% that plan to stop working with their ASM vendor in the next 12 months, 21% cite the cost of operation and maintenance as the reason.
- 23.4% say the identification of rogue or unclassified events is the most valuable capability that ASM has provided their organization.
- 16.3% say that moving more data and assets to the cloud is the primary reason their attack surface is expanding.
- 21.5% indicate the training needed for analysts to use the platform is their primary challenge with their current ASM platform.
- Of those involved in deploying their current ASM solution, 23.2% said it took 6 to 9 months to get them up and running. For 18.5%, it took over a year.
- 29.7% said their top concerns were about the security aspects of data integration and how much access their current ASM platform had across the enterprise.
"Lack of integration, automation, and slow deployment of ASM tools costs organizations millions," said Brad LaPorte, former Gartner Analyst and creator of the ASM category. "Each hour that passes after an initial attack allows threat actors to extract more valuable data. Security teams of the future should not give up on ASM tools, but rather unify all ASM capabilities into a single solution. This would allow them to act faster, eliminating the need to transfer information from various platforms, and see the value in ASM capabilities that the market is lacking right now."
Team Cymru's Pure Signal™ Orbit was purpose-built to enable rapid deployment and identification of not only an organization's attack surface but also critical vulnerabilities. If you'd like to learn more about Orbit, please contact one of our experts here.
To download a full copy of the report, please visit: https://team-cymru.com/wp-content/uploads/2022/05/State-of-Attack-Surface-Management-Report.pdf
About Team Cymru
Since 2005, Team Cymru's mission has been to Save and Improve Human Lives by working with security teams around the world, enabling them to track and disrupt the most advanced bad actors and malevolent infrastructures. The company delivers comprehensive visibility into global cyber threats and is the key source of threat intelligence for many cyber security and threat intelligence vendors. Enterprise security teams rely on the Pure Signal™ platform to close detection gaps, accelerate incident response, and detect threats and vulnerabilities across entire enterprises and third-party ecosystems. Its Community Services division provides no-cost threat detection, alerting, DDoS mitigation, and threat intelligence to more than 140 CSIRT teams across 86+ countries. For more information, visit https://team-cymru.com/.
Source: Team Cymru