“Only 17% of organizations can clearly identify and inventory a majority (95% or more) of their assets.” - Gartner
Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management (TVM), you have asked your IT department for an assessment of the asset inventory in your organization.
You make the same request to your security team. Both teams give you a different number of assets, with a significant disparity: IT reports 10,000 assets, compared to 8,200 from your colleagues in security.
When you look up your Configuration Management Database (CMDB_ application, you quickly discover that it has not been updated for months and does not accurately represent of your attack surface either.
How do you measure your risk exposure when three sources of information are not in agreement? Your highly-skilled colleagues are now back to using spreadsheets to document your assets—a very manual and time-consuming process that is not a productive use of their time.
Attack Surface Management (ASM)
ASM covers both internal and external assets—the physical and digital assets that an organization needs to have visibility into in order to understand its security posture. By establishing visibility of the attack surface and implementing management processes to prioritize, validate, and mobilize responses, security teams can reduce exposures exploited by malicious threat actors.
“Asset inventory is a common and well-known problem for organizations.”
Manage the Gap in Asset Inventory with Surface Command
We began this blog with a real-life and anonymized example for a customer and the disparity in their asset count between IT and Security teams. Surface Command addresses this operational ..
Support the originator by clicking the read the rest link below.
