Skip to content

Gartner Hype Cycle For External Attack Surface Management

Gartner HypeCycle Graph for Endpoint Security

Does your organization have clear visibility to external-facing assets?

Digital transformation initiatives have increased the complexity and diversity of an organization’s attack surface, making it more challenging to identify and mitigate potential security vulnerabilities. Increased use of cloud services, IoT adoption, Remote Work, Third Party Software and services are some of the key changes exposing enterprise assets to external threats.

FireCompass Named A Sample Vendor In Gartner® Hype Cycle for Security Operations, 2022

External Attack Surface Management

External Attack Surface Management Platform (EASM) helps identify exposed known and unknown assets. It also helps prioritize discovered vulnerabilities and risks and provides information about systems, cloud services and applications available and visible in the public domain to an attacker/adversary. It provides valuable risk context and actionable information to SRM leaders:

  • Continuous Discovery of external-facing unknown assets and systems
  • Continuous Vulnerability Identification
  • Continuous Monitoring for exposed assets (cloud services, IPs, domains, certificates etc.)

Top 3 reasons, according to Gartner that is driving EASM adoption:

  • Digital business initiatives such as cloud adoption, remote working and IT/OT/IoT convergence
  • Interest in understanding what organizations expose from an attacker’s point of view
  • EASM’s accelerated adoption, with capabilities available as part of a broader solution set

Top 3 Gartner recommendations to consider while selecting an EASM Platform:

  • Breadth of coverage (discovery)
  • Accuracy (attribution)
  • Automation

How can security and risk management leaders get the most benefits from EASM solutions:

  • Align security programs to address the threats posed by new technologies and business initiatives by investing in a better understanding of the continuous expansion of their organization’s attack surface. 
  • Create attack surface management (ASM) processes to implement technologies and prioritize risks. Initial efforts should focus on the need for, and deficiencies in, attack surface visibility. 
  • Match tools and services that provide attack surface assessment (ASA) capabilities to the most important attack surface use cases.