Table of Contents
- Summary
- Attack Surface Management Primer
- Report Methodology
- Decision Criteria Analysis
- Evaluation Metrics
- Key Criteria: Impact Analysis
- Analyst’s Take
- Methodology
- About Chris Ray
- About GigaOm
- Copyright
1. Summary
Rapid digital growth, cloud adoption, and a sprawling public IP space have created security challenges for organizations and opportunities for attackers.
An organization’s attack surface encompasses all of its public-facing services, APIs, applications, IPs, and infrastructure, regardless of the host type (VM, container, bare metal) or location (on-premises or cloud).
Often, organizations are unable to accurately identify their rapidly changing attack surface. Compounding this problem is the lack of visibility into the risks presented by the dynamic nature of the attack surface.
This is where attack surface management (ASM) provides its value, delivering continuous discovery and insight into an organization’s attack surface. ASM takes the attack surface and builds a proper management process around it. This includes automated asset discovery and tracking asset details.
An organization’s attack surface is dynamic; it can change daily, if not more often. Tracking these changes in an automated fashion is a key capability for an ASM solution. But simply knowing the breadth and composition of the attack surface is not sufficient. Enumerating the types of assets in the attack surface as well as the severity of risks presented rounds out the value proposition an ASM solution offers.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.