Attack surface management (ASM) is a somewhat confusing topic that starts with a fundamental question: What exactly is the attack surface?  In reality, it’s everything—internal assets, external corporate assets, third-party assets, people, everything.  That said, the emerging attack surface management category focuses on internet-facing assets alone.  Hmm, just another day in the perplexing cybersecurity realm.

Now, just because attack surface management tools track only internet-facing assets doesn’t make ASM easy. Large organization often have thousands, tens of thousands, or more internet-facing assets, including websites, sensitive data, employee credentials, cloud workloads, S3 buckets, source code fragments, SSL certificates, and so on. 

To read this article in full, please click here

Read More