www.gartner.com
Open in
urlscan Pro
143.204.231.114
Public Scan
Submitted URL: https://go.pentera.io/e3t/Ctc/RG+113/cySQt04/VWzVzY5d6TDNW4b6lgK2-rG14W2H1VMy50G3LVN89-QB73lLBGV1-WJV7CgWLKVnkZts55Q6f...
Effective URL: https://www.gartner.com/doc/reprints?id=1-2DHBCZ7G&ct=230504&st=sb&utm_medium=email&_hsmi=265135855&_hsenc=p2ANqtz--7H4T...
Submission: On July 06 via manual from US — Scanned from DE
Effective URL: https://www.gartner.com/doc/reprints?id=1-2DHBCZ7G&ct=230504&st=sb&utm_medium=email&_hsmi=265135855&_hsenc=p2ANqtz--7H4T...
Submission: On July 06 via manual from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Licensed for Distribution
Licensed for Distribution
This research note is restricted to the personal use of ().
EMERGING TECH: SECURITY — THE FUTURE OF ATTACK SURFACE MANAGEMENT SUPPORTS
EXPOSURE MANAGEMENT
Published 19 April 2023 - ID G00775089 - 24 min read
By Ruggero Contu, Elizabeth Kim, and 1 more
--------------------------------------------------------------------------------
Attack surface management is evolving to support continuous threat exposure
management solutions as many capabilities are being acquired and consolidated.
This research highlights the evolutionary phases, technologies and services that
product leaders must understand to gain a competitive advantage.
OVERVIEW
KEY FINDINGS
* Attack surface management (ASM) evolution is following three main paths:
* Enhancing threat intelligence (TI) capabilities by correlating discovered
exposures with TI
* Combining vulnerability assessment (VA) and external attack surface
management (EASM) to have more targeted and prioritized vulnerability
management capabilities
* Converging EASM and security validation tools that support red team and
blue team (and/or purple team) activities
* New requirements associated with expanding attack surfaces are driving demand
for emerging technologies that identify and help prioritize threat exposures
across internal and external environments.
* Current buyer attitudes and vendor strategies are pushing for product
consolidation across different market segments.
* Market dynamics are putting more pressure on stand-alone vendors to acquire
new capabilities or seek technological partnerships that can enhance and
expand the scope of their solution offerings.
RECOMMENDATIONS
ASM product leaders should:
* Embrace opportunities to include features from adjacent markets in an effort
to align with buyers’ desire to build exposure management (EM) programs and
support solution consolidation trends.
* Cover emerging attack surfaces and support more use cases for an overall
broader ASM strategy by expanding your product and service solution offering
capabilities.
* Implement a broader-scope ASM strategy — one that supports client
requirements for actionable remediation capabilities — by partnering with
managed security service providers (MSSPs) and consulting service providers.
ANALYSIS
OVERVIEW
Demand for a more comprehensive and integrated approach to identifying threats
and exposures will drive the convergence of existing security offerings into a
more closely integrated set of solutions. This will be influenced by the need to
have a view of risks where EASM is acquired to support activities related to TI,
VA, and breach and attack simulation (BAS). ASM is expected to evolve to more
closely support EM programs. EM is a set of processes and capabilities that
allow enterprises to continually and consistently evaluate the accessibility,
exposure and exploitability of an enterprise’s digital and physical assets.
This is driving market consolidation. Vendors from disparate areas (e.g., TI,
digital risk protection services [DRPS], EASM, VA, cyberasset attack surface
management [CAASM], BAS and automated penetration testing) are expanding their
portfolio by adding capabilities through acquisitions, building out natively or
establishing new partnerships. This consolidation is particularly noticeable
because of the involvement of large players, which will drive further the
establishment of platform solutions. A sample list of large players adding ASM
capabilities includes CrowdStrike, Fortinet, IBM, Palo Alto Networks, Qualys,
Rapid7, Recorded Future and Tenable.
A variety of factors are behind this expected market evolution:
* Demand for TI services (with an expected growth of 17.5% in 2023) that
deliver actionable value has been a catalyst for evolution. These services
can act as a single source of technical input, as well as more closely
support security operations and better contrast emerging business risks.
Here, identification of exposures and the correlation of discovered
vulnerabilities to the likelihood of them being exploited by threat actors is
becoming a key capability.
* Digital transformation initiatives have been instrumental in the expansion of
enterprises’ attack surface, which is increasingly exposing them to threat
actors’ activities. Security weaknesses, cloud computing, mobile and remote
workers, and increasingly integrated third-party infrastructures are among
key factors driving the need for better visibility and continuous monitoring
of externally exposed vulnerabilities.
* Increased complexity in security is challenging security practitioners to
decide where to focus their efforts. The volume of threats and the disruption
they cause will drive interest toward security solutions that help identify
and prioritize the most-critical risks and exposures. This can be done
through the utilization of processes and tools that mirror threat actors’
surveillance activities, and then assessing and prioritizing based on the
criticality of such exposures and test resiliency and preparedness.
Today, threat and exposure management is conducted as part of separate
activities and tools:
* ASM, which involves processes and tools (such as EASM) aimed at discovering
enterprise assets and the exposures they may present.
* VA, which is typically carried out to discover and enumerate the risks posed
by known enterprise assets.
* TI-related processes and tools aimed at discovering and making available
knowledge, information and data about cybersecurity threats, campaigns and
threat actors, as well as information and alerts on risks to digital assets
such as domains and credentials.
* Security control validation, which assesses enterprise infrastructure
readiness to contrast cyberattacks with activities such as checking
availability and proper configuration of controls and performing security
control validation. Tools that support some of these activities include BAS
(primarily supporting overall validation and readiness) and CAASM and cloud
security posture management (supporting control validation for internal
systems and cloud environments, respectively).
* Posture management tools aimed at testing security teams’ operational
efficiency through the concept of cybersecurity validation, which combines
EASM, VA, TI and offensive tools.
The market will evolve into a more centralized ASM approach (which eventually
will support EM processes). But it’s currently made up of fairly distinct
solutions that will evolve, in the next five to eight years, across three
distinct phases as illustrated in Figure 1. As a result, the focus and
priorities among product leaders must adapt to meet changing customer demands
from phase to phase. Looking across the ASM evolution spectrum, product leaders
will face many pivotal decisions that are unique to each market phase.
Examples include:
* Redefining product offerings and additional premium services in response to
shifting market boundaries driven by overlapping/shared features and
functionality
* The increasing importance of digital security marketplaces, such as Amazon
Web Services (AWS) Marketplace, Microsoft Azure Marketplace and Google Cloud
Marketplace
* Reviewing role and persona sales strategies as use cases and requirements
will evolve along with phases
This research will provide product leaders detailed analysis of the key phases
associated with emerging technologies and trends for ASM, along with a
discussion of the opportunities presented across this emerging market through
2028.
EVOLUTION SPECTRUM
Looking toward 2028, the ASM technology markets will evolve through three
distinct phases: siloed, advanced and mature ASM (see Figure 1). Each of these
phases will be defined by distinctive influences across technology, market and
product/service characteristics.
At a high level, these phases are:
* Siloed: In this phase, the use of ASM is focused mostly to provide added
visibility of assets through native discovery and some level of
prioritization of the vulnerabilities/issues associated with these assets.
The application of ASM is siloed and more technical in nature.
* Advanced: In this phase, ASM is incorporated into continuous threat and
exposure management programs. There are enterprisewide applications,
benefiting multiple functions (e.g., security operations centers [SOCs],
infrastructure and operations, and governance, risk and compliance [GRC]).
* Mature: In this phase, ASM is more closely integrated to inform cybersecurity
validation. There is also more support for remediation through increased
integrations. However, the applications are still more technical in nature.
Figure 1: Evolution Spectrum for ASM
PHASE 1 (SILOED): STAND-ALONE ASM
This phase of ASM focuses on supporting enterprises in identifying exposures
arising from an expanding attack surface. As pointed out in other Gartner
research (see Emerging Technologies: Top Trends in Security for 2022), this
expanding exposure originates from more varied and exposed corporate
environments across increasingly interconnected on-premises, cloud,
cyber-physical and personally owned assets. This exposure is also extending to
connecting third-party infrastructures coming from supply chain ecosystems and
also from merger and acquisition (M&A) activities.
An increasing number of enterprises are exposing new digital assets and
therefore experiencing new types of threats, much of which is a direct result of
business transformation initiatives enabled by cloud service adoption. These
threats target key digital assets (such as exposed networks, hosts,
applications, APIs, intellectual property and critical systems) by leveraging
discovered exposures that many organizations have little experience or no
expertise in. There are also the more common issues that, for lack of
visibility, have not been detected. Examples include policy/regulatory
noncompliance, misconfigured cloud services, compromised applications, exposed
credentials, spoofed domains, unprotected industrial systems and supply chain
risks.
ASM is currently made up of a set of converging technologies and services aimed
at increasing visibility into digital enterprise assets and the potential risks
they may present. Different roles and security personas, such as CISOs, CROs,
members of legal teams and SOC analysts, are currently benefiting from EASM,
DRPS and CAASM technologies. Digital footprinting, vulnerability management,
brand protection, security compliance, supply chain risk management and risk
reporting are some key use cases supported by ASM.
Technology Characteristics
The different technologies supporting emerging ASM are in the majority of cases
still implemented in isolation, with buyers looking to fulfill very tactical
(and sometimes short-term) needs. But the ASM and adjacent markets have been
gradually converging, with DRPS vendors acquiring EASM capabilities or
developing them natively and with CAASM players seeking the opportunity to
expand into the EASM space. Currently, while these distinct technologies have
common capabilities around asset discovery and risk prioritization, they
maintain a distinct focus around the attack surface they primarily cover:
* DRPS. This technology focuses on discovering digital risks relating to
compromised enterprise assets such as domains, credentials, intellectual
property and credit card details. DRPS solutions monitor the open web, social
media, and deep and dark websites for such exposures, providing alerting and
remediation capabilities, as with take-down services.
* EASM. Providers from this market adopt an attacker’s perspective in
discovering digital assets connected to the internet, enumerating them for
security vulnerabilities and weaknesses and prioritizing their findings based
on TI and other factors such as exploitability and discoverability. These
services typically aim to digitally footprint all internet-discoverable
assets whether on-premises or cloud-hosted, with the aim of assessing risk in
third-party infrastructures, public cloud services and publicly accessible
enterprise services.
* CAASM. Similar to EASM, CAASM helps increase visibility into any enterprise
asset and its interdependencies by aggregating and correlating asset data
with vulnerabilities from various source systems to support adherence to
security compliance and security operations activities, such as patching
prioritization. This technology also can augment configuration management
database (CMDB) technologies and processes through the dynamic population of
assets and attribute assignments. While originally primarily focusing on
internal infrastructures, CAASM is expected to extend its asset inventory and
identify security control gaps in the externally exposed assets. CAASM can
complement an organization’s vulnerability management strategy by enabling
organizations to see all assets (internal and external), primarily through
API integrations, to identify the scope of vulnerabilities (as well as gaps
in security controls).
Market Characteristics
In this phase of ASM, a range of roles and personas drive demand for different
capabilities. CISOs and other security managers are particularly interested in
functionalities that support activities related to vulnerability management,
threat hunting, risk assessment and general security operations (see 3 Ways to
Apply a Risk-Based Approach to Threat Detection, Investigation and Response).
But there are also non-security-related roles behind interest in different
aspects of ASM. Within DRPS, it is not uncommon to encounter legal and marketing
executives involved in the buying process. Within EASM, beside security-related
roles, there may be IT operations personas involved with patch management and
supporting CMDB infrastructure.
The ASM space is composed of many independent private commercial entities, often
with a sharp market focus. However, market consolidation has been reshaping this
space, with a number of large providers acquiring different ASM capabilities. We
estimate that, by 2024, about 50% of the overall ASM market will be owned by
large players with more than $1 billion in revenue.
Recent acquisitions include the following:
* IBM acquired Randori (EASM)
* Google acquired Mandiant (which acquired Intrigue)
* Microsoft acquired RiskIQ
* ReliaQuest acquired Digital Shadows (DRPS)
* Palo Alto Networks acquired Expanse (EASM)
* Recorded Future acquired SecurityTrails (EASM)
* CrowdStrike acquired Reposify (EASM)
* ZeroFox acquired IDX (DRPS)
* Tenable acquired Bit Discovery
Products and Services
ASM providers at this stage of maturity offer a mix of tools and services.
Specialized analyst resources are offered alongside platforms and portals to
carry out dedicated activities, such as take-down services, with DRPS providers
and analysts supporting clients deploying EASM tools with advisory support on
how to remediate.
PHASE 2 (ADVANCED): ASM INTEGRATED INTO A CONTINUOUS THREAT EXPOSURE MANAGEMENT
PROGRAM
While it is important to note that continuous threat exposure management (CTEM)
is not a technology but rather a program that involves processes, people skills
and tools, ASM technologies offer a key support in aiding and automating some
CTEM activities.
CTEM supports a continuous, integrated, actionable security exposure remediation
and posture optimization strategy, with a focus on assessing the most critical
exposures and their mitigation. A CTEM program is a set of processes and
capabilities that allow enterprises to continually and consistently evaluate the
accessibility, exposure and exploitability of an enterprise’s digital and
physical assets (see Implement a Continuous Threat Exposure Management (CTEM)
Program).
CTEM is part of a broader security process and architecture (see Figure 2). It
interplays with cyber-risk management, threat detection response and security
posture optimization.
Figure 2: CTEM Integrations
Technology Characteristics
ASM technologies within this stage support continuous monitoring of exposure and
enable vulnerability prioritization, establishing a close integration to tools
that support remediation and incident response (IR) processes. This is
particularly relevant within a scenario where enterprise IT infrastructure keeps
expanding and interplays with an increased set of external environments. Here,
security teams will need support to achieve a better coordinated approach to
enable asset inventory and vulnerability prioritization across environments that
traditionally have been outside the scope of traditional IT security.
Within this stage, we see ASM capabilities extend further to cover
cyber-physical systems (CPS) that include operational technology (OT), Internet
of Things (IoT) and other connected edge devices/systems. Here, ASM supports
visibility into a more comprehensive set of assets (some owned by the enterprise
and some not) and the exposures they present.
Closer integration of ASM capabilities with IR, VA and TI, as well as automated
pen testing and BAS, will support a more concerted approach toward assessment,
validation/posture management and mitigation efforts.
Market Characteristics
Digital transformation will continue to drive the expansion of enterprises’
attack surfaces over the next five years. ASM is expected to become an integral
part of a CTEM strategy that needs to be implemented to enable organizations to
better counteract the evolution of risks alongside the externalization of
vulnerabilities.
Comprehensive identification of vulnerabilities and risks will not be enough. It
is also fundamental to be able to identify and focus on priorities and implement
continuous monitoring of risks and exposures as they evolve over time. These
risks and exposures relate to an increasingly diverse set of environments, such
as public clouds, industrial systems, connected devices and third-party
infrastructures.
Within this stage, we expect to see ASM capabilities expanding to more closely
support the response stage of a CTEM process. This will be particularly enabled
by the deployment of ASM as part of existing related markets:
* Cyberinsurance. Along with its increasing involvement in the deployment and
supply of security controls, the insurance sector is expected to focus
particularly on ASM capabilities. As enterprises adopt more cyberinsurance
coverage, there will be a growing demand for tools that help assess the level
of risk exposure that organizations might have in relation to the insurance
premium. Cyberinsurance providers will utilize ASM to assess clients but are
also expected to offer ASM capabilities as part of the insurance package or
as an additional premium service.
* CPS. Enterprises will need to update their vulnerability and risk management
strategies because of the new risks and expanding attack surfaces introduced
by digital transformation initiatives. Likewise, ASM tools will need to
expand their capabilities to cover all environments where such exposures
might occur. The perception among an increasing number of industries is that
a significant level of exposure originates from IT/OT/IoT convergence. This
will drive demand for ASM tools to cover CPS environments.
* MSSPs and managed detection and response. ASM capabilities are particularly
suitable for security service providers because they support different stages
of CTEM processes. Most organizations don’t have the maturity or resources to
leverage ASM capabilities, and professional services providers offer a way to
fulfill their security operations needs. Within this trend, we expect to see
rising demand for professional services providers that support CTEM processes
that include converging IT/OT/IoT security requirements. This is particularly
the case as the majority of enterprises, within an increasing set of
industries, are not able to handle the complexity and specialization arising
from the new CPS security requirements. These requirements are characterized
by the need to implement detection and remediation functions with the
involvement of IT and OT personnel to be effective.
Products and Services
Product leaders with an interest in delivering ASM will face a market that has
consolidated into an integrated set of capabilities. In this market, EASM and
DRPS will be delivered as a solution, and CAASM will have expanded features into
EASM and other areas, such as vulnerability prioritization.
The involvement of big players such as IBM, Microsoft and Palo Alto Networks
will facilitate the delivery of EM capabilities as part of broader platforms.
The integration of VA players with EASM capabilities will drive the evolution of
vulnerability management into exposure management. Here, also, EASM and DRPS
features will be increasingly available as part of VA vendors’ platforms.
PHASE 3 (MATURE): ASM INTEGRATED INTO CYBERSECURITY VALIDATION
In this next phase, ASM will evolve to support cybersecurity validation
practices. Cybersecurity validation is a practice of validating how potential
attackers would actually exploit an identified threat exposure, and how
protection systems and processes would react.
The scope of cybersecurity validation includes:
* Security effectiveness: Red team activities to assess how much existing
security controls can block and detect, leveraging attack simulation or
semiautomated penetration testing
* Security consistency: Automated and scheduled audits, such as analysis of
security tool configurations, or repeated attack scenario runs
* IR efficacy: Evaluating the timeliness and effectiveness of response
mechanisms by measuring the time to investigate the tested attack scenarios.
* User readiness: Generally achieved through training, such as user awareness
or tabletop and simulated exercises
ASM will be included as a key feature of cybersecurity validation tools and
services, providing an outside-in view and enabling the simulation of the
initial phases of an attack.
Technology Characteristics
For ASM to support cybersecurity validation practices, it will need to focus on
not only expanded and continuous visibility of the organization’s digital
presence on the public-facing internet but on better context around those
digital assets. The visibility itself is not providing an attacker’s view of the
exposed assets and related vulnerabilities. Instead, context around the
discoverability of the asset, the level of attractiveness of the asset for an
attacker, and the ease of exploitation of the asset provide the necessary
refinement of findings during the reconnaissance. This means testing the asset
beyond just identifying the common vulnerabilities and exposures.
EASM does not attempt anything beyond the discovery and the prioritization of
the exploitable points of entry. So its integration with cybersecurity
validation tools is what will then provide visibility of the end-to-end attack
routes once attackers penetrate the perimeter and how effectively security
controls will detect and respond. EASM will most likely integrate with
cybersecurity validation tools such as BAS, automated penetration testing and
penetration testing as a service (PTaaS) to provide insights relevant to the
reconnaissance phase of the attack kill chain.
BAS platforms are the preferred tools to carry out repeatable and consistent
measurable assessments and refocus the scope of existing penetration testing
engagements. Penetration testing is the testing of a computer system or network
to find exploitable vulnerabilities. The process involves gathering information
about the target before the test, identifying possible entry points, attempting
to break in and reporting back the findings. PTaaS simplifies the administrative
tasks and automates penetration testing tools, augmenting existing penetration
testing and red team capabilities. PTaaS is still primarily delivered as a
managed service rather than a solution one can purchase. It is a more scalable
way to deliver pentesting and is more collaborative between direct consumers,
other business units within the organization and the testers.
Cybersecurity validation tools and ASM can collectively provide organizations
with a realistic view of the full attack surface within their environment. This
enables organizations to test what they can or cannot prevent and detect, as
well as determine how they would respond in the event of an attack.
Market Characteristics
The market will observe the convergence of cybersecurity validation tools such
as BAS and automated penetration testing toward an integrated platform. The
integrated platform approach outputs feasibility scores for various attack
scenarios and/or attack paths, but also weighted scoring, based on detection by
security controls and potential impacts. In addition, this can be performed more
consistently.
While this consolidation is happening, ASM providers (including EASM, CAASM and
DRPS providers) will actively partner or be acquired to offer these
cybersecurity validation platforms. Cybersecurity validation solution providers
may also pursue a strategy of adding ASM capabilities natively. AttackIQ, Bishop
Fox, Cymulate, FireCompass, Google, IBM, Intruder, NetSPI and Pentera are
examples of vendors that have started to incorporate ASM with cybersecurity
validation solutions. This is expected to drive an acceleration of ASM
capabilities with the provision of integrated functionalities.
Products and Services
Cybersecurity validation platforms will embed or integrate with ASM to gather
additional insights and identify vulnerable attack paths. Some of these
solutions will primarily be technology delivery, and others will be
technology-enabled service delivery. And while both delivery models will attract
interest it is likely that, in terms of growth opportunities, the service model
will offer the more significant opportunity. This is because only more
sophisticated security practices will have the personnel and skills to carry out
validation, with the bulk of the market needing service providers to carry out
such functions.
Security service providers delivering penetration testing and red team services
will increasingly leverage cybersecurity validation platforms to deliver
services to their customers. Most penetration testing performed today is
human-driven and conducted annually (making it a point-in-time view). The
introduction of cybersecurity validation platforms, including ASM, will enable
greater scalability for service providers by automating highly repeatable and
predictable aspects of assessment. It will also allow them to allocate more
expertise in delivering services that cannot be replaced by technologies, such
as red team activities.
Additionally, the continuous nature of cybersecurity validation tools will
present new opportunities. An example is a managed service delivery model (as
opposed to a one-off or annual consulting engagements) that provides consistent
and regular benchmarks of attack techniques, security controls and processes.
Other opportunities include expanded applications into risk assessment and
cyberinsurance through integrations with cyber-risk quantification solutions.
Much of the context provided by cybersecurity validation tools can inform the
impact and likelihood of a breach. For more information on cyber-risk
quantification, see Emerging Technologies: Overcome the Hurdles of Cyber-Risk
Quantification Solution Delivery.
MARKET OPPORTUNITIES
ASM will offer revenue growth opportunities across a range of use cases and
stages. The main trend is that market opportunities will evolve from a tactical
and stand-alone specialist purchase to ASM being deployed closely integrated
with broader solution sets. Opportunities will also be made available from the
expanding roles and personas within an organization that will show interest in
ASM features.
Figure 3 rates each ASM segment in terms of market opportunities, ranging from
−4 to +4. The rating is based on the penetration rate within each market as well
as how each segment is expected to perform as it gets integrated into broader
solution sets across the different phases.
Figure 3: Market Opportunity Heat Map for Various Phases of ASM
PHASE 1: SILOED ASM
This stage will present an opportunity to broader platform providers to build a
solution set that integrates EASM, DRPS and CAASM. Stand-alone vendors also have
the opportunity to expand their market by covering additional use cases within
an organization.
Specifically, the acquisition of EASM capabilities offers a significant
opportunity for VA providers. It enables them to support a more comprehensive EM
strategy with the ability to cover internally and externally exposed
vulnerabilities.
Technology and service providers of ASM within this stage have the opportunity
to take advantage of new buying trends in security, where enterprises are
increasingly oriented to purchase multifunction solution sets.
Opportunities within this stage are driven by the realization that traditional
vulnerability and risk management approaches are not enough. That’s because an
increasing level of exposure is emerging from digital transformation initiatives
such as public cloud adoption, convergence with third-party infrastructures as
part of M&A or supply chain integration, and edge shadow IT.
Organizations planning for the emerging ASM stage are prioritizing discovery
functions aimed at improving visibility of enterprise assets and the
vulnerabilities they might present. The validation of controls available within
such assets, as well as identification of other exposures beyond software
vulnerabilities, is also a key area of interest.
Among key value propositions, vendors supporting this stage offer the ability to
obtain comprehensive visibility into internal- and external-facing enterprise
assets. They also offer support in the prioritization of risks and mitigating
approaches to be employed toward risk management.
PHASE 2: ADVANCED ASM
In this phase, vendors have the opportunity to monetize from supporting more
business-centric requirements and from sales expanding to new roles. These
include CROs, and security practitioners tasked with stretching security
coverage to OT/IoT environments as well as professionals involved with GRC
management.
Opportunities for providers supporting this phase will originate from the
requirements to support the different processes and activities involved to
fulfill an EM life cycle. These include the initial discovery phase,
prioritization of vulnerabilities and exposures identified, assessment of the
likelihood for an attacker exploiting the attack surface, and the readiness of
an organization security setup to cope with a potential attack.
Opportunities will also reside in the ability to connect EM to related
activities, such as aligning and prioritizing with key enterprise compliance and
business requirements, through integration with cyber-risk management tools.
This will improve threat management and response capabilities based on a better
understanding of type of exposure and related risks faced and ultimately the
ability to review assessment and validate processes to improve overall security
posture and policies. However, while the different ASM vendors and tools are
expected to converge over time, the different processes involved as part of the
different CTEM cycles are unlikely to be supported by a single platform over the
coming years.
Vendors supporting the advanced ASM stage have the opportunity to expand digital
footprinting and EM capabilities to cover the increasing risks coming from
digital transformation investments such as those related to IT/OT convergence
and industrial IoT (IIoT)/IoT initiatives. This is particularly valuable for a
growing set of industries that are adjusting their cybersecurity strategy to
cover exposures arising from a new set of CPS exposures. Within this stage, we
expect to see EASM and CAASM providers expanding capabilities to support
discovery, vulnerability/risk prioritization and posture management across the
IT-CPS divide.
The need for remediation capabilities is a significant driver for professional
services providers to integrate ASM tools and support clients with risk
mitigation and risk management and response services. This will become a
significant opportunity as most organizations don’t have the skills and
resources to implement a comprehensive threat and exposure management program.
PHASE 3: MATURE ASM
This phase provides opportunities for security control validation providers to
expand their assessment basis, creating efficiencies in their technical
delivery. It also provides an avenue for consolidation for the security leader
leveraging vulnerability prioritization as its go-to-market justification.
Expanding ASM features into the security validation space will enable the
validating product/service to scope its assessments to the most critical or
probable attacker entry points, providing a better outcome for end users. In
essence, it would create the starting point or dynamically seeding attack
simulations based on actual organizational risk. This in turn could assist in
reducing the effort required to identify what assets to test and where to start,
ultimately saving time and inherently elevating the priority of the output on
the basis of risk.
Opportunities also exist in consolidating investments for the end user. Buyers
leveraging vulnerability prioritization as their go-to-market justification can
look to validation providers that also offer ASM features or capabilities as an
opportunity to decrease time to value under a single contract vehicle. This will
simplify the procurement process and have the added operational benefit of
preestablished integrations/enrichments.
This stage presents opportunities to providers of cybersecurity validation, such
as BAS, PTaaS and automated penetration testing, to integrate or feature EASM
capabilities.
RECOMMENDATIONS FOR PRODUCT LEADERS
PHASE 1: SILOED ASM
* Plan for a relatively fast market consolidation by developing or acquiring
capabilities across the convergence of EASM, DRPS and/or CAASM.
PHASE 2: ADVANCED ASM
* Support different processes involved in an EM strategy by reviewing your
product portfolio strategy with a view aligned to specific stages of CTEM
and, in particular, improve remediation capabilities.
* Better support organizations that aim to mature their overall approach toward
comprehensive EM strategies by improving your technology integrations and
partnership ecosystem strategy.
PHASE 3: MATURE ASM
* Improve your chances of success by identifying the different personas and
teams that can benefit from Phase 3 ASM capabilities. This will range from
penetration testers to members of red/blue teams and SOC personnel.
IS THIS CONTENT HELPFUL TO YOU?
YesNo
© 2023 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a
registered trademark of Gartner, Inc. and its affiliates. This publication may
not be reproduced or distributed in any form without Gartner's prior written
permission. It consists of the opinions of Gartner's research organization,
which should not be construed as statements of fact. While the information
contained in this publication has been obtained from sources believed to be
reliable, Gartner disclaims all warranties as to the accuracy, completeness or
adequacy of such information. Although Gartner research may address legal and
financial issues, Gartner does not provide legal or investment advice and its
research should not be construed or used as such. Your access and use of this
publication are governed by Gartner’s Usage Policy. Gartner prides itself on its
reputation for independence and objectivity. Its research is produced
independently by its research organization without input or influence from any
third party. For further information, see "Guiding Principles on Independence
and Objectivity." Gartner research may not be used as input into or for the
training or development of generative artificial intelligence, machine learning,
algorithms, software, or related technologies.
* About
* Careers
* Newsroom
* Policies
* Site Index
* IT Glossary
* Gartner Blog Network
* Contact
* Send Feedback
© 2023 Gartner, Inc. and/or its Affiliates. All Rights Reserved.
SWITCHING TO SIMPLIFIED SITE
Your browser version is not supported by Gartner.com. Switching to the
simplified version of the site some features will no longer be available to you,
but overall experience will be improved.
Your browser version is currently supported by Gartner.com. If you change to the
simplified version of the site, some features will no longer be available to
you.
YOUR PRIVACY IS IMPORTANT TO US
By clicking “Accept all,” you agree to the storing of cookies on your device to
enhance site navigation, analyze site usage and assist in our marketing efforts.
To learn more, visit our Privacy Policy and Cookie Notice.
Customize Accept all