GigaOm Radar for Attack Surface Managementv4.0

1. Executive Summary

Attack Surface Management (ASM) has emerged as a critical security capability that provides organizations with continuous visibility into their expanding digital footprint. As enterprises accelerate their digital transformation initiatives and adopt hybrid work models, the challenge of maintaining comprehensive visibility across both internal and external assets has become increasingly complex. ASM solutions address this challenge by automatically discovering, classifying, and monitoring an organization’s attack surface, including cloud resources, shadow IT, forgotten assets, and third-party risks.

For CxOs, ASM represents a strategic investment in risk reduction and operational efficiency. The technology helps organizations understand their security posture from an attacker’s perspective, enabling proactive risk mitigation before vulnerabilities can be exploited. This visibility is particularly crucial as organizations face increasing regulatory scrutiny and cyber insurance requirements that demand comprehensive asset inventory and continuous monitoring capabilities.

The market has evolved beyond simple asset discovery to include sophisticated risk contextualization, automated validation, and integration with broader security workflows. Modern ASM solutions increasingly incorporate threat intelligence, providing real-time insights into the ways discovered assets might be targeted by threat actors. This evolution reflects the growing recognition that effective security requires not just asset visibility but also understanding of how those assets might be exploited.

This analysis focuses on vendors offering comprehensive ASM capabilities, including external attack surface monitoring, risk contextualization, and automated discovery features. While many security tools offer some form of asset discovery, true ASM solutions provide continuous monitoring, risk prioritization, and actionable remediation guidance. The market continues to mature, with vendors differentiating through specialized capabilities such as supply chain risk monitoring, cloud security integration, and advanced automation features.

For organizations evaluating ASM solutions, the key consideration should be knowing how effectively the technology can integrate with existing security processes while providing actionable insights that drive risk reduction. The most successful implementations typically align ASM capabilities with broader security objectives, ensuring discovered risks can be effectively prioritized and remediated within existing operational workflows.

This is our fourth year evaluating the ASM space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Radar report examines 27 of the top ASM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading ASM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

2. Market Categories and Deployment Types

To help prospective customers find the best fit for their use case and business requirements, we assess how well ASM solutions are designed to serve specific target markets and deployment models (Table 1).

For this report, we recognize the following market segments:

• Small-to-medium business (SMB): In this category, we assess solutions on their ability to meet the needs of organizations ranging from small businesses to medium-sized companies. Solutions in this category provide simplified cost structures that make ASM achievable for small security budgets.
• Large enterprise: Here, offerings are assessed on their ability to support large and business-critical projects. Optimal solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to deploy the same service in different environments.
• Managed security service provider (MSSP): ASM solutions that offer multitenancy and unified tenant management are evaluated against this market segment. Solutions built for MSSPs offer centralized tenant management and unified visibility across multiple tenants, and may offer the ability to rebrand or white label the ASM solution.

In addition, we recognize the following deployment models:

• SaaS: These solutions are available only in the cloud. Often designed, deployed, and managed by the service provider, they are available only from that specific provider. Because the data collected during ASM operations is taken entirely from the attacker’s perspective, ASM solutions do not have an on-premises, private cloud, or other required component.
• Hybrid: These solutions are still cloud-based like the cloud-only solutions, but they leverage a sensor, collector, or agent as an additional telemetry source to create a better understanding of the composition of a client’s technical environment.

Table 1. Vendor Positioning: Target Market and Deployment Model

Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).

“Target market” reflects which use cases each solution is recommended for, not simply whether that group can use it. For example, if an SMB could use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for SMBs.

3. Decision Criteria Comparison

All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:

• Continuous discovery of attack surface
• Inventory management of attack surface assets
• Risk identification in attack surface
• Management of false positives
• Asset discovery

Tables 2, 3, and 4 summarize how each vendor in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.

• Key features differentiate solutions, highlighting the primary criteria to be considered when evaluating an ASM solution.
• Emerging features show how well each vendor implements capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
• Business criteria provide insight into the nonfunctional requirements that factor into a purchase decision and determine a solution’s impact on an organization.

These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating ASM Solutions.”

Key Features

• Attack path analysis: Attack path analysis in ASM solutions reveals the intricate chains of vulnerabilities and misconfigurations that attackers could exploit to reach critical assets. This capability is crucial for enabling security teams to prioritize remediation efforts by understanding how seemingly isolated weaknesses can be combined to create dangerous attack paths into an organization’s infrastructure.
• Assessment of vulnerabilities: After assets are discovered, the next step is to assess vulnerabilities resulting from factors like insecure software, application misconfigurations, and risky activities. ASM employs two assessment methodologies: passive, which involves enumerating vulnerabilities, and active, which confirms vulnerabilities by emulating attackers.
• Internal ASM: Emerging technologies are making internal environments as dynamic and challenging as external attack surfaces, leading to ASM solutions that can cover both areas of exposure. Comprehensive ASM solutions offer a unified approach to managing vulnerabilities and threats across the entire attack surface, enhancing overall security strategy.
• Risk scoring: Advanced ASM solutions enhance risk assessment by integrating contextual metadata, OSINT, and active assessment data, leading to more accurate and efficient risk management. The incorporation of comprehensive context into risk scoring and the automation of response workflows based on these scores significantly streamline security operations.
• Asset categorization: Effective ASM hinges on logically grouping diverse assets, a process enhanced by detailed asset categorization, which enables simplified risk assessment and efficient management. Unlike basic network scans, advanced ASM solutions provide in-depth insights, driving precise asset categorization and enabling more accurate risk management based on specific customer needs.
• Asset correlation: Asset correlation in ASM solutions provides a comprehensive and accurate inventory by automatically identifying, deduplicating, and linking related digital assets across diverse technology environments. This capability ensures organizations maintain a single source of truth about their attack surface by connecting disparate data points about the same asset, whether it appears in cloud instances, on-premises infrastructure, or third-party environments.
• Third-party risk identification: Third-party risk identification in ASM solutions automatically discovers and assesses security risks introduced by an organization’s external vendors, partners, and supply chain relationships. This capability is essential for maintaining a strong security posture as organizations increasingly rely on third-party services and integrations that can expand their attack surface beyond traditional boundaries.

Table 2. Key Features Comparison

Emerging Features

• Custom threat intelligence: ASM solutions discover, gather, and correlate data at internet scale. While the primary purpose of this data discovery and analysis is to identify technical risks, such as missing patches and misconfigurations, the data can also be used as a custom threat intelligence feed for internal security solutions.
• Dark web monitoring: Dark web monitoring actively scans underground forums, marketplaces, and communities to identify leaked credentials, stolen data, or discussions about potential vulnerabilities in an organization’s attack surface. This capability provides early warning of potential compromises or planned attacks by detecting the activity when threat actors are targeting specific assets or discussing exploitation techniques relevant to an organization’s infrastructure.

Table 3. Emerging Features Comparison

Business Criteria

• Flexibility: Flexibility in ASM solutions refers to the adaptability of the system to diverse environments and requirements. This criterion is essential, as it ensures the solution can effectively cater to specific organizational needs and evolving security landscapes.
• Discovery frequency: Frequency of discovery in ASM solutions refers to how often the system scans and updates asset information. It’s crucial for maintaining an up-to-date view of the attack surface, ensuring timely identification of new risks and vulnerabilities.
• Scalability: Scalability in ASM solutions pertains to their ability to efficiently manage growing and diverse assets as an organization expands. It’s crucial for adapting to the increasing complexity and size of attack surfaces without sacrificing performance or security.
• Cost: Cost encompasses the financial investment required for deployment, operation, and maintenance of the ASM solution. It’s a crucial criterion, determining the affordability and ROI of the solution for organizations of varying sizes and budgets.
• Ease of use: Ease of use involves user-friendliness and the simplicity of navigating and using the system. It’s critical for ensuring security teams can efficiently manage the attack surface without requiring extensive training.

Table 4. Business Criteria Comparison

4. GigaOm Radar

The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.

Figure 1. GigaOm Radar for ASM

As you can see in Figure 1, the Radar Chart reveals several interesting trends in the market landscape. The distribution of vendors shows a fairly balanced spread across Maturity and Innovation, suggesting a market that’s both established and evolving. However, there’s a slight tilt toward the Innovation side, indicating strong market dynamism and ongoing technological advancement.

The Platform Play hemisphere shows notably higher vendor density compared to the Feature Play side, which suggests the industry is moving toward more comprehensive, integrated solutions rather than point products. This trend aligns with growing enterprise demands for unified security approaches rather than siloed solutions.

Looking at positioning patterns, there’s a distinctive clustering of vendors in the center-right portion of the chart. The concentration of vendors in the Innovation/Platform Play quadrant suggests a competitive battleground where multiple providers are vying to establish comprehensive, forward-looking solutions.

The Leaders circle contains a moderate number of vendors, indicating a mature but still competitive market. Notably, there’s a significant number of Fast Movers positioned just outside the Leaders circle, suggesting that market leadership may shift in the near future. This indicates a dynamic market in which leadership positions aren’t firmly entrenched.

The chart also reveals an interesting “gap zone” in certain areas, particularly in the outer edges of the Feature Play/Maturity quadrant, suggesting potential market opportunities or areas where current solutions might not fully address market needs.

Overall, this distribution pattern indicates a market in transition, moving from point solutions toward more comprehensive platforms while maintaining a healthy balance between established approaches and innovative developments.

In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; every solution has aspects that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.

5. Solution Insights

Armis: Centrix

Solution Overview
Armis provides attack surface management and exposure management capabilities through its Asset Intelligence and Security Platform. The solution discovers and monitors connected assets across IT, IoT, OT, IoMT, cloud, and cellular-connected devices, providing contextual intelligence about asset behavior and risks.

The solution consists of several integrated modules, including Armis Asset Intelligence, Armis Asset Management, and Armis Vulnerability Management. These work together to create a unified view of an organization’s attack surface by analyzing asset relationships, configurations, and behavior patterns.

Armis focuses specifically on helping organizations identify and manage cyber risk across their entire asset ecosystem, with particular emphasis on previously unmanaged or IoT devices. The solution provides automated asset discovery, continuous monitoring, and risk-based prioritization.

As an established vendor, the solution will look and feel largely the same over the contract lifecycle. Armis prioritizes stability and continuity in its approach to development, focusing on methodical improvements to core functionalities. The vendor makes incremental enhancements to its existing features, particularly in areas of interoperability with security tools, compliance reporting capabilities, and asset classification accuracy. This measured approach helps ensure consistent user experience and compatibility across its deployment base.

Armis is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Armis scored well on a number of the decision criteria, including:

• Internal ASM: Armis’s Asset Intelligence Engine performs continuous, nonintrusive network asset discovery and monitoring. Moreover, the solution maintains a dynamic inventory of over 5 billion profiled assets through AI-driven behavioral analysis and vulnerability scanning.
• Third-party risk identification: Armis provides comprehensive identification of subsidiary and third-party assets through integrated data sources while supporting hierarchical organization structures and customizable classification schemas across departments, geographies, and network segments.
• Dark web monitoring: Armis integrated AI-powered threat-hunting technology following the acquisition of CTCI. The solution monitors dark web activity and employs deception technology to detect potential CVE exploits, with current coverage of 1,600 CVEs beyond CISA’s known exploits.

Challenges
Armis has room for improvement in the following decision criteria:

• Assessment of vulnerabilities: Armis relies on only passive assessment methods. Though the solution effectively cross-references telemetry from available sources and offers a comprehensive and diverse approach to passive assessments, it could benefit from active assessment techniques and enhanced active scanning capabilities to provide more comprehensive vulnerability detection and validation.
• Attack path analysis: Armis offers comprehensive network mapping and real-time risk scoring capabilities. However, the solution may face challenges in situations where passive detection methods alone may not provide complete visibility of all potential attack paths.
• Purchase Considerations
  Armis employs a variable pricing structure that considers multiple deployment factors, making cost prediction less straightforward than with vendors offering standardized tiers. This approach can create challenges during initial budgeting processes, though it allows for more customized pricing based on specific usage patterns.

From a licensing perspective, Armis functions as a Platform Play, requiring organizations to adopt its complete solution suite for optimal functionality. The solution includes comprehensive capabilities across asset discovery, monitoring, and risk management, though this integrated approach may necessitate displacement of existing tools.

The solution effectively serves both SMB and enterprise markets, demonstrating scalability from smaller deployments to global enterprises managing over 5 million assets. Value Packs provide industry-specific configurations that simplify deployment for different vertical markets, including specialized capabilities for healthcare environments.

Deployment complexity is mitigated through streamlined onboarding processes and continuous discovery capabilities that enable quick time-to-value. Migration from existing solutions is facilitated by the solution’s flexible architecture and comprehensive asset discovery capabilities, though organizations should plan for a complete platform transition rather than partial implementation.

Use Cases
The solution offers dedicated capabilities for healthcare environments, providing continuous monitoring of medical devices and internet of medical things (IoMT) assets while maintaining compliance requirements. This includes specialized device profiling and risk assessment specific to patient care equipment.

In manufacturing and industrial settings, Armis provides comprehensive visibility of operational technology assets and industrial control systems. The solution enables nonintrusive monitoring of production equipment while maintaining security controls appropriate for industrial environments.

The solution addresses complex enterprise environments by providing continuous discovery and monitoring of traditional IT assets, cloud resources, and endpoint devices. This includes maintaining visibility across hybrid infrastructures and identifying security gaps in diverse technology stacks.

Through its subsidiary monitoring capabilities, Armis helps organizations maintain visibility of assets across different business units and geographical locations. This includes tracking asset relationships and identifying potential risks across organizational boundaries.

Bishop Fox: Cosmos

Solution Overview
Bishop Fox delivers attack surface management capabilities through its Cosmos solution, which combines continuous automated security testing with expert-driven penetration testing services. In the past year, the vendor has enhanced its solution with advanced AI and expanded attack chain analysis.

The Cosmos solution operates as a standalone offering while integrating its professional services as part of the solution. The solution includes asset discovery, exposure detection, vulnerability assessment, and attack chain validation. These components work together to provide comprehensive external attack surface visibility and continuous security testing.

Bishop Fox takes a specialized approach to ASM by combining automated scanning with expert security testing services. This strategy emphasizes the identification of complex attack paths and validation of security issues that could lead to breach scenarios, particularly focusing on exploitable vulnerabilities rather than theoretical risks.

As an Innovation vendor, the solution will look and feel different over the contract lifecycle. Bishop Fox maintains an aggressive development roadmap, particularly in expanding its AI capabilities and automation features. The vendor emphasizes rapid advancement through frequent releases and updates, focusing especially on enhancing its attack chain analysis capabilities and expanding its automated testing coverage. This emphasis on innovation means customers should expect regular changes and enhancements to functionality throughout their deployment.

Bishop Fox is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
Bishop Fox scored well on a number of the decision criteria, including:

• Attack path analysis: Bishop Fox’s brand-centric approach enables comprehensive digital asset discovery and categorization with high confidence levels. The solution excels in establishing contextual relationships among assets and providing clear evidence of discovery and attribution.
• Assessment of vulnerabilities: The Cosmos platform offers a unique combination of automated security testing and human validation through its adversarial operations team. The solution provides initial exploitation verification, authenticated testing via the Cosmos application penetration testing (CAPT) add-on, and post-exploitation impact assessment with unlimited retesting capabilities.
• Custom threat intelligence: Bishop Fox provides effective integration of public and private threat intelligence sources, along with support for customer-provided intelligence and custom feed integration that enhances detection capabilities for specific customer scenarios.

Challenges
Bishop Fox has room for improvement in the following decision criteria:

• Third-party risk identification: Bishop Fox does not currently include this capability in its solution, creating a significant gap in visibility for organizations needing to monitor their third-party attack surface.
• Internal ASM: Bishop Fox offers only limited internal scanning capabilities. While CAPT provides some internal assessment capabilities, it requires a separate service with additional cost, making comprehensive internal attack surface management less accessible.
• Asset categorization: While Bishop Fox offers strong asset discovery capabilities with unique technical capabilities coupled with humans in the loop for validation and higher quality results, it could benefit from developing asset categorization capabilities that are more sophisticated and automated.

Purchase Considerations
Bishop Fox maintains a transparent pricing model with support included in the base cost. The human-in-the-loop validation component adds value to the solution, helping to justify the pricing structure.

The Cosmos solution is effectively productized with clear delineation of capabilities. The multitiered approach to asset discovery and assessment makes it straightforward for customers to understand what they’re getting.

Cosmos effectively serves large enterprises and some of the SMB market segments through its scalable architecture and customizable discovery frequencies. While the lack of internal ASM capabilities may impact some enterprise use cases, the core functionality remains valuable across organization sizes.

Implementation is simplified through the recently revamped user interface, which provides more intuitive navigation and workflow management. The multitiered asset approach allows for gradual deployment based on asset criticality.

Use Cases
The solution excels in discovery and assessment of digital assets during M&A activities, helping organizations understand the security posture of potential acquisitions and identify previously unknown assets that could present risks during integration.

For organizations managing multiple cloud service providers, Cosmos provides specialized capabilities for discovering shadow IT, misconfigurations, and exposed assets across different cloud environments, with particular strength in validating security controls.

The solution supports rapid development environments by continuously monitoring for exposed development assets, including testing environments, and reviewing code repositories.

Through its approach to asset discovery, Bishop Fox helps organizations identify and manage risks associated with brand impersonation, unauthorized domain usage, and digital assets that could impact brand reputation.

Bugcrowd: Attack Surface Management

Solution Overview
Bugcrowd delivers attack surface management capabilities through its External Attack Surface Management solution, integrated within its broader Security Knowledge Platform. The vendor combines continuous asset discovery with its crowdsourced security testing expertise to provide comprehensive attack surface visibility.

The solution operates as part of Bugcrowd’s unified platform, which includes vulnerability disclosure, bug bounty, and penetration testing services. The asset inventory module provides continuous asset discovery, classification, and risk assessment while integrating with Bugcrowd’s broader security testing capabilities.

Bugcrowd takes a specialized approach by combining automated asset discovery with crowdsourced security expertise. This strategy emphasizes the validation of security findings through its researcher community, providing organizations with both automated scanning and human verification of potential security issues.

Bugcrowd is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
Bugcrowd scored well on a number of the decision criteria, including:

• Attack path analysis: Bugcrowd’s hybrid strategy combines human and machine-powered analysis, which has demonstrated 93% better coverage compared to traditional methods. The dual validation strategy ensures more accurate identification of potential attack paths.
• Third-party risk identification: Bugcrowd’s comprehensive approach combines active scanning, cloud integration, and human-driven attribution. The solution leverages crowdsourced intelligence alongside automated tools to discover and analyze both organizational and third-party digital assets.
• Risk scoring: Bugcrowd offers a contextualized risk-scoring system that incorporates human review. The solution provides both risk and exploitability scores, helping organizations prioritize remediation efforts based on validated assessments.

Challenges
Bugcrowd has room for improvement in the following decision criteria:

• Dark web monitoring: Bugcrowd does not currently include this feature in the solution, creating a gap in threat intelligence gathering and early warning capabilities.
• Assessment of vulnerabilities: Bugcrowd offers only limited active assessment capabilities within the core ASM solution. While active assessment is available through bug bounty or penetration testing programs, these involve additional costs and are not integrated into the base ASM offering.
• Internal ASM: Bugcrowd has limited internal visibility capabilities. While the solution can integrate with configuration management database (CMDB) platforms via APIs to provide some internal insights, the use cases are restricted and may not meet comprehensive internal asset management requirements.

Purchase Considerations
Bugcrowd offers a straightforward pricing model with moderate transparency. The solution becomes more cost-effective when bundled with other Bugcrowd services, though this may not always align with customer requirements.

The solution is effectively productized as a standalone offering but demonstrates enhanced value when combined with other Bugcrowd services. This positioning may influence purchase decisions based on whether organizations need the broader service portfolio.

The solution serves both the large enterprise and SMB market segments, though its value proposition strengthens when paired with other Bugcrowd offerings. Organizations should evaluate whether the standalone ASM capabilities meet their requirements or if additional services are needed.

Implementation is straightforward with an intuitive user interface, though the limited discovery frequency options may impact deployment flexibility. Organizations cannot customize scan cadence beyond preset daily or weekly options.

Use Cases
For organizations in the financial sector, Bugcrowd offers specialized capabilities for discovering and validating security issues across customer-facing applications and services. The combination of automated scanning and crowdsourced expertise helps identify potential vulnerabilities before they can be exploited.

The solution addresses the security needs of online retail environments by providing continuous monitoring of digital storefronts, payment systems, and customer-facing assets. The human validation component helps identify complex security issues that could impact transaction security.

Through its great discovery capabilities (with asset discovery every 4 hours and domain discovery every 24 hours), Bugcrowd helps organizations maintain visibility of exposed APIs and web services. The solution combines automated discovery with expert validation to identify potential security gaps in API implementations.

The solution supports application security programs by providing continuous discovery and assessment of web applications, mobile apps, and associated infrastructure. The crowdsourced approach helps validate security controls and identify potential vulnerabilities across the application portfolio.

Cavelo

Solution Overview
Cavelo’s approach to data and asset discovery, though currently limited by the need for agent deployment, shows promise with ongoing development efforts to enhance this capability. The solution excels in active vulnerability assessment, conducting comprehensive assessments across all discovered assets, including credential scanning and misconfiguration checks using CIS benchmarks.

A standout feature of Cavelo is its internal ASM, which has been a core aspect of the platform since its inception, owing to its agent-based approach. In terms of risk scoring, Cavelo adopts an innovative method by combining exploit prediction scoring system (EPSS) scores with common vulnerability scoring system (CVSS) and IBM’s cost of breach calculations, providing a multifaceted risk perspective.

Cavelo is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the ASM Radar report.

Strengths
Cavelo scored well on a number of the decision criteria, including:

• Internal ASM: Cavelo’s comprehensive approach combines agent-based endpoint scanning with agentless cloud API integrations. As the only solution that began with agent-based scanning before adding API integration, it demonstrates particular strength in internal ASM use cases.
• Assessment of vulnerabilities: Cavelo offers thorough vulnerability assessment capabilities that include credential scanning and misconfiguration detection using Center for Internet Security (CIS) benchmarks across all discovered assets.
• Risk scoring: Cavelo’s innovative risk-scoring methodology combines EPSS scores, CVSS metrics, and IBM’s cost of breach calculations. This unique approach provides organizations with a comprehensive risk evaluation that includes attack likelihood, potential breach costs, and severity metrics.

Challenges
Cavelo has room for improvement in the following decision criteria:

• Dark web monitoring: Cavelo does not currently include this capability in the solution, though it is planned for development in FY25. This currently creates a gap in threat intelligence gathering and early warning capabilities.
• Attack path analysis: Cavelo offers only a basic approach to visualizing attack paths. While the solution correlates user risk patterns and policy-based data relationships, there is room for more sophisticated analysis and deeper integration of threat intelligence into attack path modeling.
• Asset correlation: Cavelo’s fundamental approach to asset correlation through agent and agentless methods provides basic asset inventory and classification capabilities, but there is opportunity for more advanced correlation techniques and automated relationship mapping.

Purchase Considerations
Cavelo offers a modular pricing approach that allows customers to select specific capabilities such as data discovery, access management, vulnerability management, or configuration management independently. This transparent structure helps organizations align purchases with specific needs without incurring additional costs.

The solution is effectively modularized, allowing customers to purchase specific components based on their requirements. This approach provides clarity in pricing and enables organizations to scale their implementation based on specific use cases.

The solution’s agent-based architecture with limited API integrations may impact scalability for larger enterprises. While suitable for smaller deployments, organizations with complex environments should evaluate the scaling implications of the agent-based approach, as managing agents across their infrastructure may present challenges.

Use Cases
For organizations working toward CMMC compliance, Cavelo offers specialized capabilities for discovering and classifying controlled unclassified information (CUI) across internal systems. The solution helps organizations understand their data landscape and validate compliance requirements.

The solution addresses HIPAA compliance requirements by providing continuous monitoring of protected health information across internal systems. This includes identifying places where sensitive patient data resides and tracking access patterns to maintain compliance.

Through its comprehensive data discovery capabilities, Cavelo helps organizations maintain compliance with privacy regulations like CCPA by identifying and classifying personal information across internal systems. The solution tracks patterns of data movement and access to ensure proper controls are in place.

The solution supports access governance programs by providing visibility into data relationships and user access patterns. This helps organizations identify potential security gaps in data access controls and validate proper implementation of least privilege principles.

Cogility: TacitRed

Solution Overview
Cogility delivers attack surface management capabilities through its TacitRed solution, which emphasizes automated threat detection and response based on AI-driven analytics.

TacitRed operates as a standalone SaaS solution within Cogility’s security portfolio, focusing specifically on attack surface visibility and threat detection. The solution uses its streaming data platform and AI to analyze multiple threat intelligence sources, including internet traffic and cyber adversary behavior, to identify assets and potential threats without requiring extensive manual configuration.

Cogility’s specialized approach focuses on automated threat detection rather than broad asset management. This strategy emphasizes rapid identification, prioritization, attack stage insight, and detailed evidence to support response to potential threats and active attacks, particularly in environments where manual analysis would be impractical due to the volume of data or speed of attacks.

As an innovative vendor with a specialized approach, TacitRed will look and feel different over the contract lifecycle. Cogility maintains an aggressive development roadmap, particularly in expanding its AI capabilities and automated response features. It emphasizes rapid advancement through frequent releases and updates, focusing especially on enhancing its threat detection algorithms and automated response capabilities.

Cogility is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant of the ASM Radar report.

Strengths
Cogility scored well on a number of the decision criteria, including:

• Risk scoring: Cogility’s sophisticated approach to threat detection and risk evaluation considers threat actor progression along attack chain stages and threat categories. This methodology provides organizations with contextual understanding of their risk exposure.
• Asset categorization: Cogility’s automated asset categorization and tagging capabilities enable it to organize validated threats by type, severity, and attack stage while leveraging security information and event management (SIEM) and ITSM integrations for customization rather than providing direct interface modifications.
• Third-party risk identification: Cogility’s comprehensive monitoring of third-party organizations enables tracking of security issues and risk scores across subsidiaries, partners, and suppliers, facilitating collaborative approaches to cyber risk reduction.

Challenges
Cogility has room for improvement in the following decision criteria:

• Dark web monitoring: Cogility does not currently offer this feature. While the solution analyzes Tier 1 provider network traffic for threat actor activities, it lacks dedicated dark web monitoring capabilities for identifying compromised assets and credentials.
• Assessment of vulnerabilities: Cogility provides limited vulnerability assessment capabilities. The solution prioritizes live threat detection through port and handshake fingerprinting but lacks traditional vulnerability scanning features, requiring organizations to rely on additional tools for comprehensive vulnerability management.
• Asset correlation: Cogility offers only a basic approach to correlating threat intelligence with organizational assets. While the solution can identify exposed technologies and prioritize threats, it would benefit from more sophisticated asset relationship mapping and automated correlation capabilities.

Purchase Considerations
Cogility offers a transparent, tiered pricing structure with four distinct subscription levels: Essentials, Advanced, Professional, and Enterprise. The clear delineation between tiers and inclusion of a 30-day free trial helps organizations evaluate fit before committing.

The solution is effectively productized through its tiered approach, making it straightforward for customers to understand available features and upgrade paths. The Enterprise tier offers customization options for organizations with specific requirements.

The solution serves both the SMB and enterprise market segments, along with MSSPs, through its tiered structure, with particular strength in supporting organizations managing subsidiaries, M&A activities, and cyber insurance risk assessment.

With its try-buy and expand opportunity, the vendor’s approach to customer onboarding simplifies expansion of coverage. Finally, discovery is based on existing tracking of 18 million US business entities with differential updates occurring as frequently as every six hours as changes are noted.

Use Cases
The solution excels in monitoring and analyzing Tier 1 provider network traffic to identify active command-and-control infrastructure and threat actor patterns. This capability helps organizations understand and respond to emerging threats before they materialize into attacks.

Through its comprehensive threat intelligence capabilities, Cogility helps organizations manage security across multiple subsidiaries or business units. The solution tracks threat indicators across diverse organizational structures.

The solution addresses security needs of organizations with complex infrastructure by providing continuous monitoring of network behavior and matching against known threat patterns. This helps identify potential threats and active compromises without requiring active scanning.

CrowdStrike: Falcon Surface

Solution Overview
CrowdStrike demonstrates a solid foundation with its comprehensive ASM solutions. The solution’s asset discovery is thorough, performing 24/7 autonomous scanning across a broad spectrum of assets with an ML-assisted approach for enhanced accuracy and correlation.

CrowdStrike has robust validation methods, including industry-specific risk analysis and attack history review. Its internal ASM capabilities, provided through Falcon Discover, do not embody full internal ASM but still offer valuable visibility across a range of operating systems.

The vendor’s risk-scoring approach, using adversary intelligence-led prioritization, stands out, offering detailed, actionable risk assessments. However, the absence of autonomous penetration testing and certain limitations in customization and active assessment features highlight areas where CrowdStrike’s development pace contrasts with rapid innovation by other vendors.

CrowdStrike is positioned as a Challenger and Forward Mover in the Maturity/Feature Play quadrant of the ASM Radar report.

Strengths
CrowdStrike scored well on a number of the decision criteria, including:

• Risk scoring: CrowdStrike offers an adversary intelligence-led prioritization approach. The solution calculates risks using specific knowledge of the asset, its value to the client, and its potential for attack based on identified weaknesses while providing detailed remediation steps for all risk assessments.
• Asset correlation: CrowdStrike’s comprehensive correlation of assets across cloud and on-premises environments enables it to integrate attack path analysis, threat intelligence context, and continuous monitoring while prioritizing risks based on vulnerabilities and potential attack vectors.
• Custom threat intelligence: CrowdStrike effectively leverages its Security Cloud’s global event data. The Falcon Exposure Management solution integrates with CrowdStrike Adversary Intelligence to provide contextualized external attack surface risks through IOCs and threat reports.

Challenges
CrowdStrike has room for improvement in the following decision criteria:

• Dark web monitoring: CrowdStrike does not currently include this feature in the ASM solution, creating a gap in threat intelligence gathering and early warning capabilities. It is, however, available for purchase through the Falcon Counter Adversary Operations module.
• Assessment of vulnerabilities: CrowdStrike offers only limited active assessment capabilities. While the solution validates findings through side-channel means such as industry-specific risks and asset attack history and through vulnerability discovery through deployed Falcon sensors, this approach will be limited to known hosts.
• Internal ASM: CrowdStrike provides limited internal visibility capabilities. While the Falcon agent provides some ASM-like internal capabilities across Windows, Mac, and select Linux distributions through Falcon Discover, this offering falls short of comprehensive internal ASM functionality.

CrowdStrike is classified as a Forward Mover because of its relatively slow rate of development in the ASM space over the last 6 to 12 months. While the vendor maintains strong capabilities in other security areas, its ASM development has shown a lower release cadence compared to competitors, suggesting potential challenges in maintaining market position over the next year.

Purchase Considerations
CrowdStrike offers a modular pricing approach through its Falcon platform, allowing customers to select specific capabilities as needed. Support is included in the base cost, with potential for a fully managed service option through a “Falcon Complete” offering.

The solution is effectively modularized within the broader Falcon platform, though given the limited internal ASM and active assessment capabilities, organizations should evaluate which components are necessary for their specific use cases.

The solution’s SaaS-first agentless approach facilitates deployment across all three market segments. However, the limited internal ASM capabilities may impact suitability for enterprises requiring comprehensive asset management.

The SaaS-first approach simplifies initial deployment and ongoing management. While continuous discovery is maintained, details about major scanning initiatives are not publicly available.

Use Cases
For existing CrowdStrike customers, the solution provides seamless extension of security controls from endpoint protection to external attack surface monitoring. Organizations already using Falcon benefit from unified visibility across their security stack without requiring additional infrastructure.

The solution addresses cloud-first environments by providing continuous monitoring of cloud assets and infrastructure. The SaaS approach enables quick deployment and scalability, which is particularly beneficial for organizations with distributed cloud resources.

Through integration with existing Falcon deployments, the solution helps security operations teams maintain comprehensive visibility across both internal and external assets. This includes correlating external threats with endpoint telemetry to provide context for potential attacks.

The agentless SaaS-first approach enables quick implementation in dynamic environments. Organizations can maintain security visibility during cloud migrations or rapid infrastructure changes without requiring extensive configuration changes.

Cyberint

Solution Overview
Cyberint delivers comprehensive attack surface management capabilities through its solution, focusing on external attack surface discovery and continuous threat monitoring. The vendor has maintained consistent enhancement of its core capabilities while expanding its threat intelligence integration features over the past year.

The Cyberint solution operates as part of Cyberint’s broader platform, which includes digital risk protection and threat intelligence capabilities. The integrated modules work together to provide automated asset discovery, continuous monitoring, and contextual threat analysis across an organization’s external attack surface.

Cyberint takes a broad approach to attack surface management by combining automated discovery with extensive threat intelligence capabilities. This strategy emphasizes maintaining comprehensive visibility while providing actionable context for identified risks, particularly focusing on validated threats rather than theoretical vulnerabilities.

Cyberint is an established leader in this space, so the solution will look and feel largely the same over the contract lifecycle. Cyberint prioritizes stability and continuity in its approach to development, focusing on methodical improvements to core functionalities.

Cyberint is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Cyberint scored well on a number of the decision criteria, including:

• Third-party risk identification: Cyberint’s supply chain intelligence module automatically identifies and monitors third-party vendors. The solution provides real-time risk assessment across breach history, targeting levels, exposures, and security hygiene, while delivering early alerts about security incidents before formal vendor disclosure.
• Attack path analysis: Cyberint’s ASM asset cards feature effectively maps external asset discovery paths from customer-defined seed assets. While the solution does not include internal attack path mapping, it provides detailed visibility of external attack surfaces.
• Risk scoring: Cyberint offers a comprehensive hierarchical risk-scoring system that implements a multilayered approach through environment-wide posture scores, individual asset severity ratings, and specific alert severity levels. This scoring system evaluates exposures across multiple security domains, including certificates, ports, email security, web interfaces, cloud storage, credentials, subdomains, blocklists, and SSL/TLS configurations.

Cyberint is classified as an Outperformer thanks to its rapid advancement in threat intelligence capabilities and enhanced integration features over the past year. The vendor’s consistent development of core functionalities, combined with its expanded threat intelligence capabilities and improved alert accuracy, positions it to make significant market advances in the coming year.

Challenges
Cyberint has room for improvement in the following decision criteria:

• Internal ASM: Cyberint does not currently include internal ASM features in the solution, though development is underway. This creates a significant gap for organizations requiring comprehensive visibility across both internal and external assets.
• Assessment of vulnerabilities: Cyberint offers only a basic approach to vulnerability identification through technology fingerprinting. While the solution offers optional automated exploit validation scanning, its application-layer validation capabilities are still in development, with expanded features planned.
• Asset correlation: Cyberint provides only basic asset management. While customers can categorize assets as in scope, out of scope, or unvalidated, and assets are automatically sorted by type, the solution would benefit from more sophisticated correlation and relationship mapping capabilities.

Purchase Considerations
Cyberint offers a transparent pricing structure based on digital asset count with three distinct coverage levels: ASM monitoring, digital risk protection monitoring, and threat intelligence monitoring. This clear delineation helps organizations align purchases with specific needs.

The solution is effectively productized with clear coverage levels and asset-based pricing. The recent addition of MSSP support demonstrates continued evolution of the licensing model to accommodate different deployment scenarios.

The solution successfully serves all three market segments, with proven scalability supporting Fortune 100 enterprises while maintaining accessibility for smaller organizations. The custom threat feed capabilities enhance value for larger deployments.

The solution maintains regular discovery cadence with daily production and weekly non-production asset discovery while offering on-demand capabilities for specific functions. The various discovery methods provide comprehensive coverage without creating deployment complexity.

Use Cases
For organizations with significant digital presence, Cyberint offers specialized capabilities for monitoring brand abuse, impersonation attempts, and potential reputation risks across surface, deep, and dark web sources. The solution helps identify and track threats to brand integrity before they materialize into attacks.

Through its supply chain intelligence module, Cyberint helps organizations monitor and assess security risks across their vendor ecosystem. The solution provides early warning of security incidents affecting third parties, often before formal vendor disclosure.

The solution addresses the specific needs of financial institutions by providing comprehensive monitoring of digital assets, including customer-facing applications and potential fraud indicators. This includes tracking of exposed credentials and potential attack infrastructure targeting financial services.

For organizations with established security operations, Cyberint enhances existing capabilities by providing enriched IoC feeds and actionable intelligence. The solution helps security teams prioritize responses based on validated threats rather than theoretical vulnerabilities.

CyCognito: Attack Surface Management

Solution Overview
CyCognito delivers external attack surface management capabilities through its Attack Surface Management Platform. The vendor has maintained steady development of its core capabilities while expanding integration features and enhancing its risk prioritization algorithms over the past year.

The solution operates as a comprehensive platform that includes modules for asset discovery, exposure detection, and risk assessment. These components work together to provide continuous monitoring and validation of external-facing assets, with particular emphasis on identifying shadow IT and previously unknown infrastructure.

CyCognito takes a methodical approach to attack surface management by focusing on accurate asset discovery and contextualized risk assessment. This strategy emphasizes maintaining comprehensive visibility while providing actionable context for identified risks, particularly focusing on validated threats rather than theoretical vulnerabilities.

As an established vendor with a moderate release cadence, the solution will look and feel largely the same over the contract lifecycle. CyCognito prioritizes stability and continuity in its approach to development, focusing on methodical improvements to core functionalities. The vendor makes incremental enhancements to its existing features, particularly in areas of integration capabilities, compliance reporting, and detection accuracy.

Cycognito is positioned as a Leader and Fast Mover in the Maturity/Platform quadrant of the ASM Radar report.

Strengths
CyCognito scored well on a number of the decision criteria, including:

• Attack path analysis: CyCognito’s comprehensive approach combines active testing, dynamic application security testing (DAST) scanning, and machine learning. The solution automatically contextualizes assets through ML/NLP while providing MITRE ATT&CK-aligned risk visualization and discovery path analysis through intuitive dashboards and APIs.
• Assessment of vulnerabilities: CyCognito offers an integrated approach to vulnerability assessment. The solution combines DAST for web applications with IT hygiene testing for cloud and internet-facing infrastructure, ensuring every asset is thoroughly scanned and tested.
• Asset categorization: CyCognito provides sophisticated asset categorization capabilities. The platform automatically assigns over 160 contextual elements to discover assets while enabling automated, recipe-based, and manual tagging capabilities. This includes discoverability metrics, business function relationships, and security test results that inform risk assessment and prioritization.

Challenges
CyCognito has room for improvement in the following decision criteria:

• Internal ASM: CyCognito offers only limited internal visibility capabilities. While the solution integrates with major cloud providers (AWS, Azure, and GCP), it lacks direct on-premises coverage and relies on third-party vulnerability scanners like Tenable for internal insights.
• Third-Party risk identification: CyCognito has a narrow focus on third-party software components. While the solution effectively discovers and contextualizes software dependencies, it lacks comprehensive coverage of third-party services and potential shadow IT instances.
• Custom threat intelligence: CyCognito offers only basic threat intelligence integration capabilities. While the solution provides API-based asset tagging and commenting features that influence prioritization and response workflows, it would benefit from more sophisticated threat intelligence integration and analysis.

Purchase Considerations
CyCognito offers a modular pricing structure that allows à la carte feature selection, though this can increase overall costs. Support services are included in the base pricing, providing value alignment with the solution’s comprehensive capabilities.

The solution is effectively productized with clear feature sets, though the à la carte model may require careful evaluation to ensure optimal feature selection. The platform’s deep technological expertise supports implementations across industries.

The solution serves the SMB and large enterprise market segments, though pricing may impact accessibility for smaller organizations. The comprehensive feature set and industry-agnostic approach make it particularly suitable for complex enterprise environments.

The solution’s scalability aligns with market standards, though without significant differentiation. The intuitive interface and risk profiling features help facilitate transition from existing tools, while the flexible discovery options enable phased migration approaches.

Use Cases
The solution excels in providing visibility during cloud migration initiatives, helping organizations maintain security controls as they transition workloads across different cloud providers. The comprehensive discovery capabilities help identify shadow IT and previously unknown assets that could impact migration security.

For organizations with complex corporate structures, CyCognito provides specialized capabilities for discovering and monitoring assets across multiple subsidiaries. The solution helps maintain visibility of security posture across different business units while identifying potential risks during organizational changes.

For organizations with established security operations, CyCognito enhances existing capabilities by providing automated discovery and validation of external assets. The solution helps security teams maintain comprehensive visibility while automating routine discovery and assessment tasks.

Cymulate: Exposure Management and Security Validation Platform

Solution Overview
Cymulate delivers attack surface management capabilities through its Exposure Validation Platform. The solution combines continuous security validation with attack surface monitoring to provide comprehensive visibility of external and internal assets.

The solution operates as part of Cymulate’s broader security validation platform, which includes modules for breach and attack simulation, automated red teaming, and security control validation. These components work together to provide continuous monitoring and validation of security controls across the attack surface.

Cymulate takes a methodical approach to attack surface management by focusing on security control validation and exposure assessment. This strategy emphasizes maintaining comprehensive visibility while validating the effectiveness of existing security controls, particularly focusing on validated threats rather than theoretical vulnerabilities.

Cymulate is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Cymulate scored well on a number of the decision criteria, including:

• Risk scoring: Cymulate offers a sophisticated two-stage calculation approach. The solution first assigns an initial score based on fixed weight findings combined with asset risk level, then adjusts it based on frequency and severity of findings to deliver a practical, prioritized risk assessment.
• Third-party risk identification: Cymulate’s comprehensive third-party risk management capabilities combine external asset discovery, vulnerability scanning, dark web monitoring, and continuous cloud infrastructure assessment to provide actionable mitigation recommendations across subsidiaries and vendors.
• Dark web monitoring: Cymulate continuously monitors both clear and dark web sources. The solution effectively detects exposed assets, compromised credentials, and sensitive data leaks while incorporating findings into its threat intelligence capabilities for comprehensive attack surface assessment.

Challenges
Cymulate has room for improvement in the following decision criteria:

• Asset categorization: Cymulate offers only basic asset management capabilities. While the solution provides fundamental sorting and filtering options, it lacks more sophisticated categorization features that could enhance asset organization and relationship mapping.
• Assessment of vulnerabilities: Cymulate takes a standard approach to vulnerability assessment and provides basic vulnerability scanning capabilities, but it doesn’t significantly differentiate itself from other vendors in this area.
• Internal ASM: Cymulate offers a basic agent-based approach. While the solution efficiently uses the same agent for both internal ASM and breach and attack simulation, thereby reducing management overhead, the capabilities remain relatively standard compared to market leaders.

Purchase Considerations
Cymulate offers a flexible pricing model with standalone ASM capabilities or discounted bundling with other services like breach and attack simulation (BAS) and continuous automated red teaming (CART). Support services are included in the base cost, providing value alignment.

The solution serves the SMB and large enterprise market segments thanks to its scalable architecture and comprehensive feature set. The ability to handle standard enterprise scaling requirements while maintaining accessibility for smaller deployments demonstrates broad market applicability.

The solution features automated noise filtration and seamless integration capabilities that streamline implementation. While discovery frequency is static and staged, the approach maintains data freshness without overwhelming users with updates.

Use Cases
The solution excels in providing visibility into third-party security risks, helping organizations validate security controls across vendor relationships and subsidiaries. The continuous monitoring capabilities help identify potential security gaps before they impact business operations.

The solution addresses risks associated with internet-facing assets by providing continuous monitoring and validation of external security controls. This includes identifying potential exposures and validating the effectiveness of existing security measures.

For organizations with established security operations, Cymulate enhances existing capabilities by providing automated security validation and continuous testing. The integration capabilities help security teams streamline operations while maintaining comprehensive visibility of their security posture.

Detectify: Surface Monitoring

Solution Overview
Detectify delivers attack surface management capabilities through its Surface Monitoring solution, focusing on continuous security validation of web applications and cloud infrastructure. In the past year, the vendor has expanded its automated testing capabilities and enhanced its cloud security features.

The solution operates as part of Detectify’s broader security testing portfolio, which includes modules for automated security scanning and continuous asset monitoring. These components leverage crowdsourced security research to provide automated discovery and validation of security issues across web-facing assets.

Detectify takes a specialized approach to attack surface management by focusing on web application security and cloud infrastructure monitoring. This strategy emphasizes automated security testing enhanced by crowdsourced security research, focusing especially on validating exploitable vulnerabilities rather than theoretical risks.

Detectify is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant of the ASM Radar report.

Strengths
Detectify scored well on a number of the decision criteria, including:

• Third-party risk identification: Detectify offers comprehensive technology fingerprinting capabilities, effectively identifying vendor-specific vulnerabilities while enabling organizations to create custom policies and reports for third-party risk management.
• Attack path analysis: The solution’s network graph visualization capabilities provide detailed “connected data” views that effectively illustrate asset relationships and highlight vulnerable connections across the attack surface.
• Asset correlation: Detectify’s network graph visualization approach maps asset exposure context, relationships, and location. This helps organizations evaluate the potential impact of vulnerabilities across their attack surface.

Challenges
Detectify has room for improvement in the following decision criteria:

• Custom threat intelligence: Detectify does not currently include this feature in the solution, creating a gap in threat intelligence integration and customization capabilities.
• Dark web monitoring: Detectify does not currently provide this feature, limiting organizations’ ability to identify potentially compromised assets or credentials in dark web sources.
• Internal ASM: Detectify offers only limited internal visibility capabilities. While the solution can connect to major cloud providers to enumerate assets and discover known CVEs and misconfigurations, its internal asset management capabilities remain basic.

Purchase Considerations
Detectify offers transparent pricing with flexible purchase options, including direct procurement or buying through managed partners. The availability of a free self-guided trial helps organizations evaluate fit before committing to a purchase.

The solution is effectively productized with clear feature sets, though limitations in attack surface coverage may impact organizations requiring comprehensive asset management. The straightforward licensing model helps organizations understand what they’re getting.

The solution serves the SMB and large enterprise market segments through its scalable architecture and streamlined onboarding process. The platform’s ease of use and operational efficiency make it particularly suitable for organizations with limited security resources.

The solution offers consistent discovery scheduling with 24-hour baseline scans and configurable DAST testing frequencies. This structured approach helps maintain predictable operations while allowing some flexibility for specific testing requirements.

Use Cases
The solution excels in continuous security validation of web applications and cloud infrastructure, helping development teams maintain security controls during rapid deployment cycles. The automated testing capabilities provide consistent validation of security controls across web-facing assets.

For organizations with CI/CD pipelines, Detectify offers specialized capabilities for automating security testing within development workflows. The solution helps maintain security visibility during frequent code releases while validating security controls in testing environments.

Through its focused testing capabilities, Detectify helps organizations validate the security of exposed APIs and web services. The automated approach helps identify potential vulnerabilities in API implementations before they can be exploited.

FireCompass: External Attack Surface Management

Solution Overview
FireCompass delivers attack surface management capabilities through its External Attack Surface Management Platform. In the past year, the vendor has steadily enhanced its core capabilities while expanding integration features and improving its automated testing capabilities.

The solution operates as part of FireCompass’s broader security testing platform, which includes modules for continuous security testing, breach and attack emulation, and red teaming automation. These components work together to provide continuous monitoring and validation of security controls across the external attack surface.

FireCompass takes a measured approach to attack surface management by focusing on automated security testing and continuous validation. This strategy emphasizes maintaining comprehensive visibility while validating the effectiveness of existing security controls, particularly focusing on validated threats rather than theoretical vulnerabilities.

As an established vendor with a moderate feature release cadence, the solution will look and feel largely the same over the contract lifecycle. FireCompass prioritizes stability and continuity in its approach to development, focusing on methodical improvements to core functionalities. The vendor makes incremental enhancements to its existing features, particularly in areas of security control validation, compliance reporting, and detection accuracy.

FireCompass is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
FireCompass scored well on a number of the decision criteria, including:

• Attack path analysis: Although the solution refers to this as Attack Path Discovery, the feature is the same in terms of capability. FireCompass’s sophisticated red teaming modules identify complex multistage attack paths. The solution continues to develop advanced exploitation detection capabilities to enhance validation and impact analysis of potential attack vectors.
• Risk scoring: FireCompass offers a proprietary risk-scoring methodology that considers asset priority, severity, and exploit likelihood. The solution allows customers to modify scoring parameters based on their specific context, providing flexible risk assessment capabilities.
• Custom threat intelligence: FireCompass’s API capabilities enable the sharing of ASM information with other solutions. This allows organizations to leverage the solution’s findings as a threat feed, enhancing their broader security infrastructure.

Challenges
FireCompass has room for improvement in the following decision criteria:

• Internal ASM: FireCompass provides only limited internal visibility capabilities. While the solution can identify internal assets as part of multistage attack analysis, it lacks dedicated internal asset discovery capabilities within its ASM solution.
• Asset correlation: FireCompass’s approach to asset correlation is fairly basic. While the solution automatically correlates assets via IP addresses, domains, and cloud environments to identify relationships and attack paths, it would benefit from more sophisticated correlation techniques.
• Dark web monitoring: FireCompass offers limited dark web monitoring capabilities. While the solution collects information from IntelX (Intelligence X) and Daily (Intel 471 Daily Intelligence) sources, the implementation and usage of this data appears basic, primarily focused on asset enrichment rather than comprehensive dark web intelligence.

Purchase Considerations
FireCompass offers straightforward asset-based licensing with terms ranging from one to five years. The pricing model is transparent and aligns with typical market expectations for attack surface management solutions. The solution demonstrates clear productization with its core functionality focused on ASM and automated penetration testing capabilities.

The solution fits organizations seeking comprehensive attack surface visibility with automated discovery capabilities. The minimal setup requirements and intuitive interface reduce the need for extensive training or professional services, making it accessible to security teams regardless of their technical expertise. This is particularly relevant for enterprises managing large, complex networks, as the agentless architecture supports scalability without additional infrastructure investments.

The automated nature of the solution, combined with flexible discovery scheduling options, suggests straightforward deployment processes. All discovery capabilities—whether on-demand, scheduled, or event-triggered—are included in the base license, eliminating the need to navigate complex module selection or additional feature purchases.

Use Cases
FireCompass serves organizations needing advanced attack surface management with a focus on red team automation and third-party risk assessment. The solution is particularly suited for enterprises in regulated industries such as financial services and healthcare because continuous security validation is essential for them. Its automated red teaming capabilities help security teams identify complex attack paths that could compromise critical assets, while its passive assessment options enable safe testing of sensitive systems.

The solution works well for organizations managing extensive third-party relationships, offering continuous monitoring of vendor security postures and associated risks. Its asset categorization and custom risk-scoring features support companies that need to align security assessments with specific compliance requirements or business contexts.

Organizations with hybrid cloud environments benefit from FireCompass’s ability to correlate assets across different infrastructure types, though internal asset discovery is limited. The solution’s API-driven threat intelligence sharing capabilities make it suitable for enterprises with mature security programs looking to integrate attack surface management data with their existing security tools.

Fortinet: FortiRecon

Solution Overview
FortiRecon is an ASM and digital risk protection solution from the established cybersecurity vendor Fortinet. The solution integrates with Fortinet’s broader security fabric architecture while also functioning as a standalone offering. FortiRecon combines asset discovery, risk monitoring, and threat intelligence to provide visibility into an organization’s external attack surface.

The solution consists of three primary modules: exposure, Brand Protection, and Adversary Centric Intelligence (ACI), each addressing different aspects of external risk management. FortiRecon delivers automated asset discovery and continuous monitoring capabilities while integrating with existing Fortinet deployments for enhanced threat detection and response.

The solution emphasizes rapid advancement in emerging areas of attack surface management, particularly in its customer threat intelligence and dark web monitoring capabilities. FortiRecon ASM demonstrates its innovative approach via frequent feature releases and continuous expansion of its detection capabilities. The solution’s development roadmap focuses on enhancing automated discovery mechanisms and expanding its threat intelligence correlation capabilities. FortiRecon ASM’s innovation strategy is evidenced by its aggressive feature development and the incorporation of emerging ASM capabilities that extend beyond traditional asset discovery and monitoring.

Fortinet is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
FortiRecon scored well on a number of the decision criteria, including:

• Internal ASM: FortiRecon’s comprehensive internal network monitoring capabilities include credential-based asset discovery, vulnerability assessment, and threat intelligence correlation using lightweight scanner containers. The solution provides configurable scan intervals, MITRE ATT&CK mapping, and prioritized risk scoring focused on lateral movement prevention.
• Custom threat intelligence: FortiRecon’s integration of FortiGuard Labs output with ACI delivers organization-specific threat insights and ransomware intelligence while correlating scan results with actively exploited vulnerabilities for supply chain risk prioritization.
• Dark web monitoring: FortiRecon’s ACI module offers continuous monitoring of dark web marketplaces, hacker communities, and ransomware operator sites, providing curated threat intelligence about vendor targeting and potential supply chain attacks.

Challenges
Fortinet has room for improvement in the following decision criteria:

• Asset categorization: Fortinet depends on FortiAnalyzer for advanced categorization features, which may create additional complexity and cost for organizations seeking comprehensive asset management capabilities within a single solution.
• Assessment of vulnerabilities: Fortinet’s approach combines external (EASM) and internal (IASM) capabilities. While the solution provides continuous monitoring and credential-based scanning, there are opportunities to enhance the depth of vulnerability assessment through its FortiGuard service.
• Risk scoring: Fortinet relies on FortiGuard threat intelligence for vulnerability identification and risk prioritization. While the MITRE ATT&CK mapping provides valuable context, the scoring methodology could benefit from more granular customization options to address specific industry requirements and organizational risk frameworks.

Purchase Considerations
The licensing structure for Fortinet’s solution follows a subscription-based model with flexible options that integrate within its broader security ecosystem. Pricing is straightforward and transparent, though buyers should note that certain core functionalities like asset categorization require FortiAnalyzer, which represents an additional cost consideration.

The solution’s capabilities are clearly defined, with external attack surface management and internal asset monitoring being the primary elements. The requirement of FortiAnalyzer for asset categorization adds a layer of complexity to the deployment architecture, though this doesn’t significantly impact scalability. The solution is well suited for organizations already invested in the Fortinet ecosystem, particularly those using FortiEDR or FortiAnalyzer.

Implementation follows standard industry practices, beginning with seed data for attack surface management and software deployment for internal monitoring. The onboarding process is streamlined, with intuitive interfaces and straightforward integration procedures. Organizations already using Fortinet products will find the implementation process particularly smooth due to native integration capabilities.

Use Cases
FortiRecon excels in hybrid environment monitoring via its integrated internal and external scanning capabilities. Organizations managing both on-premises and cloud infrastructure can leverage FortiRecon’s lightweight scanner containers for continuous internal monitoring while maintaining visibility of their external attack surface through the FortiCNAPP integration.

Manufacturing companies with complex supply chains benefit from FortiRecon’s comprehensive vendor risk monitoring. The solution combines dark web intelligence, security incident tracking, and attack surface analysis to provide early warning of potential supply chain compromises, while the ACI module delivers specific intelligence about threats targeting industrial operations.

Healthcare providers can use FortiRecon’s credential-based scanning and MITRE ATT&CK mapping to maintain security across clinical networks. The solution’s ability to perform nondisruptive internal asset discovery while correlating findings with FortiGuard threat intelligence helps protect sensitive medical systems and patient data without impacting care delivery.

Google: Threat Intelligence Service

Solution Overview
Google provides comprehensive threat intelligence and security validation solutions that operate as a key component of the company’s broader integrated security portfolio, which allows it to maintain its established position in cyberthreat intelligence.

The ASM solution combines multiple integrated components, including Attack Surface Monitoring, Digital Threat Monitoring, and Threat Intelligence. These components work together while maintaining individual functionality, leveraging its extensive threat research capabilities and Google Cloud’s infrastructure. The product suite includes specific modules for attack surface management, security testing, and intelligence operations.

The solution reflects Google’s mature approach through its emphasis on stability and consistent performance in threat detection and response capabilities. Its development prioritizes incremental improvements to existing capabilities, particularly in areas of intelligence accuracy, dark web monitoring, and integration capabilities. The company demonstrates methodical advancement of core features while maintaining reliability.

Google is positioned as a Challenger and Forward Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Google scored well on a number of the decision criteria, including:

• Dark web monitoring: Google offers comprehensive monitoring of dark web marketplaces and private encrypted channels for compromised credentials, supply chain targeting, and malicious activity. The solution leverages specialized access and threat intelligence to detect potential attacks and data leaks across underground communities.
• Assessment of vulnerabilities: Google provides an active testing approach to verify known vulnerabilities, such as Log4j, ensuring accuracy of scan results.
• Custom threat intelligence: Google’s renowned custom threat intelligence sources are integrated throughout the solution.

Challenges
Google has room for improvement in the following decision criteria:

• Attack path analysis: Google does not currently offer this capability in its solution, creating a significant gap for organizations needing to understand potential attack vectors and exploitation paths within their infrastructure.
• Internal ASM: Google does not provide this feature in its solution, limiting organizations’ ability to discover, monitor, and manage internal assets as part of their attack surface management program.
• Risk scoring: Google’s implementation of its risk quantification methodologies is unclear. While Google’s data science team has developed sophisticated risk quantification approaches, the integration of these methods into its ASM technology appears limited, potentially reducing the practical value of its risk scoring capabilities.

The solution is classified as a Forward Mover due to Mandiant’s recent acquisition by Google Cloud and the ongoing integration efforts. While this acquisition provides potential for enhanced capabilities and resources, the current transition period has resulted in a slower pace of feature development and innovation, particularly in addressing critical gaps such as attack path analysis and internal ASM capabilities.

Purchase Considerations
Google’s solution employs an all-inclusive pricing model that incorporates its renowned threat intelligence capabilities. While the cost structure may be challenging for smaller organizations, it provides comprehensive functionality without additional licensing complexity. The pricing approach is transparent, though the investment level positions it more appropriately for mid to large enterprises.

The solution delivers standard attack surface management capabilities with continuous discovery and real-time asset enrichment. This approach ensures asset visibility remains current without requiring user intervention. The functionality is well defined, covering common ASM use cases without unnecessary complexity.

Implementation is supported by Google’s team, simplifying the onboarding process. The user interface is intuitive, and the solution requires minimal maintenance due to automated enrichment processes. The automation of key functions reduces operational overhead while maintaining comprehensive coverage.

The solution demonstrates strong market fit for organizations seeking comprehensive attack surface management with integrated threat intelligence. It particularly suits organizations that value automated operations and can justify the investment in a premium solution. The scalability meets industry standards, making it suitable for growing enterprises. The assisted implementation approach and automated enrichment make it appropriate for teams seeking a hands-off operational model while maintaining robust capabilities.

Use Cases
Google excels in scenarios requiring deep threat intelligence integration with attack surface monitoring. Financial services organizations can leverage its extensive dark web monitoring capabilities across private encrypted channels to detect potential data breaches and credential compromises before they impact operations, while active vulnerability testing provides confidence in assessment findings.

Organizations with complex supply chains benefit from Google’s dedicated supplier monitoring features. The solution’s read-only Collections subscriptions enable security teams to maintain comprehensive visibility of vendor assets while leveraging Google’s renowned threat intelligence to identify emerging risks to critical suppliers.

Government agencies can leverage Google’s ability to actively verify high-profile vulnerabilities like Log4j across their infrastructure. The solution’s combination of active testing and dark web intelligence helps protect sensitive systems from emerging threats while maintaining continuous awareness of potential nation-state activities targeting government assets.

Group-IB

Solution Overview
Group-IB delivers a comprehensive range of cybersecurity and cyber fraud solutions through its unified security platform portfolio. The ASM solution functions as a standalone product within this portfolio, helping organizations to discover, monitor, and analyze their external-facing digital assets. It offers seamless integration with both internal and external products to enhance operational efficiency.

Leveraging Group-IB’s threat intelligence capabilities, the ASM solution provides context-rich insights into potential vulnerabilities and exposures. Additionally, it supports the discovery of cloud assets through integrations with popular external cloud service providers.

Group-IB demonstrates an innovative approach through rapid feature development and continuous expansion of its detection capabilities. The company emphasizes technological advancement and frequently updates its solution to address emerging attack vectors and digital risks. The ASM component benefits from Group-IB’s extensive threat intelligence network and research capabilities, incorporating new threat detection methods and automated response features regularly.

Group-IB is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
Group-IB scored well on a number of the decision criteria, including:

• Dark web monitoring: Group-IB offers integrated threat intelligence and dark web monitoring capabilities through its dark web scraping engine. The solution employs machine learning to automatically collect, categorize, and assess hacker communications about client infrastructure while providing detailed threat actor intelligence and recommended actions.
• Asset correlation: Group-IB’s comprehensive Internet Graph combines domain, subdomain, certificate data, web scans, and malware detection with historical WHOIS/DNS records and threat intelligence. The solution enables customer-specific asset discovery through proprietary filtering algorithms and visualizes connections between domains, IPs, certificates, SSH keys, files, and registration details.
• Third-party risk identification: Group-IB can enable a ”partner” role designation for monitoring and threat searching across multiple affiliated companies through a single customer account.

Challenges
Group-IB has room for improvement in the following decision criteria:

• Custom threat intelligence: Group-IB does not currently offer this feature, creating a significant gap for organizations requiring tailored threat intelligence integration and customization of their attack surface monitoring.
• Attack path analysis: Group-IB focuses on credential-based threats and brand reputation impacts. While the solution provides detailed detection rationales and threat actor context, it could enhance its capabilities in mapping complex attack paths across hybrid environments.
• Internal ASM: Group-IB provides somewhat limited cloud integration capabilities. Although the solution offers real-time security monitoring for cloud environments, the planned expansion to additional providers indicates gaps in comprehensive coverage across diverse cloud infrastructures that many enterprises require.

Purchase Considerations
Group-IB employs a straightforward prepaid SaaS licensing model that includes all ASM features and support services in a single package. This comprehensive approach differs from that of competitors who use à la carte pricing models, making it easier for organizations to understand total costs upfront. The solution can be purchased independently or combined with other Group-IB offerings, providing procurement flexibility.

The solution focuses on core ASM functionalities without unnecessary complexity. Asset discovery is performed daily and through continuous full internet scans, complemented by separate scans of the client’s infrastructure to ensure up-to-date results. For local deployments, scans can be conducted as frequently as the client requires. Cloud assets are scanned in real time through seamless integration, and an upcoming MSSP feature will enable on-demand discoveries for managed service providers.

Implementation is streamlined, with customers typically managing the setup process independently. The recently overhauled user interface has enhanced usability, making the solution more intuitive to navigate and operate. The scalability aligns with industry standards for ASM solutions.

The solution is well suited for organizations seeking a focused ASM tool with straightforward implementation and clear pricing structure. It particularly appeals to organizations that want comprehensive ASM capabilities without complex licensing arrangements and value simplified deployment processes. The ability to integrate with other Group-IB products offers additional value for organizations considering a broader security ecosystem from the same vendor.

Use Cases
Group-IB excels at monitoring sophisticated cyberthreats through its advanced dark web intelligence capabilities. Financial institutions can leverage its machine learning-powered dark web scraping engine to detect early indicators of targeted attacks and exposed credentials, while the comprehensive asset correlation helps identify potential security gaps across their digital infrastructure.

Organizations managing complex partner ecosystems benefit from Group-IB’s ability to monitor multiple affiliated companies through a single account. The solution’s Internet Graph technology maps connections between domains, certificates, and registration details, providing clear visibility of potential security risks across business relationships.

Insurance companies leverage Group-IB ASM to evaluate the cyber risk profiles of potential clients. By assessing a company’s exposed assets, vulnerabilities, and overall cyber resilience, insurers can make informed decisions about qualifying organizations for cyber insurance policies.

Hadrian: Continuous Asset Discovery

Solution Overview
Hadrian delivers an ASM solution focused on continuous security validation and automated penetration testing. The company’s approach combines asset discovery with active security validation to provide organizations with actionable intelligence about their security posture.

The solution operates as an integrated security validation engine that combines multiple scanning and testing methodologies. Hadrian’s core offering includes automated asset discovery, vulnerability scanning, and security validation components that work together to simulate real-world attack scenarios. The solution performs continuous assessment of digital assets while providing contextual insights about potential security weaknesses.

Hadrian demonstrates its innovative approach through rapid development of automated testing capabilities and expansion of its attack simulation features. The company emphasizes technological advancement in areas such as machine learning-powered scanning and automated penetration testing methodologies. Its solution regularly incorporates new attack techniques and testing scenarios to reflect current threat landscapes.

Hadrian is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
Hadrian scored well on a number of the decision criteria, including:

• Attack path analysis: Hadrian’s graph-based visualization capabilities map cross-asset connections, attack paths, and multistage exploit scenarios. The solution performs attacker-focused testing to identify paths of least resistance across interconnected digital assets.
• Assessment of vulnerabilities: Hadrian’s “Orchestrator” AI performs OWASP top-ten-style attacks on attack surfaces to identify known and zero-day threats. The capability is updated daily with human intelligence, continuously fed by threat intelligence, and performs both active and passive risk identification on all assets.
• Risk scoring: Hadrian offers stakeholder-specific vulnerability categorization that personalizes risks. The solution allows users to recategorize severity levels, and this feedback is used to train Hadrian’s machine learning models for improved accuracy.

Challenges
Hadrian has room for improvement in the following decision criteria:

• Internal ASM: Hadrian’s internal asset management capabilities are gained through its integration and partnership with XM Cyber. Through the XM Cyber technology, a broad understanding of internal attack surface risks can be obtained, although its primary purpose is the collection of vulnerability and risk data with limited proactive options.
• Third-party risk identification: Hadrian’s context-aware asset analysis approach provides continuous monitoring and threat intelligence integration, but the solution would benefit from enhancing the depth of third-party infrastructure mapping and risk assessment, particularly for complex supply chain relationships.
• Custom threat intelligence: Hadrian offers integration with various security tools and communication platforms, but while the solution can function as a threat intelligence source, there are opportunities to expand the customization options and enhance the depth of threat intelligence creation and management capabilities.

Purchase Considerations
Hadrian either uses a direct sales model or it can be purchased through a channel partner (like a VAR). Regardless of the seller, it will come standard with straightforward licensing that includes all features and support services without requiring add-ons. The pricing structure is transparent, with comprehensive support and customer success management included in the base offering.

The solution is well defined in its scope, covering standard ASM capabilities while extending to include third-party risk assessments, DNS monitoring, and phishing page detection. The ability to customize data presentation for different internal teams like SOC, DevOps, compliance, and security teams adds value without introducing unnecessary complexity.

Implementation is guided by a customer success manager (CSM), with typical onboarding completing within two weeks. The solution requires minimal maintenance as risk validations are managed by the Hadrian team. Monthly alignment sessions with the CSM ensure ongoing optimization and value realization. The user interface is intuitive and accommodates various user personas effectively.

The solution demonstrates a strong market fit for organizations seeking comprehensive attack surface management with built-in third-party risk capabilities. The continuous discovery process, which adapts based on detected changes in the attack surface, provides effective coverage without requiring customer intervention. The guided implementation approach and ongoing customer success support make it particularly suitable for organizations that value hands-on vendor collaboration.

Use Cases
Hadrian is well suited for organizations requiring sophisticated attack simulation capabilities combined with intelligent vulnerability assessment. Security teams can leverage its orchestrator AI to perform OWASP-style attacks, identifying both known vulnerabilities and potential zero-day threats across their attack surface. The solution’s daily updates from human intelligence sources ensure testing remains current with emerging threats.

Organizations managing complex digital infrastructures benefit from Hadrian’s graph-based visualization of attack paths. The solution maps interconnected assets and identifies least-resistant attack routes, while its contextual fingerprinting helps security teams understand relationships between different system components.

Security operations teams can use Hadrian’s stakeholder-specific vulnerability categorization to align risk assessment with business priorities. The solution’s machine learning models improve through user feedback, creating increasingly accurate risk assessments based on organizational context. Custom filtering options across services, ASNs, and technology types enable precise asset management and risk prioritization.

Intel 471

Solution Overview
Intel 471 delivers a threat intelligence solution through its comprehensive Intelligence Operations product suite. The company focuses on providing actionable threat intelligence and adversary tracking capabilities by combining automated data collection with human analysis.

The solution operates using multiple integrated components, including Malware Intelligence, Credential Intelligence, and Attack Surface Protection. These modules work together while maintaining individual functionality, leveraging Intel 471’s global collection network and analysis capabilities. The product suite includes TITAN, the vendor’s core threat intelligence offering, complemented by specialized modules for specific intelligence requirements.

Intel 471 demonstrates its innovative approach through rapid expansion of collection capabilities and continuous advancement of its analysis features. The company emphasizes technological development in areas such as automated intelligence gathering and real-time threat monitoring. Its solution regularly incorporates new data sources and analysis methodologies to maintain coverage of emerging threats.

Intel 471 is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
Intel 471 scored well on a number of the decision criteria, including:

• Assessment of vulnerabilities: Intel 471’s comprehensive identification capabilities extend beyond common ASM assets to include unique meta-assets such as crypto wallet addresses, phone numbers, human names, and usernames. The solution leverages the company’s deep expertise in dark web counter threat intelligence and integrates it throughout the assessment process.
• Third-party risk identification: Intel 471 offers a combination of automated asset discovery across more than 200 OSINT sources with regular scanning, vulnerability detection, and cyberthreat intelligence integration. The solution monitors both organizational and third-party digital footprints while providing alerts for significant changes requiring attention.
• Custom threat intelligence: Intel 471 provides highly curated, often human-led, threat intelligence and counter threat intelligence collected from unique sources. The intelligence is carefully applied throughout the solution, demonstrating advanced capabilities in this area.

Challenges

Intel 471 has room for improvement in the following decision criteria:

• Attack path analysis: Intel 471 does not currently offer this feature, creating a significant gap for organizations needing to understand potential attack vectors and exploitation paths within their attack surface.
• Risk scoring: Intel 471 does not provide risk-scoring capabilities, limiting organizations’ ability to prioritize and assess the severity of identified threats and vulnerabilities.
• Dark web monitoring: Intel 471 offers only basic asset annotation capabilities. The solution’s limited categorization features restrict users’ ability to effectively organize and analyze dark web findings, as it lacks the robust classification and categorization mechanisms needed for comprehensive dark web threat analysis.

Purchase Considerations
Intel 471’s solution employs a tiered pricing model with three distinct levels, offering a flat rate structure with optional add-ons for specialized features. The pricing approach is transparent, allowing organizations to clearly understand their investment and potential costs for additional capabilities.

The solution structure is well defined, with automated threat intelligence correlation and tier-1 analysis built into the core offering. The information architecture is intuitive, placing relevant data where users expect to find it, which streamlines operational efficiency. While the solution was previously distinguished by unique threat intelligence capabilities, market competition has begun to narrow this differential advantage.

The cloud-based infrastructure employs modern architecture principles, supporting flexible scaling requirements. The base offering includes a substantial allocation of user seats and assets, reducing the need for frequent licensing adjustments. Asset discovery operates continuously, adapting to assets and search methods, which aligns with current market standards.

The solution demonstrates strong market fit for organizations across various industries, countries, and sizes. It particularly suits organizations seeking automated threat intelligence correlation with straightforward pricing. The included seat allocation and asset coverage make it appropriate for both growing organizations and established enterprises. The automated tier-1 analysis capabilities provide value for teams seeking to reduce manual analysis workload.

Use Cases
Intel 471’s capabilities are particularly valuable for organizations requiring deep threat intelligence integration with attack surface management. Financial institutions can leverage Intel 471’s unique ability to monitor crypto wallet addresses and unconventional digital assets while relying on its curated threat intelligence to protect against sophisticated financial crimes.

Organizations with complex third-party ecosystems benefit from Intel 471’s comprehensive vendor monitoring across 200+ OSINT sources. The solution’s ability to track unusual identifiers like usernames and phone numbers provides deeper visibility into potential supply chain risks, while human-led threat intelligence offers context for detected vulnerabilities.

Government agencies and critical infrastructure operators can tap into Intel 471’s extensive counter threat intelligence capabilities to understand and prepare for nation-state threats. The solution’s integration of dark web intelligence with attack surface monitoring helps identify potential attacks before they materialize, while automated scanning maintains continuous visibility of critical assets.

Intruder, Attack Surface Monitoring

Solution Overview
Intruder provides a vulnerability scanning and attack surface monitoring solution focused on continuous security assessment. The company specializes in delivering automated security scanning with an emphasis on reducing false positives and providing actionable remediation guidance.

The solution operates as a standalone vulnerability scanning service, combining automated discovery with contextual analysis of security findings. The core offering includes continuous monitoring, emerging threat detection, and vulnerability assessment components. Intruder’s solution integrates various scanning engines to identify security weaknesses while maintaining focus on enterprise-grade reliability.

The solution reflects Intruder’s methodical approach through its emphasis on stability and consistent performance. Its development prioritizes incremental improvements to existing capabilities, particularly in areas of scan accuracy, compliance reporting, and integration capabilities. The company demonstrates methodical advancement of core features rather than rapid expansion into new functionality areas.

Intruder is positioned as an Challenger and Forward Mover in the Maturity/Feature Play quadrant of the ASM Radar report.

Strengths
Intruder scored well on a number of the decision criteria, including:

• Risk scoring: Intruder’s comprehensive risk-scoring approach begins with CVSS3 and is enhanced by human analysts who overlay Cybersecurity and Infrastructure Security Agency (CISA) data regarding exploitability and active exploitation. The solution also factors in the sensitivity of assets, such as those storing customer data or databases, and their internet exposure status.
• Assessment of vulnerabilities: Intruder offers active assessment capabilities across all assets as a method to reduce noise. Additionally, members of the Intruder team review scan results for opportunities to enrich findings.
• Internal ASM: Intruder provides agent-based internal ASM capabilities, though this has an inherent limitation that assets must be known prior to agent deployment.

Challenges
Intruder has room for improvement in the following decision criteria:

• Asset categorization: Intruder has only limited categorization capabilities. While the solution performs well with cloud assets, it needs enhancement in categorizing other asset types and providing more comprehensive classification options.
• Asset correlation: Intruder takes an exposure-centric approach. The solution’s correlation capabilities are limited to connecting assets with their associated vulnerabilities, and it lacks the ability to map relationships between assets themselves, which hampers the identification of potential attack chains and complex threat scenarios.
• Custom threat intelligence: Intruder’s threat intelligence framework is rigid. While the solution includes built-in threat intelligence sources, it doesn’t allow organizations to integrate their own threat intelligence or export findings for use in other security tools, significantly limiting its flexibility and integration potential.

Intruder is classified as a Forward Mover due to its relatively slow rate of development in recent months, particularly in addressing key feature gaps such as asset correlation and custom threat intelligence capabilities.

Purchase Considerations
Intruder’s solution features transparent, modular pricing that is clearly displayed on its product site. The ability to select specific components of the SaaS offering provides flexibility in purchasing decisions, allowing organizations to align costs with their specific needs.

The solution combines traditional attack surface management with robust vulnerability management capabilities, differentiating it from typical ASM offerings. The functionality is well defined and productized, with continuous discovery across all features. Users maintain control over cloud asset synchronization and subdomain enumeration frequencies.

The implementation process is notably streamlined, requiring no vendor support for onboarding. The emphasis on automation and user experience has resulted in a solution that prioritizes simplicity without sacrificing functionality. The interface is designed to minimize complexity while maintaining comprehensive feature access.

The solution demonstrates strong market fit for organizations seeking combined attack surface and vulnerability management capabilities. It particularly suits organizations that value self-service implementation and prefer clear, modular pricing structures. The automated approach and simple user experience make it appropriate for teams with varying levels of technical expertise, while the scalability meets standard market expectations.

Use Cases
Intruder is particularly effective for small to medium-sized businesses without security expertise who are seeking straightforward vulnerability management. Its simplified approach helps organizations identify and prioritize security issues through automated scanning combined with human analysis, making complex security concepts accessible to nontechnical teams.

Organizations with limited IT resources benefit from Intruder’s ability to reduce alert noise through active assessment and intelligent risk scoring. The solution’s integration of CVSS3 scores with CISA data and asset sensitivity creates clear priorities for remediation, while human analyst oversight ensures accuracy without requiring in-house security expertise.

Companies starting their security journey can turn to Intruder’s agent-based internal scanning to gain visibility of known assets. This straightforward approach to vulnerability management helps businesses establish basic security practices while building more comprehensive security programs.

IONIX

Solution Overview
IONIX delivers a comprehensive attack surface management solution that combines asset discovery with risk-based vulnerability prioritization. The company focuses on providing automated security validation and exposure management through continuous monitoring of both internal and external attack surfaces.

The solution operates as an integrated security ecosystem that combines multiple components, including asset discovery, risk assessment, and exposure management. IONIX’s offering leverages machine learning and automation to identify, classify, and prioritize security risks across digital assets. The solution includes modules for asset intelligence, vulnerability management, and risk prioritization, which work together to provide a unified view of organizational cyber risk.

IONIX demonstrates its innovative approach through rapid development of automated discovery capabilities and advanced risk analytics features. The company emphasizes technological advancement in areas such as automated asset classification and contextual risk scoring. The solution regularly incorporates new detection methodologies and analysis capabilities to address emerging security challenges.

IONIX is positioned as a Challenger and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar report.

Strengths
IONIX scored well on a number of the decision criteria, including:

• Assessment of vulnerabilities: IONIX offers strong active assessment capabilities that provide accurate risk assessment, remediation guidance, and validation of findings impacting prioritization. The solution leverages proprietary ML specifically to better understand asset relationships and complex risks created by vulnerabilities and these relationships.
• Asset categorization: IONIX’s comprehensive categorization approach follows three key drivers—identifying organization-owned assets, identifying digital supply chains that impact the client, and identifying unknown assets belonging to the client—effectively covering almost all types of digital assets.
• Custom threat intelligence: IONIX offers integration of external threat intelligence and correlation of dark web findings with asset inventories. The solution provides API access to its connective intelligence and threat exposure radar findings, enabling continuous threat exposure management across customer security systems.

Challenges
IONIX has room for improvement in the following decision criteria:

• Attack path analysis: IONIX does not currently offer this capability in its solution, creating a significant gap for organizations needing to understand potential attack vectors and exploitation paths within their infrastructure.
• Dark web monitoring: IONIX’s risk calculation blends in dark web threat intelligence data as part of the assessment of vulnerabilities. This intel comes from third party threat intel providers, and some of it is available via API for customer consumption.
• Internal ASM: IONIX provides only limited internal assessment capabilities. While the solution performs well with public cloud environments, it lacks capabilities for on-premises infrastructure assessment, creating potential visibility gaps for organizations with hybrid environments.

Purchase Considerations
IONIX employs an asset-based pricing model across three license tiers, with each tier offering different capabilities and modules. The discovery frequency varies by license type, ranging from daily to monthly scans, with an added capability that allows customers to initiate targeted scans manually. When critical zero-day vulnerabilities emerge, IONIX performs targeted scans across all customer environments to identify and validate risks.

The solution’s functionality is well defined, supporting common attack surface management use cases while also offering specialized capabilities like digital risk protection for brand monitoring, incident response, and forensics. These capabilities are accessible across all license types, providing consistent feature access regardless of tier selection.

A notable strength is the solution’s approach to usability. The interface requires minimal technical knowledge to identify top threats and remediation steps, aligning well with the core purpose of attack surface management. This makes it particularly suitable for organizations with varying levels of technical expertise.

The solution demonstrates strong market fit for organizations seeking comprehensive attack surface management with minimal technical overhead. The tiered pricing structure allows organizations to select the appropriate level of scanning frequency and capabilities based on their needs. The scalability meets industry standards, making it suitable for organizations of various sizes.

Use Cases
IONIX is particularly effective for organizations requiring comprehensive asset discovery across complex digital ecosystems. Its three-tiered categorization approach helps enterprises identify and manage not only their own assets but also those within their digital supply chain, making it valuable for companies with extensive third-party relationships.

Security teams benefit from IONIX’s ability to conduct multidimensional risk scoring that considers both individual vulnerabilities and their cumulative impact on assets. The solution’s peer comparison feature helps organizations benchmark their security posture against industry standards, while its OWASP-aligned assessment provides structured vulnerability evaluation.

Organizations can leverage IONIX’s integrated threat intelligence capabilities to enhance their security operations. The solution’s connective intelligence and threat exposure radar findings, accessible via API, enable security teams to maintain continuous awareness of emerging threats while correlating dark web findings with their asset inventory.

JupiterOne

Solution Overview
JupiterOne delivers a cyber asset ASM solution that combines asset discovery, relationship mapping, and security posture management. The company focuses on providing unified visibility and context across cloud, on-premises, and SaaS environments through automated asset discovery and relationship analysis.

The solution operates as an integrated security ecosystem that combines asset inventory, security posture assessment, and compliance monitoring capabilities. JupiterOne’s core offering leverages graph-based technology to map relationships between assets and provide contextual security insights. The solution includes components for asset discovery, relationship visualization, and security policy management, which work together to create a comprehensive view of an organization’s security landscape.

JupiterOne demonstrates its innovative approach with rapid development of asset relationship mapping capabilities and continuous advancement of its graph-based analysis features. The company emphasizes technological development in areas such as automated asset discovery and relationship contextualization. The solution regularly incorporates new integration capabilities and analysis methodologies to address emerging security challenges.

JupiterOne is positioned as a Leader and Fast Mover in the Innovation/Platform Play quadrant of the ASM Radar chart.

Strengths
JupiterOne scored well on a number of the decision criteria, including:

• Attack path analysis: JupiterOne’s Security Graph continuously maps asset relationships and vulnerabilities through a graph-based data model. The solution visualizes attack paths, assesses blast radius, and prioritizes remediation efforts based on business impact and real-world exploitability while providing real-time monitoring of evolving threats.
• Third-party risk identification: JupiterOne offers automated integration and relationship mapping of vendor assets for third-party risk assessment. The solution continuously monitors security posture, attack paths, and external attack surfaces through its EASM add-on to identify and mitigate vendor-related vulnerabilities in real time.
• Custom threat intelligence: JupiterOne provides custom threat intelligence integration capabilities through data uploads and asset annotation, enabling organizations to enrich existing vulnerability data for environment-specific risk prioritization.

Challenges
JupiterOne has room for improvement in the following decision criteria:

• Dark web monitoring: JupiterOne’s CTEM solution requires an additional license cost, which may limit its dark web monitoring capabilities. While it incorporates threat actor targeting data, the separate licensing model may create barriers for organizations seeking integrated dark web monitoring within their core ASM solution.
• Assessment of vulnerabilities: JupiterOne is dependent on external partnerships for exploitability assessment. While the solution provides continuous data ingestion and business impact analysis, there are opportunities to enhance native vulnerability validation capabilities without relying on third-party integrations.
• Internal ASM: JupiterOne provides an agentless approach to internal asset discovery. While the solution effectively maps asset relationships across cloud and on-premises environments, there is room to improve the depth of asset visibility and control, particularly in complex hybrid infrastructures.

Purchase Considerations
JupiterOne’s solution employs an asset-based pricing model that scales according to cyber asset count, integration volume, and polling frequency. The pricing structure is transparent, with clear optional add-ons for external attack surface management, exploitability verification, and dedicated environments. This modular approach allows organizations to customize their security coverage based on specific requirements.

The solution effectively addresses core use cases around discovery and asset categorization, though it does not extend to active assessment capabilities like penetration testing or red team operations. The functionality is well defined, with strong asset management and attribution features that contribute to above-average scalability.

A notable strength is the solution’s approach to user interaction, incorporating AI-powered natural language processing that converts plain English questions into its proprietary query language (J1QL). This feature, combined with intuitive visualizations and predefined query suggestions, streamlines the user experience and accelerates access to insights.

The solution demonstrates strong market fit for organizations prioritizing comprehensive asset visibility and management. It particularly suits organizations that value natural language interfaces and prefer customizable pricing structures based on asset volume and integration needs. The scalability advantages make it appropriate for growing organizations, though buyers should note that specific discovery frequencies are not well documented in available materials.

Use Cases
JupiterOne excels in complex enterprise environments requiring detailed asset relationship mapping and third-party risk management. Organizations with extensive vendor ecosystems can leverage its comprehensive relationship mapping capabilities to understand connections between internal systems and external vendors, while continuous monitoring helps identify emerging security risks across the supply chain.

Financial institutions benefit from JupiterOne’s graph-based technology for regulatory compliance and risk assessment. The solution’s ability to automatically classify assets across more than 100 classes, while enabling custom tagging, helps maintain detailed asset inventories, while real-time scoring provides context-aware risk assessment of financial systems.

Large enterprises can rely on JupiterOne’s flexible data ingestion and custom threat intelligence integration to create a unified view of their security posture. The solution’s J1QL interface enables precise asset queries, while its EASM add-on provides continuous monitoring of external attack surfaces, helping security teams maintain comprehensive visibility across complex digital environments.

NetSPI, Attack Surface Management

Solution Overview
NetSPI provides comprehensive security services and products such as penetration testing, external attack surface management (EASM), breach and attack simulation (BAS), and cyber asset attack surface management (CAASM), delivered through its platform.

The solution combines multiple integrated components, including NetSPI’s Penetration Testing as a Service (PTaaS), Attack Surface Management, and Breach and Attack Simulation offerings. These modules work together while maintaining individual functionality, leveraging NetSPI’s extensive testing expertise and automation capabilities. The product suite includes specific modules for attack surface discovery, asset inventory, vulnerability scanning, penetration testing orchestration, and continuous security validation.

The solution reflects NetSPI’s mature approach through its emphasis on stability and consistent performance in security testing capabilities. Its development prioritizes incremental improvements to existing capabilities, particularly in areas of testing accuracy, reporting quality, and integration capabilities. The company demonstrates methodical advancement of core features while maintaining reliability.

NetSPI is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
NetSPI scored well on a number of the decision criteria, including:

• Attack path analysis: NetSPI provides visualization of attack paths through interactive graphs, attack flow diagrams, and MITRE ATT&CK mapping. The solution correlates vulnerabilities, asset criticality, and user identities to analyze compromise likelihood and lateral movement risks across the environment.
• Assessment of vulnerabilities: NetSPI’s combined automated and analyst-driven validation approach incorporates passive/active monitoring, exploit testing, vulnerability database enrichment, and product fingerprinting to deliver comprehensive exposure management with remediation verification.
• Dark web monitoring: NetSPI’s integration of curated dark web intelligence with open and closed source data enhances its threat alerting, enrichment, and prioritization capabilities.

NetSPI is classified as an Outperformer thanks to its accelerated development pace over the last 6 to 12 months, demonstrated by its expanded attack path analysis capabilities and enhanced vulnerability assessment features. The solution shows strong potential for continued market advancement through its comprehensive approach to security testing and validation.

Challenges
NetSPI has room for improvement in the following decision criteria:

• Internal ASM: NetSPI takes a segmented product approach following the Hubble acquisition. While the combined cyber asset attack surface management (CAASM) and EASM solutions provide comprehensive visibility, the separate licensing model and additional costs for internal ASM capabilities may create barriers for organizations seeking an integrated solution.
• Third-party risk identification: NetSPI relies on CAASM integration for third-party risk management. While the solution effectively identifies vulnerabilities across organizational and third-party assets, there is room to enhance native third-party risk assessment capabilities without depending heavily on the CAASM component.
• Asset categorization: Companies undergoing frequent mergers, acquisitions, or rapid digital transformation initiatives might find the current asset categorization framework requires frequent manual adjustments to maintain accuracy, potentially creating additional overhead for security teams managing dynamic infrastructure changes. The system’s reliance on IP addresses, domains, and cloud accounts as primary organizing principles might mean that enterprises with intricate organizational designs will need supplemental hierarchical structures.

Purchase Considerations
NetSPI’s solution employs a tiered subscription pricing model based on asset volume (IPs and domains) and subscription duration. The pricing structure is transparent and can be purchased independently or combined with other NetSPI Platform modules. The approach allows organizations to scale according to their attack surface complexity.

The solution provides comprehensive asset categorization capabilities, supporting diverse classification schemes, including but not limited to IP addresses, domains, ASNs, legal entities, applications, source code, network devices, cloud accounts, resources, and identities. The continuous monitoring system allows customizing of scan schedules within specific time windows to accommodate infrastructure sensitivities. An upcoming release will enable self-service capabilities for customized scanning frequencies and business rules.

Implementation is streamlined through automated onboarding processes that include IAM federation and SSO integration. The solution can begin providing insights within 30 minutes of inputting a root domain. Predefined notification templates and no-code workflow capabilities reduce the learning curve for new users. The platform includes AI chatbot assistance and comprehensive documentation to support user adoption.

The solution demonstrates strong market fit for organizations of varying sizes, currently serving environments ranging from 250 assets to millions of assets. It particularly suits organizations seeking flexible deployment options and comprehensive asset categorization capabilities. The SaaS architecture provides reliable scaling capabilities, making it appropriate for growing enterprises that require consistent performance as their asset base expands.

Use Cases
NetSPI excels in environments requiring sophisticated vulnerability validation and attack path analysis. Financial institutions can leverage its combination of automated scanning and analyst-driven testing to thoroughly assess critical banking systems, while interactive attack flow diagrams help security teams understand potential routes to sensitive assets.

Security operations teams benefit from NetSPI’s comprehensive validation capabilities. The solution’s integration of automated scanning with manual testing provides high-confidence vulnerability assessments, while MITRE ATT&CK mapping helps standardize detection and response procedures. The correlation of vulnerabilities with asset criticality and user identities enables precise risk prioritization.

Organizations with mature security programs can use NetSPI’s threat intelligence integration capabilities to enhance their security posture. The solution combines proprietary intelligence with dark web monitoring to provide context-aware risk assessment while supporting custom intelligence feeds for industry-specific threat detection.

OTORIO: Exposure Management

Solution Overview
OTORIO provides industrial cybersecurity solutions with a focus on operational technology (OT) risk management and security validation. The company specializes in delivering security assessment and monitoring capabilities specifically designed for industrial environments and critical infrastructure.

Its solution operates as a standalone security validation service, combining automated discovery with OT-specific risk analysis. The offering, Titan, includes components for asset discovery, vulnerability assessment, and industrial security posture management. OTORIO’s solution emphasizes the special requirements of industrial networks while maintaining operational reliability.

The solution reflects OTORIO’s mature approach through its emphasis on stability and consistent performance in industrial environments. Its development prioritizes incremental improvements to existing capabilities, particularly in the areas of OT protocol support, compliance reporting, and industrial system integration. The company demonstrates methodical advancement of core features while maintaining operational reliability.

OTORIO is positioned as a Challenger and Fast Mover in the Maturity/Feature Play quadrant of the ASM Radar report.

Strengths
OTORIO scored well on a number of the decision criteria, including:

• Attack path analysis: OTORIO’s patented Attack Graph Analysis engine evaluates network sessions and firewall configurations through a sandbox-based cyber digital twin feature. The solution identifies and visualizes potential attack paths from external entry points to OT assets, providing prioritized remediation recommendations while enabling business impact assessment across operational units.
• Risk scoring: OTORIO’s sophisticated risk calculation methodology multiplies business impact, vulnerability scores, threat severity, and attack graph reachability factors. The solution offers adjustable coefficients to customize scoring based on customer-specific threat models and operational priorities.
• Asset correlation: OTORIO correlates assets through IP addresses, MAC address IDs, product details, and integration data, using prioritized source weighting and adaptive auto-merge algorithms that account for network scope and IP allocation methods.

Challenges
OTORIO has room for improvement in the following decision criteria:

• Custom threat intelligence: OTORIO does not currently offer this capability in its solution, creating a significant gap for organizations needing to integrate customized threat intelligence into their OT/CPS security program.
• Internal ASM: OTORIO earned an average score due to its strong focus on operational technology (OT) and cyber-physical systems (CPS), which can limit its applicability for organizations with a significant IT-centric environment. While the OT/CPS-focused attack graphs and asset reachability scores are highly relevant for industries such as manufacturing, energy, and critical infrastructure, they may not fully address the complexities or requirements of IT-centric environments, where enterprise-level IT systems and data centers dominate the risk landscape.
• Third-party risk identification: OTORIO’s approach is focused on OS and software vulnerabilities. While the solution provides vendor-specific vulnerability analytics, there is room to expand third-party risk assessment capabilities beyond traditional vulnerability management, particularly in complex OT supply chain scenarios.

Purchase Considerations
OTORIO employs a subscription-based pricing model that scales according to customer site count. The pricing structure is transparent, with clear optional add-ons for exposure management, detection, compliance, and secure access available at additional percentage costs. The modular approach allows organizations to select capabilities aligned with their specific operational technology needs.

The solution is specifically designed for OT environments, which limits its flexibility for broader enterprise use cases. However, within its OT focus, it offers customizable asset attributes, Purdue Level classification logic, and configurable mitigation steps. The data collection frequency can be tailored across integration instances through edge devices, ranging from seconds to days, with careful consideration for performance impact.

Implementation leverages edge devices and a central manager architecture, demonstrating exceptional scalability by handling up to 200,000 on-premises assets. The cloud infrastructure enhances performance capabilities while maintaining operational efficiency. The user interface is designed for accessibility, featuring clear risk prioritization and detailed playbooks that accommodate users without extensive cybersecurity expertise.

The solution demonstrates strong market fit specifically for organizations with significant OT infrastructure. It particularly suits industrial environments requiring comprehensive asset visibility while maintaining operational stability. The scalability advantages make it appropriate for large industrial operations, though organizations should carefully consider the OT-specific focus when evaluating broader enterprise security needs.

Use Cases
OTORIO excels in protecting operational technology environments through its specialized attack path analysis capabilities. Manufacturing facilities can use its cyber digital twin technology to simulate potential attacks on industrial control systems, enabling security teams to identify and remediate vulnerabilities before they impact production processes.

Critical infrastructure operators benefit from OTORIO’s contextual risk scoring that considers both cybersecurity and operational impacts. The solution’s ability to calculate risk based on business impact, vulnerability severity, and attack path accessibility helps prioritize protection of essential OT assets while maintaining operational continuity.

Energy sector organizations can leverage OTORIO’s asset correlation capabilities to maintain accurate inventories of industrial equipment. The solution’s adaptive algorithms account for unique OT network characteristics while correlating assets across multiple systems, providing clear visibility of potential attack paths from IT networks to critical operational components.

Palo Alto Networks, Cortex Xpanse

Solution Overview
Palo Alto Networks provides ASM capabilities through its Cortex Xpanse solution, operating as part of the broader Cortex security portfolio. The company maintains its established position in network security while delivering comprehensive attack surface discovery and monitoring capabilities.

The solution operates as an integrated component of the Cortex suite while maintaining standalone functionality. Cortex Xpanse combines automated asset discovery, vulnerability assessment, and risk monitoring capabilities. The product integrates with other Cortex modules, including extended detection and response (XDR) and XSOAR (security orchestration, automation and response), leveraging Palo Alto Networks’ extensive security ecosystem to provide enhanced visibility and response capabilities.

The solution reflects Palo Alto Networks’ mature approach through its emphasis on stability and consistent performance in enterprise environments. Its development prioritizes incremental improvements to existing capabilities, particularly in the areas of discovery accuracy, integration capabilities, and compliance reporting. The company demonstrates methodical advancement of core features while maintaining reliability.

Palo Alto Networks is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Palo Alto Networks scored well on a number of the decision criteria, including:

• Risk scoring: Palo Alto Networks offers a practical risk-scoring methodology that combines EPSS, CVE, CVSS, asset priority, and threat intelligence. The solution determines risk through a calculation of expected exploitability plus potential damage caused by the exploit, resulting in an easily comprehensible risk determination.
• Asset correlation: Palo Alto Networks’ Infinity Graph technology correlates assets across code repositories and cloud environments through continuous monitoring and multi-module integration. The solution processes billions of daily events via Amazon Neptune and OpenSearch to maintain real-time attack surface visibility.
• Custom threat intelligence: Palo Alto Networks provides integration capabilities with Cortex XSOAR, Unit 42, Cisco Talos, and FortiGuard, aggregating and correlating threat intelligence from hundreds of sources against discovered assets and vulnerabilities within existing analyst tools.

Challenges
Palo Alto Networks has room for improvement in the following decision criteria:

• Dark web monitoring: Palo Alto Networks provides only limited integration of dark web intelligence. While dark web data is incorporated into the company’s threat intelligence, the solution lacks clear actionability and comprehensive coverage of dark web threats, limiting its effectiveness for organizations requiring deep dark web monitoring capabilities.
• Attack path analysis: Palo Alto Networks offers a code-to-cloud approach. While the solution effectively correlates findings across multiple security domains, it would benefit from expanding attack path analysis beyond cloud ecosystems to include on-premises infrastructure and hybrid environment scenarios.
• Internal ASM: Palo Alto Networks offers an integration-dependent approach. While the solution can perform internal asset management through various integrations, relying heavily on third-party tools for comprehensive internal visibility may create complexity in deployment and maintenance for organizations with diverse technology stacks.

Purchase Considerations
Palo Alto Networks’ solution employs a pricing structure consisting of a platform fee plus per-module licensing. The ASM capability can be acquired independently or as part of the XSIAM solution, providing flexibility in procurement. While the pricing model is clear, the multitiered structure requires careful consideration during budgeting.

The solution delivers comprehensive coverage, supporting standard attack surface management use cases while extending to internal asset monitoring. Integration with the broader Palo Alto Networks ecosystem enables additional specialized use cases. The continuous discovery capabilities across IPv4/IPv6 address spaces and service enumeration provide thorough visibility into the attack surface.

Implementation is streamlined with an intuitive user interface and simplified onboarding process. The solution requires minimal maintenance, and the deployment of additional features is straightforward. The scalability is robust, particularly when integrated with other Palo Alto Networks solutions, whether cloud-based or self-managed.

The solution demonstrates strong market fit for organizations seeking comprehensive attack surface management with internal monitoring capabilities. It particularly suits organizations that value simplified operations and may benefit from integration with the broader Palo Alto Networks ecosystem. The scalability advantages make it appropriate for growing enterprises, while the minimal maintenance requirements appeal to teams seeking operational efficiency.

Use Cases
Palo Alto Networks excels in enterprise environments requiring comprehensive asset correlation and risk prioritization. Financial institutions can leverage its Infinity Graph technology to maintain real-time visibility across their digital infrastructure while processing billions of daily events to identify potential security threats to banking operations.

Organizations with complex cloud deployments benefit from Palo Alto Networks’ multi-module integration capabilities. The solution’s combination of cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and data security posture management (DSPM) functionalities helps security teams maintain consistent security controls across cloud services, while custom tagging enables precise tracking of assets by business unit or security incident.

Large enterprises can use Palo Alto Networks’ sophisticated risk scoring methodology to prioritize security efforts. The solution combines multiple risk factors, including EPSS, CVE data, and asset priority to provide clear guidance on risk remediation, while its vulnerability fingerprinting capabilities help identify over 900 potential security issues through active assessment.

Praetorian: Chariot

Solution Overview
Praetorian delivers a security validation and attack surface management solution that combines automated asset discovery with continuous security testing capabilities. The company focuses on providing actionable security insights through its Chariot solution, emphasizing technical depth and automated, AI, and expert-led security validation.

The solution operates as a specialized security testing feature set that combines continuous asset monitoring with automated security validation. Praetorian’s core offering leverages automation and adversarial security techniques to identify, assess, and validate security weaknesses across an organization’s attack surface. The solution includes components for asset discovery, security testing, and breach simulation.

Praetorian demonstrates its innovative approach through rapid development of automated testing capabilities and continuous advancement of its security validation features. The company emphasizes technological development in areas such as automated penetration testing and attack path analysis. The solution regularly incorporates new testing methodologies and validation techniques to address emerging security challenges.

Praetorian is positioned as a Challenger and a Fast Mover in the Innovation/Feature Play quadrant of the ASM Radar report.

Strengths
Praetorian scored well on a number of the decision criteria, including:

• Risk scoring: Praetorian’s comprehensive approach combines CVSS and CISA KEV data with manual triage by service teams to adjust risk ratings. The solution considers exploitability, business impact, mitigating controls, and compliance requirements in its scoring methodology.
• Assessment of vulnerabilities: Praetorian’s certified red team operators perform daily manual triage of Chariot-detected vulnerabilities to validate exploitability and impact assessment. While this human-led approach produces high-quality unique results, the manual nature of the procedure could lead to potential workload-related processing delays.
• Custom threat intelligence: Praetorian integrates threat intelligence via APIs to categorize industry-specific risks across business verticals.

Challenges
Praetorian has room for improvement in the following decision criteria:

• Dark web monitoring: Praetorian does not currently provide this capability in its solution, creating a significant gap for organizations needing to monitor and respond to dark web threats targeting their assets.
• Attack path analysis: Praetorian offers a basic visualization approach. While Chariot provides written attack path explanations and engineer-validated evidence, the flat risk visualization limits users’ ability to understand complex attack chains and interact dynamically with attack path data.
• Internal ASM: Praetorian provides only limited internal asset visibility capabilities. The solution’s reliance on third-party data feeds for internal asset monitoring, combined with its primary focus on external attack surface monitoring, creates potential blind spots in comprehensive asset management.

Purchase Considerations
Praetorian employs an asset-based pricing structure with bulk discounts, positioning the total cost below the annual salary of a senior offensive security engineer. The pricing model is transparent and straightforward, making it easier for organizations to project costs and scale their investment based on asset volume.

The solution combines automated discovery with human-led vulnerability assessments. While this approach delivers high-quality findings with detailed remediation guidance, the human element may introduce timing considerations for organizations requiring rapid assessments. Discovery scans are vendor controlled, though customers can initiate risk scans as needed, with discovered risks being rescanned every 30 minutes.

Implementation is engineering-led, with a streamlined in-platform setup process that simplifies adoption. The risk-scoring system produces accurate risk identifications while reducing security operations workload. The SaaS architecture ensures technical scalability, though the human-led assessment component may introduce capacity constraints during peak periods.

The solution demonstrates strong market fit for organizations that prioritize assessment quality over speed. It particularly suits organizations that value human expertise in vulnerability validation and detailed remediation guidance. While the limited internal ASM capabilities may not suit all use cases, the solution’s approach to risk scoring and remediation guidance makes it appropriate for teams seeking high-confidence findings with clear resolution paths.

Use Cases
Praetorian excels in environments requiring high-confidence vulnerability validation through its unique human-led approach. Financial institutions can leverage Praetorian’s certified red team operators to thoroughly assess critical banking systems, providing detailed exploitability assessments that automated tools might miss while ensuring compliance with regulatory requirements.

Organizations handling sensitive data benefit from Praetorian’s comprehensive risk scoring methodology. The solution combines industry standard CVSS scores with CISA known exploited vulnerabilities (KEV) data, while human analysts provide additional context about business impact and compensating controls, creating highly accurate risk assessments.

Healthcare providers can use Praetorian’s manual triage capabilities to validate security issues in medical systems. Though processing times may be longer due to human involvement, the thorough assessment helps prevent false positives that could unnecessarily disrupt clinical operations while ensuring real threats to patient data are properly prioritized.

Qualys: Cybersecurity Asset Management (CSAM) with External Attack Surface Management

Solution Overview
Qualys provides a comprehensive vulnerability management and attack surface management solution via its Qualys Enterprise TruRisk Platform. The company maintains its established position in vulnerability management while delivering extensive security assessment capabilities across hybrid environments.

The solution operates as an integrated component of the cloud platform, combining multiple modules, including vulnerability management, detection, and response (VMDR), asset management, and external attack surface management. These components work together while leveraging Qualys’s extensive scanning infrastructure and continuous monitoring capabilities. The platform includes specific modules for asset discovery, vulnerability assessment, and threat detection.

The solution reflects Qualys’s mature approach through its emphasis on stability and consistent performance in enterprise environments. Its development prioritizes incremental improvements to existing capabilities, particularly in areas of scanning accuracy, compliance reporting, and integration capabilities. The company demonstrates methodical advancement of core features while maintaining reliability.

Qualys is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Qualys scored well on a number of the decision criteria, including:

• Attack path analysis: Qualys enables visualization of asset discovery paths and mapping of risks to the MITRE ATT&CK framework while displaying risk factor contributions. The solution has additional attack path analysis capabilities planned for future release.
• Risk scoring: Qualys’s TruRisk approach combines asset-level scoring with individual Qualys detection scores. The solution incorporates 100,000 vulnerability signatures, over 25 threat intelligence sources, asset criticality, exposure metrics, end-of-life status, and configurable risk values for software compliance and port exposure.
• Asset correlation: Qualys offers comprehensive correlation of assets using customizable identification rules, automated agent/scanner merging, passive sensor discovery, and IP matching across internal and external sources. The solution provides attribution confidence scoring and organizational context through a curated catalog while maintaining source transparency for gap analysis.

Challenges
Qualys has room for improvement in the following decision criteria:

• Asset categorization: Qualys offers a comprehensive two-tier taxonomy and hierarchical tag management, but this sophisticated approach might not be ideal for smaller organizations or those with simpler asset management needs. The extensive tagging and contextualization capabilities could introduce unnecessary complexity and management overhead for organizations that don’t require such granular asset classification.
• Custom threat intelligence: Qualys relies on predetermined intelligence sources and the TruRisk algorithm. While the solution effectively combines multiple threat feeds and provides comprehensive CVE analysis, the planned but not yet implemented custom threat intelligence integration capabilities limit organizations’ ability to incorporate their particular threat intelligence requirements.

Purchase Considerations
Qualys employs a volume-based asset pricing model that includes discounts for quantity, bundling options, and contract duration commitments. The pricing structure is transparent and allows organizations to optimize costs based on their specific deployment needs and scale requirements.

The solution provides comprehensive flexibility through hierarchical organization catalogs, customizable discovery options, and CMDB integration capabilities. Asset classification is enhanced through tagging and custom attributes, while third-party data enrichment expands visibility. The discovery process combines two-day external asset discovery cycles with daily critical vulnerability scanning, while internal monitoring leverages multi-vector agents with customizable intervals and 15-minute passive sensor reporting.

Implementation is supported through a unified console with role-based access controls. The solution includes comprehensive training resources and enterprise support services using technical account managers at no additional cost. The platform’s attack path analysis, risk scoring, and asset correlation features help streamline security operations workflows.

The solution demonstrates strong market fit for organizations seeking comprehensive asset visibility with flexible deployment options. It particularly suits enterprises requiring detailed asset classification and customizable discovery frequencies. The globally distributed platform architecture, managed by dedicated site reliability engineering (SRE) teams, ensures consistent performance at scale. The included technical account management support makes it appropriate for organizations that value dedicated implementation assistance and ongoing operational guidance.

Use Cases
Qualys excels in organizations requiring sophisticated risk scoring and comprehensive asset correlation capabilities. Healthcare providers can leverage its TruRisk scoring system to evaluate security risks across medical devices and clinical systems, incorporating data from more than 25 threat intelligence sources while maintaining compliance with regulatory requirements.

Large enterprises benefit from Qualys’s advanced asset correlation capabilities. The solution’s attribution confidence scoring helps security teams maintain accurate asset inventories across complex environments, while customizable identification rules enable precise tracking of critical infrastructure components. The automated agent and scanner merging capabilities ensure consistent visibility across hybrid environments.

Organizations mapping security efforts to industry frameworks can use Qualys’s MITRE ATT&CK integration. The solution’s visualization of asset discovery paths combined with its extensive vulnerability signature database helps security teams understand potential attack routes while prioritizing remediation based on real-world exploitation risks. Custom risk values for software compliance and port exposure enable alignment with specific security policies.

Rapid7: Surface Command

Solution Overview
Rapid7 provides a comprehensive ASM solution through its Surface Command. The company maintains its established position in vulnerability management while delivering extensive visibility and monitoring capabilities across hybrid environments.

Exposure Command operates as an integrated component of Rapid7’s Command platform, combining multiple modules, including vulnerability management, threat detection, and SOAR capabilities. These components leverage Rapid7’s extensive security infrastructure and analytics capabilities while maintaining integration with their broader security ecosystem. The platform includes specific modules for asset discovery, risk assessment, prioritization, exposure validation, and automated remediation.

The solution reflects Rapid7’s mature approach through its emphasis on stability and consistent performance in enterprise environments. Its development prioritizes incremental improvements to existing capabilities, particularly in areas of discovery accuracy, compliance reporting, and integration capabilities. The company demonstrates methodical advancement of core features while maintaining reliability and enterprise-grade performance.

Rapid7 is positioned as a Leader and Outperformer in the Maturity/Platform Play quadrant of the ASM Radar chart.

Strengths
Rapid7 scored well on a number of the decision criteria, including:

• Internal ASM: Rapid7’s Surface Command integrates security and IT management tools to aggregate, correlate, and deduplicate internal and external asset data. The solution maps technical characteristics and asset relationships through its CAASM functionality.
• Risk scoring: Rapid7’s Active Risk algorithm combines CVSS scores with threat intelligence from multiple sources to generate granular risk scores beyond traditional 1-10 scaling. Surface Command enables custom risk scoring through weighted asset criticality, exploitability, and business context inputs from third-party connectors.
• Custom threat intelligence: Rapid7 correlates diverse threat intelligence feeds with asset data through customizable connectors to prioritize remediation based on exploitability and threat actor activities.

Rapid7 is classified as an Outperformer thanks to its accelerated development pace over the past year, particularly in its Surface Command capabilities and risk scoring algorithms.

Challenges
Rapid7 has room for improvement in the following decision criteria:

• Dark web monitoring: Rapid7 does not include dark web monitoring in its solution; this capability is available only through a separate Digital Risk Protection solution, creating potential integration challenges and additional costs for organizations requiring comprehensive dark web threat visibility.
• Assessment of vulnerabilities: Rapid7 earned an average score due to its fixed scoring methodology using a 0-1000 scale. While this approach provides consistent vulnerability assessment, it may present challenges for organizations that require more flexible scoring frameworks or need to align with industry-specific risk methodologies.
• Third-party risk identification: Rapid7’s data sourcing for third-party risk management is unclear. While Surface Command integrates third-party risk management (TPRM) data into its unified model, the ambiguity around data sources and the potential reliance on generic OSINT information may impact the depth and accuracy of vendor risk assessments.

Purchase Considerations
Rapid7’s solution employs a tiered pricing structure based on 90-day average asset counts, with different weightings for various asset types. The model counts network devices, endpoints, applications, and compute instances individually while applying different ratios for container clusters and serverless functions. External assets are included without additional cost, and the entry tier begins at 1,000 assets.

The solution offers above-average flexibility, enhanced by strong internal ASM capabilities. Data ingestion frequencies can be customized, typically defaulting to 24-hour intervals with options for hourly updates, balanced against performance considerations. The solution effectively scales to support hundreds of thousands of assets through optimized data indexing, caching mechanisms, and regional data zone segmentation.

Implementation is streamlined through either seed data input or established integrations. A distinguishing feature is the dual interface approach, offering both spreadsheet-style filtering for operational users and advanced Cypher query capabilities with graphical modeling tools for power users. Standard enterprise features, including single sign-on (SSO) and role based access control (RBAC), support organizational requirements.

The solution demonstrates strong market fit for organizations seeking comprehensive attack surface management with flexible user interfaces. It particularly suits enterprises requiring both simplified operational views and advanced query capabilities. The scalability advantages and flexible data ingestion options make it appropriate for growing organizations, while the dual interface approach accommodates users with varying technical expertise.

Use Cases
Rapid7 excels in environments requiring comprehensive internal asset management and sophisticated risk assessment. Healthcare organizations can leverage Surface Command’s CAASM functionality to maintain accurate inventories of medical devices and clinical systems, while custom risk scoring helps prioritize security efforts based on patient care impact.

Large enterprises benefit from Rapid7’s ability to integrate multiple security and IT management tools. The solution’s advanced asset correlation capabilities help eliminate duplicate records and establish clear relationships between systems, while the active risk algorithm provides granular risk assessment beyond traditional scoring methods.

Financial institutions can utilize Rapid7’s threat intelligence integration to protect critical banking infrastructure. The solution correlates multiple intelligence feeds with asset data to identify potential threats to financial systems, while custom connectors enable risk scoring based on specific regulatory requirements and business context.

Tenable: Attack Surface Management

Solution Overview
Tenable provides a comprehensive vulnerability management and attack surface management solution through its Attack Surface Management product. The company maintains its established position in vulnerability management while expanding into broader attack surface visibility and risk assessment capabilities.

The solution operates as an integrated component of the Tenable One security platform. The combination of components work together while leveraging Tenable’s extensive scanning infrastructure and analytics capabilities. The platform includes specific modules for asset discovery, vulnerability assessment, and exposure management.

The solution reflects Tenable’s mature approach through its emphasis on stability and consistent performance in enterprise environments. Its development prioritizes incremental improvements to existing capabilities, particularly in the areas of scanning accuracy, compliance reporting, and integration capabilities. The company demonstrates methodical advancement of core features while maintaining reliability.

Tenable is positioned as a Challenger and Forward Mover in the Maturity/Platform Play quadrant of the ASM Radar report.

Strengths
Tenable scored well on a number of the decision criteria, including:

• Attack path analysis: Tenable One’s Attack Path Analysis leverages the MITRE ATT&CK framework and ExposureAI to identify, visualize, and classify attack paths through graph analytics. The solution provides interactive path customization and AI-generated mitigation guidance based on likelihood, impact, and tactical methods.
• Asset correlation: Tenable correlates assets using its collection of over 180 metadata attributes while defining unique assets through IP address, fully qualified domain name (FQDN), record type, and record value combinations. The solution uses continuous monitoring and advanced fingerprinting technology that integrates with the broader Tenable ecosystem and third-party systems via APIs.
• Third-party risk identification: Tenable offers continuous discovery and monitoring of third-party assets through comprehensive internet mapping, collecting metadata per asset while providing real-time alerts, risk scoring, and API integration capabilities for external attack surface visibility.

Challenges
Tenable has room for improvement in the following decision criteria:

• Internal ASM: Tenable does not currently offer internal ASM in its solution, creating a significant gap for organizations requiring comprehensive internal asset discovery and management capabilities.
• Dark web monitoring: Tenable does not currently include this capability in its solution, limiting organizations’ ability to identify and respond to threats emerging from dark web sources that could impact their attack surface.
• Assessment of vulnerabilities: Tenable offers a hybrid automated and consultant-supported approach. While the solution provides powerful automation capabilities, the reliance on consultants for creative risk identification may introduce scalability challenges and potential delays in vulnerability assessment processes for larger organizations.

Tenable is classified as a Forward Mover due to its relatively slower pace of innovation in recent months, particularly in addressing significant gaps such as internal ASM and dark web monitoring capabilities.

Purchase Considerations
Tenable’s solution employs an asset-based pricing model that includes human expertise as a standard feature, effectively providing consultative support without additional costs. The pricing structure is transparent and follows industry norms, though the included expert guidance adds unique value.

The solution supports standard attack surface management use cases across multiple verticals, serving both public and private sectors and organizations of varying sizes. The addition of penetration testing capabilities extends its utility, though the absence of internal ASM functionality limits some use cases. Discovery operates continuously, ensuring complete attack surface visibility at least every 24 hours.

Implementation is streamlined with minimal setup requirements and no ongoing maintenance needs. Consultants actively work to reduce false positives and noise in the system, enhancing the solution’s effectiveness. While the interface is intuitive, the inability to customize dashboards represents a limitation in user experience customization.

The solution demonstrates strong market fit for organizations seeking comprehensive external attack surface management with expert guidance included. It particularly suits organizations that value continuous discovery and human-assisted validation. The scalability meets industry standards, making it appropriate for both SMBs and large enterprises, though organizations requiring internal ASM capabilities should note this limitation.

Use Cases
Tenable excels in environments requiring sophisticated attack path analysis and comprehensive asset correlation. Financial institutions can leverage its ExposureAI capabilities to identify potential routes to critical banking systems, while the MITRE ATT&CK integration helps standardize threat detection and response procedures across the organization.

Organizations managing complex IT infrastructures benefit from Tenable’s extensive asset correlation capabilities. The solution’s ability to collect more than 180 metadata attributes per asset while integrating with third-party systems via APIs helps maintain accurate inventories across hybrid environments. Continuous monitoring and advanced fingerprinting enable precise tracking of assets through IP addresses and FQDNs.

Large enterprises can use Tenable’s third-party risk monitoring capabilities to protect their supply chain. The solution’s comprehensive internet mapping and real-time alerting help security teams maintain visibility of vendor security postures, while risk scoring enables prioritization of third-party security issues based on potential business impact.

ThreatNG: External Attack Surface Management

Solution Overview
ThreatNG delivers a comprehensive ASM and digital risk protection solution that combines automated asset discovery with advanced threat detection capabilities.

The solution operates as an integrated security platform that combines multiple components, including asset discovery, vulnerability assessment, and digital risk monitoring. ThreatNG’s core offering leverages machine learning and automation to provide real-time visibility into external-facing assets and associated risks. The platform includes specialized modules for attack surface management, breach detection, and threat intelligence.

ThreatNG demonstrates its innovative approach through rapid development of detection capabilities and continuous advancement of its monitoring features. The company emphasizes technological development in areas such as automated asset discovery and contextual risk analysis. Its solution regularly incorporates new detection methodologies and analysis capabilities to address emerging security challenges.

ThreatNG is positioned as a Leader and Fast Mover in the Innovation/Platform play quadrant of the ASM Radar report.

Strengths
ThreatNG scored well on a number of the decision criteria, including:

• Risk scoring: ThreatNG’s risk scoring algorithm evaluates security posture based on the Digital Presence Triad (feasibility, believability, impact). The solution maps assets to functional pillars and enables customization of risk weights, thresholds, categories, and policy exceptions based on organizational context and business impact considerations.
• Asset correlation: ThreatNG offers correlation of assets across domain intelligence, social media, code repositories, cloud services, and dark web sources. The solution identifies relationships among exposed assets, leaked credentials, and organizational connections, enabling enhanced risk assessment, attack path visualization, and prioritized remediation using comprehensive data analysis and threat intelligence integration.
• Dark web monitoring: ThreatNG monitors closed forums, black markets, private chat channels, and file-sharing platforms across the dark web. The solution correlates findings with discovered assets to provide contextualized threat intelligence, proactive alerts, and comprehensive risk reporting for identified exposures.

Challenges
ThreatNG has room for improvement in the following decision criteria:

• Internal ASM: ThreatNG uses an indirect approach to internal asset discovery. The lack of direct agent deployment or API connections limits comprehensive internal asset visibility, with the solution relying instead on external indicators and third-party connections, potentially creating blind spots in internal asset management.
• Assessment of vulnerabilities: ThreatNG combines automated and human expertise. While the solution provides continuous monitoring and safe validation techniques, there is room to enhance automated vulnerability assessment capabilities to reduce reliance on manual expertise for accurate detection.
• Custom threat intelligence: ThreatNG takes an entity-based intelligence integration approach. While the solution effectively incorporates organizational threat intelligence, there are opportunities to expand customization options and enhance the depth of threat intelligence analysis beyond basic entity definitions.

Purchase Considerations
ThreatNG employs a straightforward pricing model at $100/month per entity (a domain-organization pair) with volume discounts available. The pricing structure is notably transparent, including unlimited users, assets, investigation modules, continuous monitoring, intelligence repositories, and reporting capabilities without additional fees. This comprehensive approach eliminates hidden costs and simplifies budgeting.

The solution combines standard attack surface management capabilities with advanced dark web and threat intelligence features, enhancing risk assessment accuracy. While internal ASM capabilities are limited, the solution offers customizable scan scheduling with seven-hour completion times and real-time access to threat intelligence across multiple repositories.

Implementation is supported by an intuitive interface featuring a guided investigation wizard, policy manager, and risk appetite definition tools. The cloud-native architecture can manage up to 2,000 entities per user, relying on distributed processing and optimized algorithms for consistent performance. The solution includes comprehensive dashboards and flexible reporting options with search-engine-like access to intelligence repositories.

The solution demonstrates strong market fit for organizations seeking integrated attack surface management and threat intelligence capabilities. It particularly suits organizations that value simplified pricing structures and comprehensive feature access without additional costs. The scalability meets industry standards, making it appropriate for organizations managing multiple entities, while the intuitive interface and guided tools support efficient adoption and operation.

Use Cases
ThreatNG excels in organizations requiring sophisticated third-party risk management and comprehensive digital presence monitoring. Financial institutions can leverage its Digital Presence Triad framework to evaluate vendor security postures across multiple dimensions, while continuous monitoring of code repositories and dark web sources helps identify potential supply chain compromises.

Large enterprises benefit from ThreatNG’s extensive asset correlation capabilities. The solution’s ability to map relationships among exposed assets, leaked credentials, and organizational connections across social media, cloud services, and code repositories provides a comprehensive view of potential security risks. This broad visibility helps security teams identify and remediate vulnerabilities before they can be exploited.

Organizations with environmental, social, and governance (ESG) compliance requirements can use ThreatNG’s multilayered vendor analysis capabilities. The solution monitors suppliers for both security issues and ESG violations, while its customizable risk scoring enables alignment with specific regulatory requirements and business impact considerations. The technology stack identification and social media monitoring provide additional context for vendor risk assessment.

6. Analyst’s Outlook

The attack surface management market has evolved significantly, moving beyond basic asset discovery to become an integral component of modern security programs. The space is characterized by vendors offering varying degrees of internal and external asset visibility, with differentiation increasingly focused on automation capabilities, integration depth, and specialized features like threat intelligence correlation and risk contextualization.

Key market themes center around the convergence of internal and external attack surface monitoring, the integration of threat intelligence for enhanced risk prioritization, and the growing emphasis on automated discovery and validation processes. Vendors are increasingly focusing on reducing alert noise through improved asset correlation and risk scoring while also expanding their capabilities to address emerging attack vectors and cloud-native environments. The market shows a clear trend toward simplified pricing models, though organizations should carefully evaluate the total cost of ownership, including any required additional components or integrations.

For IT decision-makers considering ASM adoption, the initial focus should be on establishing clear use cases and success criteria aligned with organizational security objectives. This includes evaluating existing security tools and identifying potential integration requirements, as well as assessing internal capacity for managing and acting on ASM insights. Organizations should prioritize solutions that align with their technical maturity and operational model, considering factors such as the need for managed services support and the desired balance between automated and human-led validation.

Looking forward, the ASM market is trending toward deeper integration with cloud security posture management (CSPM) and an expanded focus on digital supply chain risks. The increasing adoption of cloud-native architectures and the growing complexity of digital ecosystems will drive demand for more sophisticated asset discovery and risk correlation capabilities. Organizations should prepare by developing comprehensive asset inventory strategies and establishing clear metrics for measuring ASM effectiveness.

Successful ASM implementation ultimately depends on selecting a solution that not only meets current technical requirements but also aligns with organizational culture and operational practices. IT decision-makers should focus on vendors that demonstrate strong product innovation, clear pricing models, and robust support resources while ensuring the selected solution can scale with organizational growth and evolving security requirements.

To learn about related topics in this space, check out the following GigaOm Radar reports:

• GigaOm Radar for Continuous Vulnerability Management (CVM) v4.0
• GigaOm Radar for Cloud-Native Application Protection Platforms (CNAPPs) v1.0

7. Methodology

*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.

For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.

8. About Chris Ray

Chris Ray is a veteran of the cyber security domain. He has a collection of experiences ranging from small teams to large financial institutions. Additionally, Chris has worked in healthcare, manufacturing, and tech. More recently, he has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.

9. About GigaOm

GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.

GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.

GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.

10. Copyright

© Knowingly, Inc. 2025 "GigaOm Radar for Attack Surface Management" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.