GigaOm Radar for Attack Surface Managementv1.0

Table of Contents

  1. Summary
  2. Market Categories and Deployment Types
  3. Key Criteria Comparison
  4. GigaOm Radar
  5. Vendor Insights
  6. Analyst’s Take
  7. About Chris Ray

1. Summary

The difficulties and challenges of rapid digital growth, cloud adoption, and sprawling public internet space create a bonanza of opportunities for attackers. Organizations are unable to accurately identify their rapidly changing attack surface and vulnerabilities. Compounding this problem is the lack of visibility into the risks presented by the dynamic nature of the attack surface. In response, attack surface management (ASM) provides value through continuous discovery and insight into an organization’s attack surface.

Before going further, it is important to define a few key concepts that allow us to better understand ASM. The “attack surface” includes all of your public-facing services, APIs, applications, IPs, domains, certificates, and infrastructure regardless of the host type (VM, container, bare metal) or location (on-premises or cloud). ASM takes the attack surface (“AS”) and builds a proper management process (“M”) around it. This includes automated asset discovery and tracking of asset details. Adding this “M” to the “AS” gives us ASM.

An organization’s attack surface is a dynamic object. It can change daily, if not more often. Tracking these changes in an automated fashion is key for an ASM solution. But simply knowing the entirety and composition of the attack surface is not sufficient. Enumerating the types of assets in your attack surface and the severity of those risks, then helping teams prioritize and remediate those risks efficiently, rounds out the value proposition that an ASM solution creates.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.