Attack surface management (ASM) is a somewhat confusing topic that starts with a fundamental question: What exactly is the attack surface? In reality, it’s everything—internal assets, external corporate assets, third-party assets, people, everything. That said, the emerging attack surface management category focuses on internet-facing assets alone. Hmm, just another day in the perplexing cybersecurity realm.
Now, just because attack surface management tools track only internet-facing assets doesn’t make ASM easy. Large organization often have thousands, tens of thousands, or more internet-facing assets, including websites, sensitive data, employee credentials, cloud workloads, S3 buckets, source code fragments, SSL certificates, and so on.
More Stories
Friday Squid Blogging: Squid Facts on Your Phone
Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid...
Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes
Increased law enforcement pressure has forced ransomware groups like DragonForce and Anubis to move away from traditional affiliate models Read...
SAP Fixes Critical Vulnerability After Evidence of Exploitation
A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors Read More
M&S Shuts Down Online Orders Amid Ongoing Cyber Incident
British retailer M&S continues to tackle a cyber incident with online orders now paused for customers Read More
Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input
Researchers have found a Chrome extension that can act on the user’s behalf by using a popular AI agent orchestration...
Cryptocurrency Thefts Get Physical
Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping....