GigaOm Radar for Attack Surface Management (ASM)v3.0

1. Executive Summary

The difficulties and challenges presented by rapid digital growth, cloud adoption, and the sprawling public internet protocol (IP) space leave organizations unable to accurately identify their rapidly changing attack surface, creating a wealth of opportunities for online attackers. Compounding this problem is the lack of visibility into the risks resulting from the dynamic nature of the attack surface. In response, attack surface management (ASM) solutions provide value through the continuous discovery of and insight into an organization’s attack surface.

The attack surface encompasses all public-facing services, application programming interfaces (APIs), applications, IP addresses, and infrastructure, regardless of the host type (virtual machine, container, or bare metal) or location (on-premises or cloud). ASM starts with defining the attack surface and builds a proper management process around it. This includes automated asset discovery and tracking of asset details.

The attack surface is composed of some of the newest technologies, like containers, Kubernetes clusters, serverless functions, social media, static and dynamic HTML web content, and even internet of things (IoT) devices. This conglomeration creates an enormous amount of additional work for security teams attempting to properly manage all facets of their attack surface.

Moreover, the attack surface is dynamic; it can change daily, if not more often, and tracking these changes in an automated fashion is a key capability for an ASM solution. But simply knowing the entirety and composition of the attack surface is not sufficient. Delineating the types of assets in an organization’s attack surface, as well as the severity of related risks, rounds out an ASM solution’s value proposition.

ASM is a recent addition to the defender’s tool set, and like other new technologies, it is still evolving. As more vendors enter this space, they are compelled to innovate to differentiate themselves from one another. Decision-makers should keep this ongoing evolution in mind because this space has yet to realize its full potential.

In today’s rapidly evolving digital landscape, the expansion of an organization’s attack surface presents not just a technical challenge, but a critical business imperative. For CxOs, understanding and managing this attack surface is tantamount to no less than safeguarding the organization’s operational integrity, reputation, and financial stability. ASM solutions are a strategic necessity in this context. They offer continuous visibility into the organization’s digital exposure, transforming the reactive approach to digital security to a proactive one. This shift is essential for aligning security posture with business objectives and mitigating risks effectively.

The value of ASM for a CxO extends beyond mere asset tracking and management. It provides a comprehensive understanding of the organization’s digital ecosystem, enabling leadership to articulate and manage digital risks in terms of business impact. In a digital economy in which threats evolve as swiftly as the technologies they exploit, ASM is a crucial tool that empowers organizations to adapt quickly, ensuring sustainable business growth and operational resilience against constant digital threats. Adopting an ASM solution is a strategic decision that’s pivotal to maintaining a competitive edge and securing the organization’s digital future.

This is our third year evaluating the ASM space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 22 of the top ASM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading ASM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.