In the ever-evolving landscape of cybersecurity, organizations are increasingly recognizing the importance of external attack surface management (EASM) in bolstering their defenses against cyber threats. This blog delves into the evolution of EASM, from its foundational principles to its role in proactive security monitoring, highlighting key insights from cybersecurity experts.



Here is the verbatim discusssion:

by putting out a sign that yes I've done my due diligence so are you doing it for due diligence or are you doing it for proactive security monitoring of your assets that's the key and Paul to say that how we would have done it differently absolutely things would have been so much differently done had we done it right now and I'm I'm sure the results would have been very very different sorry Bashi trying to say something no no I'm good yeah that will they are just scratching the surface when they think that everything happens in the clear web well so much work happens in the dark web that we are not even aware and that use case helped the client show what's going on in the dark web what's going on what were their assets which were being exposed which they were completely unaware of that Discovery helped clients know about some of the tools some of the tools which were they thought they were already no longer using it but they still had ends open sitting on the internet and as Ed rightly mentioned right means you can run a scan exercises you do you know both from a from a training but from a uh security assessment security pen penetration testing all all of the old you know a lot of the the the old monitors that have new kind of um that you have to keep up because you have to stay to try to stay ahead of the of the bad guys right and gals um so and what your thoughts what are your what are you seeing with your customer base as it relates to okay so I think we've beaten the concept of of surface management external tax management debt right so it's about reconnaissance it's about recovery it's about Discovery it's about asset inventory and it's about doing that continuously right um because things are changing every day what are your thoughts at about taking that from where what we've seen over the past number of years some really good Asm.


Highlights :

Foundational Principles of EASM:

  • Reconnaissance: Conducting ongoing assessments to identify external assets, including websites, applications, and cloud services, to understand the organization's attack surface comprehensively.
  • Recovery: Implementing strategies and protocols to respond swiftly to cyber threats, minimizing the impact of potential breaches and ensuring business continuity.
  • Asset Inventory: Maintaining an up-to-date inventory of external assets, including IP addresses, domains, and subdomains, to facilitate effective security management and risk mitigation.

Proactive Security Monitoring:

  • Due Diligence vs. Proactive Security: While EASM can serve as a checkbox for due diligence, its true value lies in proactive security monitoring of assets. By continuously monitoring the external attack surface, organizations can detect and mitigate security risks in real-time, reducing the likelihood of successful cyberattacks.
  • Significance of Dark Web Monitoring: Recognizing the prevalence of cyber threats in the dark web, organizations are leveraging EASM to monitor and mitigate risks associated with unauthorized access to sensitive data and illicit activities.

Role of Cybersecurity Consultants:

  • Cybersecurity consultants play a pivotal role in guiding organizations through the implementation and optimization of EASM solutions, leveraging their expertise to tailor solutions to the organization's unique requirements.
  • Consultants assist organizations in conducting thorough reconnaissance, identifying vulnerabilities, and implementing proactive security measures to enhance cybersecurity resilience.


As organizations navigate the complexities of the modern cybersecurity landscape, the evolution of external attack surface management emerges as a critical strategy for maximizing cybersecurity resilience. By embracing proactive security monitoring and leveraging the expertise of cybersecurity consultants, organizations can strengthen their defenses against evolving cyber threats and safeguard their digital assets effectively. With continuous advancements in EASM technology and practices, organizations can adapt to the ever-changing threat landscape and stay ahead of emerging cyber risks with confidence.


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.


Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.


Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.


Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa