A Primer on Attack Surface Management Capabilities

By CyCognito Marketing Team | March 31, 2020

There are as many ways to describe your attack surface as there are vendors who claim to help discover or protect it. Each commercial solution provides varying capabilities tailored to some of the risks they address.

We put together a guide on some of the key capabilities that we have found – through customer feedback as well as RFPs and RFIs – that are most important when thinking about ways to actually protect your data and that of your customers from attackers that are looking for ways into your organization.
While some vendors factor in non-network-connected attack paths when considering your attack surface (things like social media accounts and fake mobile apps), the critical things that your security team need to protect are those systems and attack vectors that directly link your networked systems to the internet.

This guide covers the following topics:


You need an automated platform that can act as a “true north” inventory of all internet-connected and internet-exposed assets. Self-reporting and spreadsheets are inefficient and ineffective at helping operations teams manage what’s yours, or security teams reduce your exposure to risk


You need to be able to continuously monitor for both new assets and changes to existing assets. A one-time report or snapshot is obsolete the day after it’s created. Given the pace of digital transformation and IaaS/PaaS implementations, you can’t rely on individuals or teams to report when things change.


You need to understand what business unit or team is responsible for the assets that are exposed. Identifying ownership is a key challenge for teams who are trying to resolve issues and report on security posture and effectiveness. By automating the process of attribution, you can speed up time to identify issues and direct remediation.


You need quick access to remediation guidance to protect, update, or secure assets, or shield them from being accessed via the internet. Modern security teams are already inundated with security alerts and incidents. With guidance for remediating problems, you can be confident that any analyst or engineer who picks up an alert can act on it, solve the issue, and reduce risk.


You need to see how assets, business units, and departments contribute to the overall risk of your organization, both historically and presently. Security posture performance of different parts of your organization over time is a key metric to measure your security effectiveness. Being able to see how your teams are reducing or impacting risk across the organization should be as simple as seeing improving grades.

About CyCognito Marketing Team

CyCognito Marketing Team: Raphael Reich, VP of Marketing, Jim Wachhaus, Director of Technical Product Marketing, Lisa Bilawski, Director of Content Marketing, Sam Curcuruto, Senior Director of Product Marketing, Mayura Garg, Director of Integrated Marketing, Simon Spencer, Director of GTM Operations, Laura Givens, Director of Marketing Events, and Michelle Helling, Senior Director of Channel Marketing.


Start Eliminating Your Shadow Risk

Demo Request