Virtualization Technology News and Information
Team Cymru Releases State of Attack Surface Management Report

Team Cymru has released the findings from their "State of Attack Surface Management" report. 

According to Frost & Sullivan, attack surface management (ASM) solutions sit loosely in the vulnerability management market, which is expected to become a $2.51 billion market by 2025 as organizations look for scalable solutions to secure their environments. However, too often with existing ASM platforms, security teams are drowning in a flood of ineffective tools that only provide internal visibility or limited views of owned assets. As a result, they struggle to discover, classify, prioritize, and manage external assets, which leaves them vulnerable to attack, and defending their organization proactively is a significant challenge.

To highlight such obstacles that security professionals are facing with their existing ASM solutions, Team Cymru surveyed 440 security practitioners in the U.S. and Europe. The findings aim to help senior security leaders better understand what needs to change for ASM to evolve and truly add value across the organization.

"This report offers cyber risk stakeholders a basis for making the changes necessary to improve their ASM program," said Rabbi Rob Thomas, CEO of Team Cymru. "For years, ASM has been a basic tool to discover hidden assets, and inventory them. This report demonstrates that this is no longer sufficient when faced with the growing risk of breach from external vulnerabilities, especially those posed by third parties." 

Focusing on legacy ASM platforms, the report found: 

  • 21.1% felt they overpaid for their current ASM solution. Of the 48.5% that plan to stop working with their ASM vendor in the next 12 months, 21% cite the cost of operation and maintenance as the reason.
  • 23.4% say the identification of rogue or unclassified events is the most valuable capability that ASM has provided their organization.
  • 16.3% say that moving more data and assets to the cloud is the primary reason their attack surface is expanding. 
  • 21.5% indicate the training needed for analysts to use the platform is their primary challenge with their current ASM platform.
  • Of those involved in deploying their current ASM solution, 23.2% said it took 6 to 9 months to get them up and running. For 18.5%, it took over a year. 
  • 29.7% said their top concerns were about the security aspects of data integration and how much access their current ASM platform had across the enterprise. 

"Lack of integration, automation, and slow deployment of ASM tools costs organizations millions," said Brad LaPorte, former Gartner Analyst and creator of the ASM category. "Each hour that passes after an initial attack allows threat actors to extract more valuable data. Security teams of the future should not give up on ASM tools, but rather unify all ASM capabilities into a single solution. This would allow them to act faster, eliminating the need to transfer information from various platforms, and see the value in ASM capabilities that the market is lacking right now." 

Team Cymru's Pure Signal Orbit was purpose-built to enable rapid deployment and identification of not only an organization's attack surface but also critical vulnerabilities.

To download a full copy of the report, please visit:

Published Tuesday, May 31, 2022 3:36 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2022>