Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices, we need to accept that attack surface management is not limited to the surface. Only then can we identify and secure vulnerable assets against cyber risk.
The term “surface” is worth considering here. Given its literal definition, it’s only natural that organizations focus on the external elements of their business. But, in fact, attack surface refers to every asset that could be potentially exposed to and exploited in a cyberattack. This does include externally facing assets such as public clouds, desktop machines, but also everything else within the organization.
Defining the fundamentals of ASM
ASM falls under the larger umbrella of exposure management (EM), along with vulnerability management and validation management. With so many similar but distinct terms and acronyms crowding together, it’s no surprise there can be confusion about what’s what.
ASM is also commonly misrepresented as a specific…
