The Evolution of ASM Technology: 3 Distinct Phases

Expanding enterprise attack surfaces are steadily increasing the need for advanced attack surface management (ASM) solutions that accelerate not only the discovery of digital assets, but the prioritization of the exposures identified. Enterprise security leaders are also demanding consolidated solutions, pressuring stand-alone ASM vendors to improve their capabilities and expand their offerings.

That said, according to Gartner, ASM tools are evolving and will continue to do so with many security validation tools expected to be consolidated with other solutions in the coming years to better meet the increasing demand by enterprises for a continuous, comprehensive, and integrated approach to threat and exposure management. There are three ASM maturity phases.

This article will explore these phases and highlight some of the implications for enterprise cybersecurity.

Phase 1: Siloed ASM Tools and Services

Summary: ASM applications will be applied in a siloed and technical manner and used mostly to provide organizations with visibility into their assets and to prioritize the vulnerabilities associated with these assets.

Currently, organizations’ attack surfaces are expanding due to:

1. Increasing numbers of on-premises, cloud, cyber-physical, and personally owned assets and the increasing interconnections between them
2. Expanding supply chain ecosystems
3. M&A activities

The majority of the ASM market consists of independent vendors with a sharp market focus that drives their development of siloed solutions. According to Gartner, ASM solutions that are still in the siloed phase are mainly utilized by organizations to gain more visibility into digital assets and the potential risks they present. These solutions offer a minimal level of vulnerability prioritization, which is only enough to satisfy tactical or short-term needs around digital footprinting, vulnerability management, security compliance, supply chain risk management, and so on.

Phase 2: Advanced ASM Integrated into CTEM

Summary: ASM will be incorporated into continuous threat exposure management (CTEM) programs. These integrations will benefit multiple functions across the organization. This is likely to be a good practicality because organizations adopting a CTEM approach are predicted to realize a two-thirds reduction in breaches by as early as 2026.

Over the next five years, digital transformation initiatives will expand organizations’ attack surfaces. To help them better counteract risks, ASM will be integrated into CTEM programs and join the ranks of the innovative, forward-looking solutions that are already there. ASM capabilities will be integrated with or added to tools for vulnerability assessment, threat intelligence, automated pentesting, and breach and attack simulation to help create asset inventories, prioritize vulnerabilities, implement continuous exposure monitoring, and optimize exposure remediations and incident response.

These integrations will aid and support CTEM activities and thus enable organizations to:

1. Continuously evaluate the accessibility, exposures, and exploitability of digital assets
2. Continuously monitor, assess, and remediate security exposures as they evolve over time
3. Implement strategies to optimize security posture

Expanding IT infrastructures or increasing numbers of external environments and cyber-physical systems (CPS) introduce new risks and expand organizations’ attack surfaces, making such integrations very useful for organizations grappling with these challenges.

The demand for ASM will also increase in other markets. For example, cyberinsurance providers will utilize ASM to assess their clients’ risk exposure levels and may also offer ASM as part of the insurance package. Similarly, managed security services providers (MSSPs), and managed detection and response (MDR) vendors will demand ASM capabilities to expand their CTEM and security operations offerings.

Phase 3: Mature ASM Integrated with Cybersecurity Validation

Summary: In this final phase of ASM evolution, ASM will inform cybersecurity validation (CSV), allowing organizations to get an “outside-in” view (attacker’s perspective) of their attack surface and use this understanding to implement stronger security controls.

Gartner defines CSV as “the practice of validating how potential attackers would actually exploit an identified threat exposure, and how protection systems and processes would react.” 2 Simply put, it is the process of assessing and validating the effectiveness of your cybersecurity infrastructure against threats. Performing continuous security validation, independent of the type of tool and methodology, can help you understand your actual risk and prioritize the testing of digital assets for vulnerabilities against exposures.

In the third phase of the ASM evolution spectrum, ASM will be included in CSV tools to help organizations:

1. Improve their visibility into their digital presence, end-to-end attack routes, and how effectively existing security controls will detect and respond to attacks and more importantly,
2. Improve their understanding of the context around each asset: its discoverability, its attractiveness to attackers, and its ease of exploitation

These two key factors will allow organizations to better understand how attackers could exploit threat exposures and go beyond the attacker’s view and simply testing digital assets for common vulnerabilities and exposures (CVEs).

In this phase, certain integrations will take center stage, such as CSV tools like Penetration Testing as a Service (PTaaS) and automated tools. Additionally, more and more security service providers will leverage continuous CSV platforms to deliver pentesting and red teaming services to customers at a greater scale. The introduction of CSV platforms, which include tools like ASM, will also enable organizations to leverage managed security services to help benchmark attack techniques and improve their security controls.

BreachLock Attack Surface Discovery

BreachLock is most closely representative of a mature ASM solution provider, as we not only integrate ASM to inform more granular testing with pentesting and red teaming, but also support accelerated risk prioritization for remediation. ASM is a good starting point for pentesting, for example, by identifying exposed assets and critical attacker entry points across internal and external attack surfaces. This approach provides a roadmap for actual risk to support additional testing, significantly reducing the effort required to identify the assets to be tested and accelerating the security testing process.

BreachLock offers human-delivered, AI-powered, and automated solutions for attack surface management, penetration testing, and red teaming to accelerate the accuracy of vulnerability discovery, prioritization, and remediation across your entire security ecosystem. Collectively, these solutions help enterprises

To know how these solutions can reduce testing costs, improve testing accuracy, and improve your security readiness, schedule a free discovery call with our ASM experts.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing and Red Teaming.

Elevate your defense strategy with an attacker’s view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Know your risk. Contact BreachLock today!

References

Emerging Tech: Security — The Future of Attack Surface Management Supports Exposure Management

Gartner Identifies the Top Cybersecurity Trends for 2024