Potential Attack Surface Management buyers need to understand how various network and other infrastructure changes happen and how they can neutralize them.

Periodic scans of the network are no longer sufficient for maintaining a hardened attack surface. Continuous monitoring for new assets and configuration drift are critical to ensure the security of corporate resources and customer data.

New assets need to be identified and incorporated into the monitoring solution as these could potentially be part of a brand attack or shadow IT. Configuration drift could be benign and part of a design change, but also has the potential to be the result of human error or the early stages of an attack. Identifying these changes early allows for the cybersecurity team to react appropriately and mitigate any further damage.

I review 12 different ASM tools and also provide some questions to ask your team and the vendors about their ASM offerings in this updated article for CSOonline.