All Articles

 

But ASM is just too concise it's too accurate it's it's very you know descriptive it's a tax surface management three letters that describes that so when we're talking about ATT tax surface management it's really important to understand if you've never considered it you've never lifted the hood looked under the covers to to take a look at what it is it's really important to understand it's a paradigm shift away from a lot of security practices and tooling uh and I'll give examples to help illustrate this with EDR you have to know about the endpoint to First install the agent on it to get the protections provided by the EDR with uh vulnerability management specifically with code you have to know your repos exist so that you can connect your your vulnerability management or your code scanning solution to your repo with ASM it takes the the shortcomings of the Legacy vulnerability scanning platforms the ones that are network based I won't name names but you know who those are it scour the internet it uses uh automations it uses human expertise a lot of solutions do not all and they they look for little breadcrumbs of data and information based off from One initial starting point and that's usually your domain name so you know whatever you're at your uh business name is. com. net.edu you give a a tax surface management vendor that little piece of information they then go and scour DNS records uh certificate data uh they do NS NS lookups they scour public repositories of of information looking for merger and acquisition activity divesture activity.

 

Highlights:

1. Paradigm Shift in Cybersecurity:

   • ASM represents a departure from traditional security practices and tooling, offering a comprehensive approach to managing digital risk.
   • Unlike endpoint-focused solutions like EDR or repository-based tools for vulnerability management, ASM takes a broader view of an organization's attack surface, encompassing all internet-connected assets.

2. Comprehensive Coverage:

   • ASM solutions leverage automation and human expertise to scour the internet for relevant data points, starting with the organization's domain name.
   • By analyzing DNS records, certificate data, and public repositories, ASM provides a comprehensive view of an organization's digital footprint, including potential merger and acquisition activity and divestiture.

3. Holistic Risk Assessment:

   • By taking a holistic approach to risk assessment, ASM enables organizations to identify vulnerabilities and threats across their entire attack surface.
   • This proactive approach allows organizations to prioritize security efforts and allocate resources effectively to mitigate the most critical risks.

4. Automation and Human Expertise:

   • ASM solutions combine the power of automation with human expertise to deliver accurate and actionable insights.
   • While automation streamlines the data collection process, human expertise ensures the interpretation and analysis of the collected data, enhancing the accuracy and relevance of the findings.

5. Transformative Impact:

   • ASM's transformative impact on cybersecurity practices cannot be overstated, offering organizations a proactive and holistic approach to managing digital risk.
   • By embracing ASM, organizations can stay ahead of emerging threats, strengthen their security posture, and safeguard their digital assets against evolving cyber threats.

 

Attack Surface Management represents a paradigm shift in cybersecurity, offering organizations a concise and accurate approach to understanding and managing digital risk. By leveraging automation, human expertise, and a holistic view of the attack surface, ASM enables organizations to stay ahead of emerging threats and mitigate digital risks effectively. As cybersecurity threats continue to evolve, embracing ASM is essential for organizations seeking to safeguard their digital assets and maintain resilience in the face of ever-changing cyber threats.

 

Chris Ray, a seasoned professional in the cybersecurity field, brings a wealth of experience from small teams to large financial institutions, as well as industries such as healthcare, financials, and tech. He has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/