Security News > 2021 > May > The Rise of Continuous Attack Surface Management

In the merry-go-round world of InfoSec technologies and "What's old is new again," this year we should include Attack Surface Management with a dash of Continuous.

Ad hoc point-in-time enumerations of an organization's external attack surface are being superseded by continuous attack surface management.

Although CASM is a new label, there's already a mix of several dozen old and new startup companies focused on external attack surface enumeration and public asset attribution - with an array of integration options into existing threat intelligence platforms, vulnerability assessment management systems, cloud security posture management and SIEM solutions.

Enumerating and understanding an organization's outside-in security posture and attack surface through continuous scanning and probing, although clearly a valuable component of modern enterprise security and risk management, is yet another noisy alert generator that contributes enormously to SOC alert fatigue if not well integrated into more advanced workflows.

Impactful operational security benefits of CASM typically come from deep integration with continuous vulnerability assessment and security posture management solutions.

Enterprise security teams are hungry for the visibility CASM offers them and are pushing their larger and preferred security vendors to incorporate outside-in attack surface intelligence into their more expansive security suites as a feature.

News URL

http://feedproxy.google.com/~r/securityweek/~3/q9Uz1TNpZsQ/rise-continuous-attack-surface-management