Table of Contents
1. Executive Summary
The difficulties and challenges presented by rapid digital growth, cloud adoption, and the sprawling public internet protocol (IP) space leave organizations unable to accurately identify their rapidly changing attack surface, creating a wealth of opportunities for online attackers. Compounding this problem is the lack of visibility into the risks resulting from the dynamic nature of the attack surface. In response, attack surface management (ASM) solutions provide value through the continuous discovery of and insight into an organization’s attack surface.
The attack surface encompasses all public-facing services, application programming interfaces (APIs), applications, IP addresses, and infrastructure, regardless of the host type (virtual machine, container, or bare metal) or location (on-premises or cloud). ASM starts with defining the attack surface and builds a proper management process around it. This includes automated asset discovery and tracking of asset details.
The attack surface is composed of some of the newest technologies, like containers, Kubernetes clusters, serverless functions, social media, static and dynamic HTML web content, and even internet of things (IoT) devices. This conglomeration creates an enormous amount of additional work for security teams attempting to properly manage all facets of their attack surface.
Moreover, the attack surface is dynamic; it can change daily, if not more often, and tracking these changes in an automated fashion is a key capability for an ASM solution. But simply knowing the entirety and composition of the attack surface is not sufficient. Delineating the types of assets in an organization’s attack surface, as well as the severity of related risks, rounds out an ASM solution’s value proposition.
ASM is a recent addition to the defender’s tool set, and like other new technologies, it is still evolving. As more vendors enter this space, they are compelled to innovate to differentiate themselves from one another. Decision-makers should keep this ongoing evolution in mind because this space has yet to realize its full potential.
In today’s rapidly evolving digital landscape, the expansion of an organization’s attack surface presents not just a technical challenge, but a critical business imperative. For CxOs, understanding and managing this attack surface is tantamount to no less than safeguarding the organization’s operational integrity, reputation, and financial stability. ASM solutions are a strategic necessity in this context. They offer continuous visibility into the organization’s digital exposure, transforming the reactive approach to digital security to a proactive one. This shift is essential for aligning security posture with business objectives and mitigating risks effectively.
The value of ASM for a CxO extends beyond mere asset tracking and management. It provides a comprehensive understanding of the organization’s digital ecosystem, enabling leadership to articulate and manage digital risks in terms of business impact. In a digital economy in which threats evolve as swiftly as the technologies they exploit, ASM is a crucial tool that empowers organizations to adapt quickly, ensuring sustainable business growth and operational resilience against constant digital threats. Adopting an ASM solution is a strategic decision that’s pivotal to maintaining a competitive edge and securing the organization’s digital future.
This is our third year evaluating the ASM space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.
This GigaOm Radar report examines 22 of the top ASM solutions and compares offerings against the capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) outlined in the companion Key Criteria report. Together, these reports provide an overview of the market, identify leading ASM offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.
GIGAOM KEY CRITERIA AND RADAR REPORTS
The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and non-functional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.
2. Market Categories and Deployment Types
To help prospective customers find the best fit for their use case and business requirements, we assess how well ASM solutions are designed to serve specific target markets and deployment models (Table 1).
For this report, we recognize the following market segments:
- Small-to-medium business (SMB): In this category, we assess solutions on their ability to meet the needs of organizations ranging from small businesses to medium-sized companies. Solutions in this category provide simplified cost structures that make ASM achievable for small security budgets.
- Large enterprise: Here, offerings are assessed on their ability to support large and business-critical projects. Optimal solutions in this category have a strong focus on flexibility, performance, data services, and features that improve security and data protection. Scalability is another big differentiator, as is the ability to deploy the same service in different environments.
In addition, we recognize the following deployment models:
- SaaS: These solutions are available only in the cloud. Often designed, deployed, and managed by the service provider, they are available only from that specific provider. Because the data collected during ASM operations is taken entirely from the attacker’s perspective, ASM solutions do not have an on-premises, private cloud or other required component.
- Hybrid: These solutions are still cloud-based like the cloud-only solutions above, but they leverage a sensor, collector, or agent as an additional telemetry source to create a better understanding of the composition of a client’s technical environment.
Table 1. Vendor Positioning: Target Market and Deployment Model
Vendor Positioning: Target Market and Deployment Model
Target Market |
Deployment Model |
|||
---|---|---|---|---|
Vendor |
SMB | Large Enterprise | SaaS | Hybrid |
Armis | ||||
Bishop Fox | ||||
Bugcrowd | ||||
Cavelo | ||||
CrowdStrike | ||||
Cyberint | ||||
CyCognito | ||||
Cymulate | ||||
Detectify | ||||
FireCompass | ||||
Group-IB | ||||
Hadrian | ||||
IBM | ||||
Intel 471 | ||||
Intruder | ||||
IONIX | ||||
JupiterOne | ||||
Mandiant | ||||
NetSPI | ||||
Palo Alto Networks | ||||
Praetorian | ||||
Tenable |
Table 1 components are evaluated in a binary yes/no manner and do not factor into a vendor’s designation as a Leader, Challenger, or Entrant on the Radar chart (Figure 1).
“Target market” reflects which use cases each solution is recommended for, not simply whether it can be used by that group. For example, if it’s possible for an SMB to use a solution but doing so would be cost-prohibitive, that solution would be rated “no” for that market segment.
3. Decision Criteria Comparison
All solutions included in this Radar report meet the following table stakes—capabilities widely adopted and well implemented in the sector:
- Continuous discovery of attack surface
- Inventory management of attack surface assets
- Risk identification in attack surface
- Management of false positives
Tables 2, 3, and 4 summarize the way each vendor included in this research performs in the areas we consider differentiating and critical in this sector. The objective is to give the reader a snapshot of the technical capabilities of available solutions, define the perimeter of the relevant market space, and gauge the potential impact on the business.
- Key features differentiate solutions, outlining the primary criteria to be considered when evaluating an ASM solution.
- Emerging features show how well each vendor is implementing capabilities that are not yet mainstream but are expected to become more widespread and compelling within the next 12 to 18 months.
- Business criteria provide insight into the non-functional requirements that factor into a purchase decision and determine a solution’s impact on an organization.
These decision criteria are summarized below. More detailed descriptions can be found in the corresponding report, “GigaOm Key Criteria for Evaluating ASM Solutions.”
Key Features
- Asset discovery: Advanced ASM solutions surpass basic methods like network probes by offering comprehensive, granular discovery techniques that enable organizations to thoroughly understand and effectively monitor their diverse attack surfaces. The ability to identify and assess a broad range of asset types is crucial for enhancing overall security.
- Active assessment of vulnerabilities: ASM assesses asset vulnerabilities through passive enumeration and active confirmation methods, with active assessments emulating attacker techniques for a more thorough evaluation. The effectiveness of an ASM solution largely depends on its capability for active vulnerability assessment, which is crucial for a comprehensive security analysis.
- Internal ASM: Emerging technologies are making internal environments as dynamic and challenging as external attack surfaces, leading to the evolution of ASM solutions to cover both areas. Comprehensive ASM practices offer a unified approach to managing vulnerabilities and threats across the entire attack surface, enhancing overall security strategy.
- Risk scoring: Advanced ASM solutions enhance risk assessment by integrating contextual metadata, open source intelligence (OSINT), and active assessment data, leading to more accurate and efficient risk management. The incorporation of comprehensive context into risk-scoring and the automation of response workflows based on these scores significantly streamline security operations.
- Asset categorization: Effective ASM hinges on logically grouping diverse assets, a process enhanced by detailed asset categorization, which allows for simplified risk assessment and efficient management. Unlike basic network scans, advanced ASM solutions provide in-depth insights, driving more precise asset categorization and enabling more accurate risk management based on specific customer needs.
Table 2. Key Features Comparison
Key Features Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
Emerging Features
- Custom threat intelligence: We see the availability of ASM-derived threat intelligence feeds for consumption by security information and event management (SIEM), security orchestration automation and response (SOAR), endpoint detection and response (EDR), or extended detection and response (XDR) solutions as likely to occur in the next 24 to 36 months.
- Growth of autonomous penetration testing: Autonomous penetration testing is the next evolution of ASM’s testing features, which starts with the active assessment function found in today’s ASM solutions and delivers additional analysis of the risks identified. We anticipate that autonomous penetration testing will have built-in expert system capabilities that emulate a human adversary. It is through this emulation that a better understanding of risks will ultimately result.
Table 3. Emerging Features Comparison
Emerging Features Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
Business Criteria
- Flexibility: Flexibility in ASM solutions refers to the adaptability of the system to diverse environments and requirements. This criterion is essential, as it ensures the solution can effectively cater to specific organizational needs and evolving security landscapes.
- Discovery frequency: Frequency of discovery in ASM solutions refers to how often the system scans and updates asset information. It’s crucial for maintaining an up-to-date view of the attack surface, ensuring timely identification of new risks and vulnerabilities.
- Scalability: Scalability in ASM solutions pertains to their ability to efficiently manage growing and diverse assets as an organization expands. It’s crucial for adapting to the increasing complexity and size of attack surfaces without sacrificing performance or security.
- Cost: Cost in ASM solutions encompasses the financial investment required for deployment, operation, and maintenance. It’s a crucial criterion, determining the affordability and ROI of the solution for organizations of varying sizes and budgets.
- Ease of use: Ease of use for ASM solutions involves user-friendliness and the simplicity of navigating and using the system. It’s critical for ensuring that security teams can efficiently manage the attack surface without requiring extensive training.
Table 4. Business Criteria Comparison
Business Criteria Comparison
Exceptional | |
Superior | |
Capable | |
Limited | |
Poor | |
Not Applicable |
4. GigaOm Radar
The GigaOm Radar plots vendor solutions across a series of concentric rings with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation and Feature Play versus Platform Play—while providing an arrowhead that projects each solution’s evolution over the coming 12 to 18 months.
Figure 1. GigaOm Radar for ASM
As you can see in the Radar chart in Figure 1, a notable trend in the ASM landscape is the number of Platform Play vendors. This clustering suggests a preference for comprehensive platforms over specialized solutions. For example, a concentration of vendors in the Maturity/Platform Play quadrant indicates a market leaning toward established, reliable platforms over novel approaches to the same problem set.
The distribution of innovators versus mature players is also telling. A greater number of vendors in the Maturity half implies a market that values proven, stable solutions versus one that is rapidly evolving and open to new, cutting-edge technologies. This is a major shift for ASM, which is young technology, but appears to be solidifying.
The presence and distribution of Outperformers across two opposite quadrants reveals where the most significant advancements are being made and competitive edges are being created.
The number of vendors classified as Leaders is indicative of market maturity, suggesting a well-established competitive market overall rather than one with many vendors new to the space. The presence of so many Challengers poised to enter the Leaders circle signals a dynamic market with continuous competitive innovation and improvements.
In reviewing solutions, it’s important to keep in mind that there are no universal “best” or “worst” offerings; there are aspects of every solution that might make it a better or worse fit for specific customer requirements. Prospective customers should consider their current and future needs when comparing solutions and vendor roadmaps.
INSIDE THE GIGAOM RADAR
To create the GigaOm Radar graphic, key features, emerging features, and business criteria are scored and weighted. Key features and business criteria receive the highest weighting and have the most impact on vendor positioning on the Radar graphic. Emerging features receive a lower weighting and have a lower impact on vendor positioning on the Radar graphic. The resulting chart is a forward-looking perspective on all the vendors in this report, based on their products’ technical capabilities and roadmaps.
Note that the Radar is technology-focused, and business considerations such as vendor market share, customer share, spend, recency or longevity in the market, and so on are not considered in our evaluations. As such, these factors do not impact scoring and positioning on the Radar graphic.
For more information, please visit our Methodology.
5. Solution Insights
Armis, Centrix
Solution Overview
Armis is a formidable player in the ASM landscape, focusing on asset discovery and management. At its core, the platform utilizes a dual-method approach for asset discovery: integration-based discovery for known assets and deep packet inspection (DPI) of network traffic to unearth everything else. The vendor claims that this combination is exceptionally proficient at identifying all assets, though this claim remains to be fully validated.
The Centrix solution doesn’t currently offer active assessment of vulnerabilities, leaving a gap in its offerings. However, it excels in internal ASM by leveraging both discovery methods, surpassing many competitors that rely solely on internal scanning.
In terms of risk scoring, Centrix stands out with its unique approach, incorporating factors like risk vector, known vulnerabilities, detected threat indicators, existing protections, and business impact. Its asset categorization capability is industry-leading, offering intricate, customizable sorting options based on a wide range of asset attributes.
Strengths
Armis’ Centrix solution scores high on asset discovery, internal ASM, risk scoring, asset categorization, and flexibility. Its asset discovery, utilizing two complementary methods, is robust, ensuring comprehensive visibility. The platform’s internal ASM is enhanced by these discovery techniques, making it more effective than traditional scanning-based approaches.
The solution’s risk scoring system is another highlight, providing users with a nuanced understanding of their security posture. This is complemented by its exceptional asset categorization capabilities, which are detailed and highly customizable, catering to a variety of sorting and filtering needs.
Flexibility is a key strength, with the platform addressing all common ASM use cases and offering specialized solutions for industries like healthcare—a unique offering in the market. The continuous and scheduled discovery approach ensures a constant stream of updated asset information, making it highly reliable.
Challenges
Despite its strengths, Centrix has areas for improvement. The absence of active vulnerability assessment and autonomous penetration testing are notable gaps. These missing features could limit its appeal to organizations seeking comprehensive security solutions.
Purchase Considerations
Prospective buyers should consider the solution’s scalability and cost. While its scaling capabilities are robust, the pricing model is variable and depends on several factors, making it less predictable. However, its ease of use, facilitated by streamlined onboarding and industry-specific Value Packs, adds to its appeal.
Centrix is particularly well suited for organizations looking for comprehensive asset discovery and management, with a focus on internal ASM. Its specialized solutions for industries like healthcare make it a valuable tool for organizations in certain sectors.
Radar Chart Overview
Armis is a Leader in the Maturity/Platform Play quadrant. This placement reflects its strong foundation in the ASM domain, emphasizing its focus on delivering robust, reliable, platform-based solutions. As a mature player, Armis demonstrates a commitment to stability and proven effectiveness, which resonates with organizations seeking dependable security platforms. The classification as a Fast Mover highlights the solution’s dynamic evolution and its responsiveness to the changing cybersecurity landscape. This combination of maturity and agility positions Armis as a significant contender, challenging established leaders with its innovative approach to asset management and discovery.
Bishop Fox, Cosmos
Solution Overview
Bishop Fox’s solution is a fully managed service consisting of an ASM solution backed by expert human testers. Its approach to asset discovery is brand-centric and adept at uncovering all digital assets with high accuracy and confidence through human-validated asset ownership. This capability maintains an accurate view of the attack surface and allows customers to sort and understand contextual relationships easily, backed by solid evidence of discovery and attribution.
In terms of active assessment of vulnerabilities, Bishop Fox excels by integrating automated processes with human expertise and testing. This multifaceted approach ensures a thorough and accurate evaluation of potential vulnerabilities from both an unauthenticated and authenticated attacker’s perspective. However, its internal ASM capabilities, while competent, may not be as robust as some competitors offer, as they are reserved for post-exploitation activities, which are not included in the ASM cost.
The risk scoring system employed by Bishop Fox is particularly notable. It evaluates actual exploitability, often verified by human experts, categorizing risks from informational (non-exploitable) to critical (easy to exploit, significantly broadening an attacker’s reach).
Strengths
Bishop Fox’s strengths lie in its asset discovery and vulnerability assessment capabilities. Its ability to customize asset categorization based on client needs is a significant advantage, offering flexibility in sorting and discovery frequency. Use of human testing is also notable, leading the market with the capability to validate exploitability with high confidence and remove false positives.
The solution’s flexibility is evident in its coverage of essential ASM use cases and its ability to address more complex needs, such as dynamic digital ASM and regulatory compliance. Additionally, the multitiered frequency of asset discovery and vulnerability assessment ensures clients receive vital updates without being overwhelmed.
Challenges
While Bishop Fox is strong in many areas, its internal ASM capabilities and custom threat intelligence offerings could be areas for improvement. The forthcoming release of a custom threat intelligence feature promises to enhance its offerings, but as of now, it’s not generally available.
Purchase Considerations
Bishop Fox offers a balanced cost-to-value ratio, with an average cost structure that includes support. Clients appreciate the human in the loop element, as it adds value to their investment. The platform’s scalability and ease of use, marked by a completely revamped user interface, make it an attractive option for a wide range of organizations.
Bishop Fox’s Cosmos solution is versatile, designed to serve a broad range of market segments with its general-purpose solution. It is particularly well-suited for industries with complex and dynamic digital environments, such as finance, healthcare, and technology. The solution’s strength in asset discovery and vulnerability assessment makes it ideal for organizations seeking to comprehensively understand and secure their digital assets.
Radar Chart Overview
Bishop Fox’s positioning as a Leader in the Maturity/Platform Play quadrant on the Radar reflects its well-established presence in the market, combined with a comprehensive and reliable platform-based approach to ASM. Its robust asset discovery and vulnerability assessment capabilities, coupled with a strong focus on client-centric customization and ease of use, underscore its leadership status. The continuous development and improvement in user interface and functionality demonstrate Bishop Fox’s commitment to maintaining its leadership position in a competitive landscape.
Bugcrowd, Attack Surface Management
Solution Overview
Bugcrowd ASM is an innovative solution with a crowdsourcing-centric approach. Its solution for ASM combines human and machine-powered methods, which has demonstrated significantly better coverage than traditional methods. While active assessment of vulnerabilities is available as an add-on through bug bounty or penetration testing programs, it’s not a standard feature in this ASM solution.
Bugcrowd’s approach to internal ASM is somewhat limited, primarily facilitated through API integrations with configuration management database (CMDB) platforms, offering insights but not comprehensive coverage. The risk scoring system is contextualized and human-reviewed, focusing on exploitability scores, which adds a layer of reliability to its assessments. However, its asset categorization is average, lacking in attribution details compared to competitors.
Strengths
Bugcrowd’s asset discovery approach, blending human expertise with automated processes, is a notable strength, providing extensive coverage. The platform’s scalability and intuitive user interface add to its appeal, making it user-friendly and suitable for growing organizations. Its flexibility in covering standard ASM use cases and the potential for enhanced effectiveness when paired with other Bugcrowd solutions make it a versatile choice.
Challenges
The platform’s capabilities in active vulnerability assessment and internal ASM are areas for growth but are currently limited in scope. The frequency of discovery, constrained to static weekly or daily cadences, could be more customizable to cater to varying organizational needs. Additionally, the lack of autonomous penetration testing capabilities and only average asset categorization highlight potential areas for improvement.
Purchase Considerations
Bugcrowd’s pricing is average, with cost benefits when bundled with other Bugcrowd services. Organizations should weigh the need for additional solutions against the cost. The ease of use, thanks to a well-designed UI/UX, and the availability of support within the platform make it an accessible option for a variety of users.
Bugcrowd’s solution is ideal for organizations looking for a blend of human and automated approaches to asset discovery and management. It is particularly well-suited for companies that value extensive coverage and contextual risk assessments. While it serves general ASM needs well, it shines when used in tandem with other Bugcrowd services, making it a good fit for organizations looking for a comprehensive suite of security tools.
Radar Chart Overview
Bugcrowd is positioned as a Forward Mover in the Entrant ring of the Innovation/Platform Play quadrant. It has a distinctive approach in blending human expertise with technological automation. This innovative stance, especially in asset discovery, positions Bugcrowd beyond conventional platform capabilities, driving its classification as a Platform Play with comprehensive solutions. However, it’s not just the breadth of services but the novel integration of human and machine intelligence that earmarks it as innovative.
Bugcrowd has shown progress since the previous year, particularly in enhancing user experience and extending coverage through its unique asset discovery methods. This progress indicates a trajectory of continual development and adaptation to emerging cybersecurity challenges, underlining its evolving and forward-thinking strategy.
Cavelo
Solution Overview
Cavelo’s approach to asset discovery, though currently limited by the need for agent deployment, shows promise with ongoing development efforts to enhance this capability. The solution excels in active vulnerability assessment, conducting comprehensive assessments across all discovered assets, including credential scanning and misconfiguration checks using CIS benchmarks.
A standout feature of Cavelo is its internal ASM, which has been a core aspect of the platform since its inception, owing to its agent-based approach. In terms of risk scoring, Cavelo adopts an innovative method by combining exploit prediction scoring system (EPSS) scores with common vulnerability scoring system (CVSS) and IBM’s cost of breach calculations, providing a multifaceted risk perspective.
Strengths
The strength of Cavelo lies in its full-spectrum vulnerability assessment and its robust internal ASM capabilities. The platform’s risk scoring methodology stands out for its incorporation of various critical factors, providing a comprehensive risk analysis. Additionally, the frequency of asset discovery is highly customizable, catering to different organizational needs, from real-time updates to longer intervals.
Challenges
Cavelo’s current limitations in asset discovery and scalability due to its reliance on agent-based methods present challenges. The absence of autonomous penetration testing, though planned for 2024, is also a gap in its current offerings.
Purchase Considerations
Cavelo’s modular pricing structure is a significant advantage, allowing customers to tailor their purchase to specific needs without incurring unnecessary costs. The platform’s user experience is intuitive, with an easy onboarding process and customizable dashboards, making it user-friendly and accessible.
Cavelo is particularly suited for organizations focusing on compliance with SEC requirements, CMMC, NIST, and CCPA. Its capabilities make it a strong contender for businesses seeking thorough internal ASM and comprehensive vulnerability management.
Radar Chart Overview
Cavelo’s placement as a Maturity/Feature Play and an Outperformer underscores its established presence in the market and its focus on delivering feature-rich, reliable solutions. The designation as a mature player reflects its proven track record and stability in providing robust ASM solutions.
As an Outperformer, Cavelo demonstrates significant advancements, especially in its unique risk scoring and customizable discovery frequency. These advancements highlight Cavelo’s commitment to evolving and enhancing its offerings to maintain its competitive edge.
CrowdStrike, Falcon
Solution Overview
CrowdStrike demonstrates a solid foundation with its comprehensive ASM solutions. The solution’s asset discovery is thorough, performing 24/7 autonomous scanning across a broad spectrum of assets with an ML-assisted approach for enhanced accuracy and correlation.
While active vulnerability assessment isn’t a primary strength, CrowdStrike compensates with robust validation methods, including industry-specific risk analysis and attack history review. Its internal ASM capabilities, provided through Falcon Discover, do not embody full internal ASM, but still offer valuable visibility across a range of operating systems.
The vendor’s risk scoring approach, using adversary intelligence-led prioritization, stands out as a significant feature, offering detailed, actionable risk assessments. However, the absence of autonomous penetration testing and certain limitations in customization and active assessment features highlight areas where CrowdStrike ’s development pace contrasts with the rapid innovation by other vendors.
Strengths
CrowdStrike’s asset discovery is robust and continuous, leveraging its autonomous capabilities to provide broad and in-depth visibility. Its risk scoring system, which uses unique adversary intelligence, is a critical asset, offering clients detailed and actionable insights for mitigating risks. Additionally, the platform’s custom threat intelligence, drawing from CrowdStrike’s extensive SOC experience, is unparalleled, offering tailored and highly relevant security insights to clients.
Challenges
The solution’s limitations in internal ASM, lack of autonomous penetration testing, and average flexibility in customization and active assessment are areas where CrowdStrike can improve. These gaps may affect its suitability for certain specific use cases.
Purchase Considerations
CrowdStrike offers a modular pricing model, allowing customers to tailor their purchases to their needs. The platform’s scalability, a hallmark of CrowdStrike’s solutions, makes it suitable for organizations of various sizes. The ease of use and intuitive UX design further add to its appeal, especially for users who value straightforward and effective interfaces.
CrowdStrike is particularly well-suited for organizations seeking comprehensive external asset discovery and sophisticated risk assessment. Its ability to scan a vast range of assets makes it ideal for large enterprises with complex digital footprints spanning various locations and cloud environments.
Radar Chart Overview
CrowdStrike is positioned as a Forward Mover in the Maturity/Platform Play quadrant. Its pace of development is more measured compared to other vendors in the space, and CrowdStrike is focused on refining and enhancing existing capabilities rather than rapidly introducing new features. The solution’s strength lies in its comprehensive asset discovery and risk assessment capabilities, which, while advanced, evolve at a pace more attuned to ensuring quality and reliability than rapid expansion.
This approach aligns with the expectations of mature market segments that prioritize consistent performance and proven solutions. CrowdStrike’s trajectory on the Radar Chart suggests a commitment to deepening and solidifying its existing capabilities, ensuring that its evolution in the cybersecurity space remains both steady and impactful.
Cyberint
Solution Overview
Cyberint excels in asset discovery, identifying standard digital assets and also allowing integration with cloud service providers (CSPs) for more accurate attribution. Additionally, its capability to assign tags for deep and dark web monitoring further enhances its asset discovery prowess.
While Cyberint does not currently offer active vulnerability assessment or internal ASM, it compensates with a robust risk scoring system. This system provides an overall risk score for organizations and individual asset risk scores across eight common vectors, making it straightforward to understand the impact of each asset on the organization’s overall risk posture.
Asset categorization is another area where Cyberint shows strength, allowing customers to categorize assets in various ways, with automated sorting based on asset type.
Strengths
Cyberint’s major strengths lie in its comprehensive asset discovery and risk scoring capabilities. The platform’s flexibility is notable, covering major ASM use cases and adding distinctive features like dark web monitoring. Its continuous discovery process and the ability for customers to prioritize specific aspects of the attack surface further enhance its appeal.
Challenges
The absence of active vulnerability assessment, internal ASM, and autonomous penetration testing are areas where Cyberint could expand its offerings to meet a broader range of ASM needs.
Purchase Considerations
The scalability of Cyberint makes it a viable option for large organizations, including Fortune 100 companies. The licensing model, based on in-scope assets and desired level of coverage, offers transparency and flexibility in pricing. Additionally, the platform’s ease of use, bolstered by dedicated customer success managers and an intuitive UI, facilitates a smooth user experience.
Cyberint is particularly well suited for organizations requiring comprehensive asset discovery, including those needing enhanced monitoring capabilities like dark web surveillance. Its ability to integrate with cloud services makes it ideal for businesses with significant cloud-based assets.
Radar Chart Overview
As a Fast Mover in the Maturity/Platform Play quadrant, Cyberint demonstrates a commitment to rapid development while maintaining a focus on platform stability and maturity. This positioning reflects its ability to introduce features like enhanced asset discovery and dark web monitoring, pushing the boundaries of what’s typical in mature platform offerings. Cyberint’s advancement in the ASM field, marked by its dynamic approach to asset discovery and risk scoring, positions it as an Entrant crossing into the Challenger ring, indicating a trajectory toward becoming a key player in the cybersecurity arena.
CyCognito, Attack Surface Management
Solution Overview
CyCognito excels in comprehensive asset discovery and vulnerability assessment. The platform requires zero configuration and input from the user, offering an exceptionally thorough discovery process. It effectively maps assets to organizations–a challenging feat, especially for large enterprises–and boasts a high rate of asset owner attribution.
The platform integrates dynamic application security testing (DAST) to actively probe web applications and perform IT hygiene testing on cloud and internet-facing infrastructure, including through the use of legacy vulnerability scanning techniques. Every asset is thoroughly scanned and tested, demonstrating CyCognito’s depth in active vulnerability assessment.
Internal ASM is achieved with major cloud providers but is currently limited for on-premises technologies, although this issue is somewhat mitigated by integration with vulnerability scanners.
Strengths
CyCognito’s standout feature is its risk scoring, focusing on the most critical issues that contribute to the majority of security risks, thus allowing for more targeted remediation. Its asset categorization capabilities are advanced, with both automatic and manual classification and organizational assignment.
The platform also offers curated threat feeds, including unique insights from CyCognito applied to every identified issue. Its capabilities in autonomous penetration testing, while a separate product, further emphasize its strength in this area.
Challenges
While CyCognito excels in many respects, its scalability is on par with competitors, and the cost of the platform, though justified by its capabilities, may be a consideration for some organizations. The limited capability in internal ASM for on-premises technology is another area for potential growth.
Purchase Considerations
Organizations considering CyCognito should weigh the comprehensive nature of the platform against its cost. The platform’s modularity in pricing offers flexibility, and its intuitive solution, especially via the risk profiles, simplifies identification of critical vulnerabilities.
CyCognito is ideal for large organizations with complex digital environments that require detailed and accurate asset discovery and vulnerability assessment. It’s particularly suitable for industries that need a deep understanding of their digital footprint, including finance, healthcare, and technology sectors.
Radar Chart Overview
CyCognito is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant. This reflects its innovative approach to asset discovery and vulnerability assessment taken while maintaining a solid foundation in the mature platform space. This placement indicates a commitment to advanced ASM solutions and a keen focus on evolving and adapting to the changing digital landscape rapidly. CyCognito’s leadership is underscored by its comprehensive asset mapping, advanced risk scoring, and autonomous penetration testing capabilities, marking it as a prominent and dynamic player in the cybersecurity field.
Cymulate, Exposure Management and Security Validation Platform
Solution Overview
Cymulate provides average external asset discovery, effectively identifying a range of digital assets, and excels in internal discovery with capabilities extending to Active Directory, Azure AD, AWS service configurations, and on-premises/private cloud environments.
In terms of active vulnerability assessment, Cymulate’s competent capabilities are on par with industry standards. Its internal ASM is particularly noteworthy, using an agent-based approach deployed on-premises or in the cloud. This same agent is used for breach and attack simulation as well as automated red teaming, minimizing management overhead.
The risk scoring process in Cymulate is a two-stage calculation that prioritizes risk scores based on an asset’s risk level and the frequency and severity of findings. While the platform allows for basic asset categorization, it stands out in custom threat intelligence, leveraging multiple sources along with in-house research.
Strengths
Cymulate’s strengths lie in its above-average internal discovery capabilities and its innovative risk scoring methodology. The platform’s flexibility is evident in its ability to handle standard ASM use cases and more specialized scenarios like security control validation and risk-profiled asset inventories based on aggregated data and findings of third-party products such as vulnerability scanners, asset databases, and endpoints.
Challenges
While Cymulate is strong in several areas, its frequency of discovery is fixed and does not allow for customization, which could be a limitation for some organizations. Its scalability and cost are in line with industry standards, offering no significant differentiation.
Purchase Considerations
Prospective buyers should consider the platform’s seamless integrations, ease of use, and strong customer support. The option to purchase the solution standalone, or as part of a discounted package with other services like BAS and automated red teaming, adds flexibility in pricing.
Cymulate is particularly well-suited for organizations requiring thorough internal and external asset discovery and sophisticated risk assessment. Its capabilities for minimizing exposure to internet/public risks and validating security controls make it ideal for businesses with a significant digital presence.
Radar Chart Overview
Cymulate is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant. This underscores its dynamic approach and leadership in the ASM space. Its advanced capabilities in internal discovery, risk scoring, and the innovative use of a single agent for multiple functionalities demonstrate its commitment to evolving and adapting rapidly. This fast-paced development, combined with a solid foundation in mature platform solutions, establishes Cymulate as a leading vendor of comprehensive and effective cybersecurity solutions including ASM.
Detectify, Surface Monitoring
Solution Overview
Detectify has a focused and progressive approach to ASM. The platform excels in asset discovery, with the focus on DNS-level foundation and asset (domains/subdomains) attribution. This provides users with actionable data—such as third-party tech, open ports, and expired certificates—that enables the setting of custom policies, although it falls short in encompassing physical equipment or broader asset types.
A standout feature of Detectify is its comprehensive active assessment of vulnerabilities, by which all assets are rigorously tested across the attack surface. Once every 24 hours, it orchestrates a series of tests that includes finding open ports, fingerprinting services, and vulnerability testing. This includes state-of-the-art DAST on web applications and both stateless and stateful testing. Users have the flexibility to set custom policies for identifying and addressing exposures.
The platform’s approach to risk scoring is pragmatic, using CVSS for known vulnerabilities and a CVSS-like formula for unknown vulnerabilities. Asset categorization is another strength, with automatic grouping based on asset characteristics and the ability for customers to create custom grouping rules.
Strengths
Detectify’s major strengths include its thorough active vulnerability assessment and its sophisticated approach to asset categorization. The scalability of the platform is highly regarded, both in terms of user experience and operational capability. Additionally, the availability of a free self-guided trial and the option to purchase directly or through a managed partner add to its appeal.
Challenges
The platform’s limitations include the lack of coverage for internal ASM, physical assets, and custom threat intelligence. Additionally, the absence of autonomous penetration testing restricts its scope in certain areas of ASM, although some pen testing features are delivered through a crowdsourced community of testers.
Purchase Considerations
Organizations considering Detectify should note its ease of use and supportive onboarding process. However, the lack of customizable dashboards might be a constraint for some users. The cost-effectiveness of the platform, especially with the free trial option, makes it an attractive choice for a range of customers.
Detectify is particularly suited for organizations prioritizing comprehensive external asset discovery and active vulnerability assessment. Its capabilities make it ideal for businesses with a significant online presence and those requiring regular, thorough web application testing.
Radar Chart Overview
Detectify is positioned as a Challenger and Fast Mover in the Innovation/Feature Play quadrant. This highlights its agile and focused approach in the ASM landscape. The platform’s strengths in advanced asset discovery and active vulnerability assessment, despite its narrower scope on physical assets and internal ASM, demonstrate a commitment to innovation in specific areas of ASM. This positioning indicates Detectify’s potential to challenge established leaders by continuing to develop and refine its targeted solutions, catering to evolving cybersecurity needs.
FireCompass, External Attack Surface Management
Solution Overview
FireCompass straddles the line between maturity and innovation in its ASM offering. The solution excels in asset discovery, covering expected digital assets and excelling in identifying takeover risks due to misconfigurations and expertly finding preproduction systems inadvertently exposed to the internet.
The solution’s active assessment of vulnerabilities is robust, employing a combination of active, passive, and multistage assessments. This modular approach allows for tailored assessments based on asset sensitivity and timing, ensuring high confidence in results without compromising asset security. It has the capability to identify assets typically exploited by specific adversaries. It can also discover common vulnerabilities and exposures (CVEs) with critical and high severity within 24 hours of them becoming public.
Internal ASM capabilities are in beta and expected to reach a stable state in the coming months, at which point they will be generally available. Risk scoring employs a proprietary method, considering factors like asset priority, risk severity, and likelihood of exploitability, though it is not customer-configurable.
Strengths
FireCompass’s strengths lie in its comprehensive asset discovery and flexible approach to vulnerability assessment. Its asset categorization is notably broad and detailed, enhancing asset management capabilities. The platform’s standout feature is its autonomous penetration testing suite, a core capability that has been a part of its offerings for years.
The flexibility of the solution is a key strength, attributable to its advanced automations and diverse platform features. Its scalability is impressive, being agentless and capable of handling large networks efficiently.
Challenges
While FireCompass offers a range of capabilities, its internal ASM is currently limited, and the risk scoring system lacks customer configurability. These features offer room for further development to enhance its overall ASM solution.
Purchase Considerations
Organizations considering FireCompass should note its ease of use, with minimal setup and an intuitive UI/UX. The platform is sold per asset, with licensing terms ranging from one to five years, offering a degree of flexibility in pricing.
FireCompass is particularly well-suited for organizations requiring comprehensive asset discovery, including the identification of takeover risks and preproduction systems. Its robust penetration testing capabilities make it ideal for businesses looking for thorough and flexible vulnerability assessments.
Radar Chart Overview
FireCompass is positioned as a Leader and Fast Mover in the Maturity/Platform Play quadrant. This highlights its balanced approach, which combines established reliability with innovative features. This positioning near the Maturity-Innovation divide underscores its ability to provide advanced, mature platform solutions while continuously evolving to incorporate cutting-edge capabilities like autonomous penetration testing. Its comprehensive asset discovery, flexible vulnerability assessment, and scalable platform mark FireCompass as a Leader adept at navigating this complex cybersecurity landscape.
Group-IB, Attack Surface Management
Solution Overview
Group-IB takes a progressive approach to the ASM landscape. The solution’s asset discovery is comprehensive, with no limits on the types of assets that can be discovered. Unlike some solutions that omit assets they can’t confidently identify, Group-IB includes these in the results, albeit marked with a lower confidence label.
Active vulnerability assessments are integrated into both the asset discovery phase and the subsequent vulnerability assessment process. However, internal ASM is not a part of the ASM solution, although it is available within Group-IB’s broader portfolio.
The risk scoring methodology is proprietary, focusing on the confidence and reliability of findings. Asset categorization is currently manual but is expected to soon include automated categorization based on customer profiles. The platform also uses its ASM as a source of custom threat intelligence, exportable via API.
Strengths
Group-IB’s strength lies in its active assessment of vulnerabilities and comprehensive asset discovery. The platform’s autonomous payload probing capabilities, which supplement discovery and provide higher fidelity results, are noteworthy. Additionally, recent significant improvements in the platform’s ease of use, including a complete UI and UX overhaul, enhance its user experience and class-leading custom threat intelligence sources, which include data from dark web mentions, compromises, and mentions in attacks.
Challenges
While Group-IB excels in several areas, its flexibility is more focused on common ASM use cases without much expansion beyond that. The frequency of discovery is currently fixed at a daily schedule, with future plans for more continuous discovery options for MSSP customers.
Purchase Considerations
The vendor’s prepaid SaaS style acquisition model, which includes all support and features without an à la carte pricing strategy, is a significant advantage. This prepaid model, coupled with the option to combine with other solutions from Group-IB, offers flexibility and comprehensive coverage for clients.
Group-IB is well-suited for organizations that require an expansive and active approach to asset discovery and vulnerability assessment. Its capabilities make it ideal for businesses looking for a robust and all-inclusive ASM solution.
Radar Chart Overview
Group-IB is positioned as a Challenger and a Fast Mover in the Innovation/Platform Play quadrant due to its dynamic and forward-thinking approach. This positioning reflects its commitment to pushing the boundaries in asset discovery and vulnerability assessment, demonstrating a blend of innovation and platform robustness. The vendor’s development trajectory, marked by continuous enhancements in user experience and capabilities, shows Group-IB’s ambition to challenge the status quo, and it is likely to emerge as a Leader in ASM.
Hadrian, Continuous Asset Discovery
Solution Overview
Hadrian is exceptional in asset discovery, covering a wide array of assets including common types and third-party elements, and facilitating improved risk identification in partnerships and specific software types.
Its approach to active vulnerability assessment is particularly innovative, using an “orchestrator AI” for conducting OWASP Top 10-style attacks to identify both known and zero-day threats. This feature is continuously updated with human intelligence and fed by 24/7 threat intelligence, performing both active and passive risk identification on all assets.
Internal ASM is somewhat limited, with internal assets being imported through API connections. However, Hadrian’s risk scoring method stands out because it leverages stakeholder-specific vulnerability categorization, allowing users to recategorize severity and consequently train Hadrian’s ML models.
Strengths
Hadrian’s strengths are manifold, with its active assessment of vulnerabilities being a key highlight, thanks to its sophisticated Orchestrator AI. The platform’s asset categorization is highly versatile, allowing for detailed sorting and filtering. Its autonomous penetration testing capability, powered by the orchestrator AI, emulates real-world attacker behavior, providing high-fidelity testing without the need for manual intervention.
Challenges
While Hadrian offers robust capabilities, its internal ASM coverage is limited.
Purchase Considerations
The scalability of Hadrian’s solution is commendable, aligning with industry standards. The platform’s pricing includes all support and is sold in full directly without add-ons, making it a straightforward investment for potential buyers. The user experience is enhanced by an intuitive UI/UX and guided onboarding, supported by continuous customer success management.
Hadrian is particularly well-suited for organizations looking for comprehensive external asset discovery and sophisticated vulnerability assessment, including third-party risk assessments and phishing page detection. Its adaptability in presenting data for various internal teams like SOC, DevOps, and compliance makes it a versatile choice for diverse organizational structures.
Radar Chart Overview
Hadrian is positioned as a Leader and Outperformer in the Innovation/Platform Play quadrant due to its cutting-edge approach to ASM solutions. The solution’s continuous and adaptive discovery process, coupled with advanced AI-driven vulnerability assessment and penetration testing, underscores its innovative edge. This positioning reflects Hadrian’s commitment to pushing the boundaries of cybersecurity technology, demonstrating its capability to lead the market with forward-thinking solutions that address complex security challenges.
IBM, Randori Recon
Solution Overview
IBM Randori offers comprehensive asset discovery and vulnerability assessment capabilities. The platform is notable for its focus on IPv6 ranges, offering precision in discovery that encompasses IP addresses, services, hostnames, socials, networks, subdomains, and more.
With IBM Randori Recon Premium, the platform provides a robust active assessment of vulnerabilities, allowing users to confirm the presence and exploitability of vulnerabilities on their attack surface. This feature is complemented by the ability to retest with a simple click, ensuring up-to-date information.
Internal ASM is available through an add-on called IBM Randori Attack Targeted, which uses sophisticated software implants for deep analysis. The platform’s risk scoring is comprehensive, taking into account factors like attack ability, asset characteristics, validated vulnerabilities, and business context, resulting in a precise representation of risk.
Strengths
IBM Randori’s strengths include its advanced asset discovery, particularly in IPv6, and its top-tier risk scoring and active vulnerability assessment. The platform’s asset categorization is detailed and customer-adjustable, enhancing its utility. Its approach to custom threat intelligence, using broad discovery data coupled with identified vulnerabilities, offers unique insights tailored to each organization.
Challenges
While IBM Randori offers a range of capabilities, customers currently cannot adjust the frequency of discovery or customize dashboards, though these features are expected in the future.
Purchase Considerations
IBM Randori’s scalability is robust, suitable for both SMBs and large enterprises. The cost structure is versatile, with direct sales, channel, and MSSP options, and separate pricing for the Recon product. The platform requires no setup from customers, adding to its ease of use.
IBM Randori is ideal for organizations seeking thorough asset discovery and rigorous active vulnerability assessment. Its comprehensive approach makes it well-suited for a broad spectrum of industries, particularly those with complex digital environments.
Radar Chart Overview
IBM Randori’s position as a Leader and Fast Mover in the Maturity/Platform Play quadrant underscores its advanced and comprehensive approach to ASM. The platform’s in-depth discovery, coupled with sophisticated vulnerability assessment and threat intelligence, reflects its maturity and innovation. IBM Randori’s combination of depth in asset analysis, precision in risk scoring, and future-focused capabilities like upcoming autonomous penetration testing, establishes it as a Leader adept at addressing complex and evolving ASM challenges.
Intel 471
Solution Overview
Intel 471’s asset discovery capabilities are robust, identifying common ASM assets and also unique meta-assets like cryptocurrency wallet addresses, phone numbers, human names, and usernames. This discovery is further enhanced by its expertise in dark web counter-threat intelligence, which is seamlessly integrated into the ASM process.
Active vulnerability assessment is approached indirectly through the use of curated threat intelligence, correlating active exploitation vulnerabilities with asset risks identified on the client’s attack surface. Although Intel 471 does not offer internal ASM, its risk scoring methodology is highly effective, leveraging deep integration of threat intelligence throughout the ASM solution.
Intel 471 plans to launch its next-gen platform in late 2024, featuring enhanced automation and visualization tools to improve threat intelligence operationalization and aid analysts in proactive defense efforts.
Strengths
Intel 471’s major strength lies in its exceptional custom threat intelligence, widely regarded as the best in the business. This intelligence is human-led and sourced from unique channels, providing a significant edge in threat identification and application throughout the solution. The solution’s flexibility is noteworthy, with its ability to adapt to multiple industries, countries, organizational sizes, and spaces.
Challenges
The platform’s limitations include a lack of internal ASM capabilities and only basic functionality in autonomous penetration testing. Additionally, asset categorization is somewhat limited, focusing mainly on asset annotation rather than detailed categorization.
Purchase Considerations
Intel 471 offers a tiered pricing model with a flat rate, including add-ons for special features. This approach provides clarity and flexibility in cost management. The platform’s scalability is robust, thanks to its cloud-based infrastructure and modern architecture. Its ease of use and automated threat intelligence correlation make it accessible and efficient for users.
Intel 471 is particularly well-suited for organizations that require extensive asset discovery, including the identification of unique meta-assets, and those who value advanced threat intelligence integration in their ASM solution. Its capabilities make it ideal for a diverse range of industries and organizational sizes.
Radar Chart Overview
Intel 471’s classification as an Outperformer in the Innovation/Platform Play quadrant reflects its exceptional approach to ASM, particularly through its integration of unique threat intelligence. This positioning indicates a strategic blend of innovation and expertise, allowing Intel 471 to challenge established norms in the ASM landscape. The platform’s distinctive approach to asset discovery and risk assessment, coupled with its unparalleled threat intelligence capabilities, demonstrates its potential to lead the market with novel and impactful ASM solutions.
Intruder, Attack Surface Monitoring
Solution Overview
Intruder’s solution is proficient in asset discovery, leveraging cloud connections, network scanning, and subdomain enumeration (currently in beta, with general availability expected soon).
Active vulnerability assessments on all assets aim to minimize noise, though the depth and accuracy of these assessments are not fully detailed. Internal ASM is feasible through its agents, but this method is limited to assets already known for agent deployment.
Risk scoring is a standout feature for Intruder, starting with CVSS v3 and enhanced by human analysts overlaying CISA data, with particular emphasis on internet-exposed assets or those performing sensitive functions.
Strengths
Intruder’s strengths lie in its comprehensive asset discovery, particularly for cloud assets, and its effective risk scoring system, which benefits from human analyst input. The platform’s flexibility is notable, supported by its robust discovery functions and powerful vulnerability management features, which enable it to cater to a variety of use cases.
Challenges
The solution’s limitations include the depth of autonomous penetration testing and the integration of custom threat intelligence. Additionally, while internal ASM is available, it is constrained by the prerequisite of known assets for agent deployment.
Purchase Considerations
Intruder offers modular pricing, allowing customers to select specific components of the SaaS platform, with clear pricing displayed on its website. The scalability of the platform is generally not an issue, accommodating various organizational sizes.
Intruder is particularly suitable for organizations looking for strong asset discovery capabilities, especially in cloud environments, and those seeking effective risk assessment and vulnerability management.
Radar Chart Overview
Intruder’s position as a Challenger and Fast Mover in the Maturity/Platform Play quadrant reflects its dynamic development and proficiency in both platform and feature aspects of ASM. The vendor’s approach indicates its capability to address a wide range of ASM needs while constantly evolving. Its advanced asset discovery, coupled with effective risk scoring and vulnerability management, positions Intruder as a significant Challenger in the ASM field, poised to move into the Leaders ring with ongoing development and enhancements.
IONIX
Solution Overview
IONIX demonstrates a robust and comprehensive approach to ASM. The platform excels in asset discovery because it’s capable of identifying four distinct layers: internal assets on public clouds, vendor-managed or hosted assets, digital supply chains, and typical IT assets.
Its active vulnerability assessment capabilities are particularly strong, leveraging frameworks like OWASP to provide accurate risk assessments, remediation guidance, and validation of findings. Using Connective Intelligence, the platform also identifies attack paths from digital supply chains and across IT environments. While it can offer internal assessments for assets on public clouds, its capability is limited for on-premises environments.
IONIX’s risk scoring process is multitiered, providing asset level and comprehensive attack surface perspectives across 13 operational and infrastructure categories. This approach takes into account the overall risk per asset, including asset criticality, and enables organizations to benchmark it against industry peers.
Strengths
IONIX’s major strengths include its extensive attack surface mapping and asset categorization, covering almost all digital asset types. It uses multiple cyberthreat intelligence sources, enriched with dark web data and automatically attributed to assets across the attack surface; this sets it apart in threat intelligence. The platform’s non-intrusive active assessment capabilities are akin to professional penetration testing, ensuring thorough coverage and integration with other security services for an expanded assessment scope.
Challenges
The platform’s limitation lies in its restricted internal ASM capabilities for on-premises environments.
Purchase Considerations
The vendor offers tiered pricing based on asset count and included features providing clarity and flexibility. Its scalability is competitive and suitable for a range of organizational sizes. IONIX’s ease of use is a significant advantage, requiring minimal technical expertise to identify and address top threats effectively.
IONIX is particularly well-suited for organizations with a diverse range of digital assets, including those in public clouds and as part of digital supply chains. Its capabilities make it ideal for businesses seeking comprehensive vulnerability assessment and advanced threat intelligence integration.
Radar Chart Overview
IONIX’s position as a Leader and Fast Mover in the Innovation/Platform Play quadrant underscores its advanced approach to asset discovery and vulnerability assessment. This classification reflects a blend of innovation and thoroughness in ASM solutions, with a focus on providing comprehensive risk analysis and advanced threat intelligence. IONIX’s capabilities in covering a wide range of digital assets and offering rich contextual threat intelligence underscore its leadership position in the market, emphasizing its commitment to leading with cutting-edge, effective cybersecurity solutions.
JupiterOne
Solution Overview
JupiterOne demonstrates a solid foundation in asset discovery and categorization. The platform is proficient at identifying a wide range of assets with minimal customer intervention, a capability that has become almost a standard expectation in this space.
While active vulnerability assessment is not a feature of the solution, JupiterOne’s asset discovery is complemented by risk scoring based on CVE/EPSS along with identifying the impact of vulnerabilities through attack path mapping. Its internal ASM capabilities are limited, indicating that this is not the primary focus of the solution.
Strengths
The solution’s most compelling feature is its asset categorization. JupiterOne has great internal ASM capabilities and has plentiful integrations, allowing it to provide insights into hybrid environments. JupiterOne excels in this area, offering robust filtering, sorting, and tagging options based on unique asset qualities. The strength of its discovery capabilities ensures that nuanced details of assets are typically identified, simplifying the process of attribution to asset owners.
Challenges
The absence of active vulnerability assessment and autonomous penetration testing are areas where JupiterOne could expand its offerings to meet a broader range of ASM needs.
Purchase Considerations
Regarding scalability, JupiterOne performs above average, backed by its strong discovery and asset management features. The ease of use is another notable aspect, with the platform using natural language queries to facilitate user interaction.
JupiterOne is well-suited for organizations that prioritize comprehensive asset discovery and sophisticated categorization. Its capabilities make it ideal for businesses focusing on asset management and seeking user-friendly solutions.
Radar Chart Overview
JupiterOne is positioned as an Entrant and Fast Mover in the Innovation/Platform Play quadrant. This highlights its potential and evolving capabilities in the ASM field. The platform’s focus on asset discovery and categorization positions it as an emerging player that, while not yet fully established in areas like active vulnerability assessment, shows promise in developing a more comprehensive ASM solution. Its current strengths and trajectory suggest a future evolution toward a more rounded offering, catering to a broader spectrum of ASM needs.
Mandiant, Attack Surface Management
Solution Overview
Mandiant showcases a strong combination of asset discovery and vulnerability assessment capabilities. The platform employs both active and passive methods for asset discovery, initiated by as little as a single piece of client information like a domain name. It includes daily scanning, ensuring comprehensive coverage and up-to-date asset information.
Active assessment of vulnerabilities is a key strength, with Mandiant actively testing to verify known vulnerabilities, such as Log4j, to ensure the accuracy of scanning results. However, internal ASM is not a feature of this solution.
While Mandiant’s data science team has published extensively on risk quantification, it’s not clear if these methods are directly integrated into its ASM technology, leading to a default risk scoring of average. Asset categorization is robust, allowing customers to sort and filter assets based on risk and other relevant data, enriched by Mandiant’s renowned threat intelligence.
Strengths
Mandiant’s strengths lie in its asset discovery, active vulnerability assessment, and its integration of custom threat intelligence into the solution. The platform’s continuous discovery approach and real-time enrichment of asset information ensure a constantly updated and accurate view of the asset landscape.
Challenges
The absence of internal ASM and autonomous penetration testing are notable limitations, potentially restricting the solution’s appeal to organizations seeking more comprehensive ASM features.
Purchase Considerations
Mandiant’s solution offers good scalability, although it is not particularly groundbreaking in a highly competitive space. The cost may be on the higher side for smaller organizations, but it is all-inclusive, incorporating Mandiant’s highly regarded threat intelligence. The platform is known for its intuitive UI and assisted onboarding process, making it user-friendly and low-maintenance.
Mandiant is particularly suitable for organizations looking for robust asset discovery and active vulnerability assessment, supplemented by high-quality threat intelligence. Its ease of use and continuous discovery approach make it a viable option for businesses seeking a dynamic and up-to-date ASM solution.
Radar Chart Overview
Mandiant’s positioning as a Fast Mover in the Maturity/Feature Play quadrant’s Challengers ring reflects its proficiency in combining asset discovery with effective vulnerability assessment and threat intelligence. This classification indicates a strategic focus on delivering mature, feature-rich solutions while continuously evolving to meet dynamic security challenges. Mandiant’s approach, marked by its strength in active assessments and integration of high-quality threat intelligence, positions it as a significant Challenger in the ASM Feature Play space, poised to address evolving client needs.
NetSPI, Attack Surface Management
Solution Overview
NetSPI demonstrates exceptional capabilities in asset discovery and vulnerability assessment. Its discovery capability is class-leading, offering granular findings and comprehensive results that surpass most competitors. The platform’s active assessment of vulnerabilities is bolstered by powerful automations, complemented by the human creativity of consultants, resulting in a nuanced identification of true risk.
While internal ASM is not a feature of this solution, NetSPI excels in risk scoring. The process involves evaluating multiple aspects, including external expertise and CVSS, and focusing on prioritizing exposures and vulnerabilities based on severity rather than just numerical scores.
The solution is user-friendly, with simple onboarding and minimal maintenance or deployment work required. The inclusion of continuous consultant support to minimize noise and provide expert insights further enhances its usability.
Strengths
NetSPI stands out for its sophisticated approach to asset discovery and vulnerability assessment. The platform’s flexibility is noteworthy, being suitable for a range of verticals, sectors, and organization sizes. Its penetration testing capabilities, which use automation to augment consultant expertise, add a unique dimension to its ASM offerings.
Challenges
The platform’s absence of internal ASM and customizable dashboards are areas where the solution could see improvement.
Purchase Considerations
Scalability is a strong point for NetSPI, with no significant issues noted. The cost model, based on the number of assets with included consultant expertise, offers significant value. Onboarding is straightforward, and the continuous effort to reduce noise enhances the user experience.
NetSPI is particularly well-suited for organizations seeking in-depth asset discovery and sophisticated vulnerability assessments. Its applicability across various industries, including both the public and private sectors, makes it versatile for a wide range of cybersecurity needs.
Radar Chart Overview
NetSPI is recognized as a Fast Mover in the Leaders ring of the Innovation/Platform Play quadrant, signifying its excellence in asset discovery and vulnerability assessment. The solution stands out for its granular and comprehensive discovery capabilities, combined with effective vulnerability assessments enhanced by both automation and human expertise. While lacking in internal ASM, NetSPI excels in risk scoring, focusing on severity and prioritization. Its scalability and adaptability across various industries underscore its versatile approach to ASM. This positioning reflects NetSPI’s commitment to innovation with its comprehensive and sophisticated approach to ASM.
Palo Alto Networks, Cortex Xpanse
Solution Overview
Palo Alto Networks has robust capabilities in asset discovery and risk scoring. The platform monitors the entire IPv4 and IPv6 address space, incorporates certificate data and domain data, routinely scans up to 65,000 ports, and fingerprints over 700 different types of service based on their responses.
While currently offering limited active vulnerability assessments, there are plans to substantially improve this feature in the spring of 2024. Internal ASM is achievable through integrations with its own CNAPP solution, Prisma Cloud, as well as CMDB, CSPs, and EDR systems.
Risk scoring is a standout feature, considering various factors like EPSS, CVE, CVSS, asset priority, and threat intelligence to calculate a risk score that reflects both expected exploitability and potential damage. Asset categorization is flexible, allowing custom tagging and assignment to specific business units or incidents.
Strengths
Palo Alto Networks excels in comprehensive asset discovery and sophisticated risk scoring. The platform’s integration of strong threat intelligence, sourced from its internal research teams, enhances its ASM capabilities. Its flexibility in addressing common use cases, augmented by the ability to integrate with a broader set of Palo Alto Networks solutions, broadens its applicability across various ASM scenarios.
Challenges
The current state of internal ASM, although good for this space, is a noted area for improvement. Active assessment features are strong but need to be added on to the ASM solution for an additional cost.
Purchase Considerations
The scalability of Palo Alto Networks’ solution is strong, especially when combined with other on-premises or self-managed solutions from the same provider. The cost structure is based on a platform fee plus per-module licensing, with the option to include ASM as part of the Cortex extended security intelligence and automation management (XSIAM) solution. The platform’s intuitive UI and simplified onboarding process contribute to its ease of use.
Palo Alto Networks is suitable for organizations requiring extensive asset discovery and rigorous risk assessment. Its capabilities make it ideal for businesses looking for a comprehensive ASM solution that can integrate with a broader ecosystem of security tools.
Radar Chart Overview
Palo Alto Networks’ positioning as a Fast Mover in the Maturity/Platform Play quadrant’s Leader ring underscores its commitment to evolving within the mature ASM platform space. The platform’s continuous discovery, combined with its advanced risk scoring and upcoming improvements in vulnerability assessment, highlights its potential to address complex ASM challenges effectively. This positioning reflects Palo Alto Networks’ focus on delivering a robust and scalable solution.
Praetorian, Chariot
Solution Overview
Praetorian Chariot’s asset discovery is exceptional, employing both inside-out and outside-in analysis, and using integrations for internal insights and external scanning, supplemented by OSINT for uncovering unknown assets. This comprehensive approach is unique in the ASM landscape.
Active assessment of vulnerabilities involves human-led review, ensuring high-quality results and minimal false positives. However, this meticulous approach could lead to time delays. Internal ASM is available for cloud assets through CSP APIs, but on-premises or customer-managed clouds are not covered.
Risk scoring is conducted from an attacker’s perspective, with vulnerabilities not viewed in isolation but chained together, mimicking an attacker’s strategy. This results in a highly accurate assessment of the risks present in the attack surface.
Strengths
Praetorian’s strengths include its unparalleled asset discovery approach and human-led vulnerability assessment, ensuring superior quality results. The inclusion of pen testing, albeit not fully autonomous, adds significant value to the platform. Its fully managed ASM solution and user-friendly UI/UX make it highly accessible for users.
Challenges
The solution’s reliance on human analysis for vulnerability assessment, while ensuring quality, might limit its responsiveness. The lack of custom tagging in asset categorization and limited coverage for on-premises assets are areas for potential enhancement.
Purchase Considerations
Praetorian’s scalability is commendable, though slightly constrained by its human-in-the-loop model. The cost includes expert analysis, research, and a fully managed solution, offering substantial value.
Praetorian is ideal for organizations seeking a comprehensive, human-reviewed ASM solution with a focus on detailed asset discovery and vulnerability assessment. Its suitability for cloud environments and fully managed nature make it a strong choice for businesses requiring hands-off, expert-driven ASM management.
Radar Chart Overview
Praetorian’s positioning as a Fast Mover in the Innovation/Feature Play quadrant’s Leaders ring underscores its innovative approach, blending comprehensive asset discovery with human-led vulnerability assessment. This classification reflects a unique strategy in the ASM field, offering a blend of thoroughness and expertise. Praetorian’s comprehensive approach to understanding and assessing the attack surface, combined with its focus on delivering a high-quality, fully managed solution, establishes it as a Leader.
Tenable, Attack Surface Management
Solution Overview
Tenable offers network-level asset discovery. The platform effectively performs network reconnaissance of the entire external attack surface but lags behind in discovering subdomains, social profiles, and identities.
Active vulnerability assessment is somewhat limited, primarily focused on cross-referencing identified vulnerabilities with known CVEs and CVSS scores. While Tenable does not provide internal ASM within this specific solution, similar results could be achieved through other Tenable products designed for internal assets.
Risk scoring uses standard CVE and CVSS scores, with no detailed publication of in-depth calculation methods. Asset categorization is robust, allowing for sorting based on type, location, ownership, and customer-created categories.
Strengths
Tenable’s strengths lie in its effective network-level asset discovery and customizable asset categorization. The platform’s user-friendly interface and streamlined onboarding process add to its appeal, making it accessible for a variety of users.
Challenges
The solution’s limited active vulnerability assessment and lack of internal ASM within the same solution may restrict its appeal for organizations seeking a more comprehensive ASM solution.
Purchase Considerations
Scalability is adequate, with no obvious restrictions, but the platform’s discovery capabilities may limit its scalability across various enterprise assets. The cost structure is assumed to be modular, allowing for additional feature integration as needed.
Tenable is well-suited for organizations focusing on extensive external asset discovery, particularly at the network level, and those requiring straightforward asset categorization. Its capabilities make it a viable option for businesses looking for a user-friendly solution with standard vulnerability assessment features.
Radar Chart Overview
Tenable is positioned as an Entrant and Fast Mover in the Maturity/Platform Play quadrant. This reflects its solid foundation in asset discovery and categorization, coupled with standard vulnerability assessment practices. This positioning indicates a strategic focus on delivering reliable, mature platform solutions while continuously evolving to meet standard ASM challenges. Tenable’s approach, characterized by its effective network reconnaissance and user-friendly design, establishes it as a significant contender in the mature ASM platform market, poised to address evolving needs.
6. Analyst’s Outlook
The current ASM market is characterized by rapid technological advancements and an increasing focus on comprehensive asset discovery and risk assessment. Vendors are innovating to cover a wide range of digital assets, including cloud, IPv4/IPv6, and digital supply chains, while also emphasizing the importance of active vulnerability assessment and threat intelligence integration.
For prospective customers beginning their journey in ASM, it’s crucial to understand that there’s no one-size-fits-all solution. The first step should be to assess the organization’s unique needs, considering factors like asset types, industry-specific risks, and the scale of digital infrastructure. Familiarizing oneself with common frameworks like OWASP and CVSS and understanding the nuances of asset discovery and the ways different vendors calculate risk scoring can provide a solid foundation.
On the Radar chart, vendors are distinguished by their strategic focus—either Feature Play or Platform Play—and their solution’s overall current posture, categorized as one of either Innovation or Maturity. Some vendors have carved out a niche in pioneering innovative approaches, focusing extensively on comprehensive asset discovery and active vulnerability assessments. These solutions are marked by their advanced technologies and forward-thinking methodologies. In contrast, other vendors prioritize mature, established, and comprehensive Platform Plays. Their offerings are characterized by robust asset management and integrated threat intelligence, appealing to organizations seeking reliability and proven methods. A significant trend in the market is the convergence of new innovations with mature, stable solutions, creating a diverse array of offerings that cater to the varied needs of different organizations.
Organizations should start by conducting a thorough assessment of their current attack surface posture and identifying gaps. Engaging with vendors for demos or trials can offer practical insights into how different solutions might fit their specific environment. Prioritizing solutions that align with the organization’s scale, industry, and specific digital asset types is key. Additionally, staying informed about emerging and upcoming features like autonomous penetration testing and integration capabilities can be beneficial for future-proofing investments.
The ASM market is rapidly evolving with an increasing emphasis on AI-driven threat intelligence and autonomous solutions. The integration of broader security solutions with ASM solutions is likely to continue, enhancing efficiency and coverage. Organizations should prepare by investing in scalable, flexible solutions and fostering a culture of continuous learning and adaptation within their IT teams.
To learn about related topics in this space, check out the following GigaOm Radar reports:
- GigaOm Radar for Cloud Security Posture Management
- GigaOm Radar for Continuous Vulnerability Management
- GigaOm Radar for Extended Detection and Response
7. Methodology
*Vendors marked with an asterisk did not participate in our research process for the Radar report, and their capsules and scoring were compiled via desk research.
For more information about our research process for Key Criteria and Radar reports, please visit our Methodology.
8. About Chris Ray
Chris Ray is a veteran of the cyber security domain. He has a collection of experiences ranging from small teams to large financial institutions. Additionally, Chris has worked in healthcare, manufacturing, and tech. More recently, he has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.
9. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
10. Copyright
© Knowingly, Inc. 2024 "GigaOm Radar for Attack Surface Management (ASM)" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.