{"id":293,"date":"2021-08-23T00:06:00","date_gmt":"2021-08-23T00:06:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=293"},"modified":"2024-01-22T08:59:16","modified_gmt":"2024-01-22T16:59:16","slug":"the-state-of-enterprise-attack-surface-management","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/","title":{"rendered":"The State of External Attack Surface Management (EASM)"},"content":{"rendered":"\n<p>When&nbsp;<a href=\"\/company\/leadership.php\">Dima<\/a>&nbsp;and I co-founded CyCognito four years ago, our goal was simple: change the attacker\/defender dynamic by proactively giving security teams insight about&nbsp;<a href=\"\/learn\/attack-surface-management.php\">their attack surface<\/a>&nbsp;and guidance about what they had to do to prevent breaches.<\/p>\n\n\n\n<p>It was at a time when the concept now known as \u201c<a href=\"\/external-attack-surface-management\/\">External Attack Surface Management<\/a>\u201d didn\u2019t even have a name. Enterprises still had to defend themselves and, in most cases, they focused on putting more locks&#8211;newer, shinier locks&#8211;on their known assets.<\/p>\n\n\n\n<p>But with the connectedness of everything, the move to the cloud, and continued&nbsp;<a href=\"https:\/\/www.theverge.com\/2021\/7\/14\/22577471\/microsoft-solarwinds-hack-zero-day-serv-u\">breach<\/a>&nbsp;after&nbsp;<a href=\"https:\/\/www.reuters.com\/technology\/hackers-demand-70-million-liberate-data-held-by-companies-hit-mass-cyberattack-2021-07-05\/\">breach<\/a>&nbsp;after&nbsp;<a href=\"https:\/\/www.forbes.com\/sites\/jimmagill\/2021\/07\/25\/us-water-supply-system-being-targeted-by-cybercriminals\/?sh=1310f08628e7\">breach<\/a>, those tactics have been proven to&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/update-immediately-microsoft-rushes-out-patches-for-exchange-server-zero-day-attacks\/\">simply not work<\/a>. Organizations continued to get compromised because of unknown, unmanaged assets.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Changing the game &#8211; moving from defense to offense<\/h2>\n\n\n\n<p>Our initial concept was to provide organizations with insights about how they looked to attackers, and to do so with the same skill and rigor that we used as former cyber intelligence soldiers ourselves.&nbsp;<\/p>\n\n\n\n<p>A key part of our doctrine was that most organizations&nbsp;<em>don\u2019t&nbsp;<\/em>know their attack surface. And because of this, all solutions that&nbsp;<em>rely<\/em>&nbsp;on their knowledge of what\u2019s theirs&nbsp;<em>will fail at preventing breaches.<\/em><\/p>\n\n\n\n<p>So we taught our customers how attackers think. How they look for the path of least resistance on their target\u2019s attack surface. How they get creative with their strategies and tactics. How relatively easy it is to find likely abandoned but still alive and connected assets to use as beachheads into an organization.<\/p>\n\n\n\n<p>We wanted our customers to understand the kind of reconnaissance that attackers did on their targets, and then to&nbsp;<em>do<\/em>&nbsp;that reconnaissance for them.<\/p>\n\n\n\n<p>And we did. And from this idea, we\u2019ve seen this market grow into something truly impactful. External Attack Surface Management is now a recognized category by Gartner (and it even has its own acronym \u2013 EASM) and its core technologies are something that enterprise security teams everywhere are familiar with.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">To understand where we\u2019re going, we need to<br>remember where we\u2019ve been<\/h2>\n\n\n\n<p>The concept of scanning networks for connected devices has been around since the late \u201890s with the creation of&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Nmap\">Nmap<\/a>. Since it was free, a few commercial products were launched based on this technology, and some of these tools are still in existence today.<\/p>\n\n\n\n<p>Ten years ago, new advancements made this scanning much faster and more efficient. This meant that the concept could now be applied to the entire internet. New software companies began collecting this internet-wide data and allowing organizations to query for things that were alive and exposed behind known IPs that were assigned to them. This was the next iteration of attack surface tools focused on inventory and visibility.<\/p>\n\n\n\n<p>And while inventory and visibility is a critical first step in the prevention of breaches, it\u2019s not enough. What does a security operations team (and IT team, red team, and vuln management team) need to do in order to take their knowledge of their attack surface and actually protect it?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CyCognito has built the only platform to answer that question.<\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Hear from Rob Gurzeev, CEO thoughts regarding EASM and why machine learning &#038; cybersecurity protection capabilities have passed manual, human-led efforts.<\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,9,18,17],"class_list":["post-293","post","type-post","status-publish","format-standard","hentry","category-company","tag-attack-surface-management","tag-cybersecurity","tag-easm","tag-external-attack-surface-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The State of External Attack Surface Management (EASM) | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The State of External Attack Surface Management (EASM) | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Hear from Rob Gurzeev, CEO thoughts regarding EASM and why machine learning &amp; cybersecurity protection capabilities have passed manual, human-led efforts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-23T00:06:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-22T16:59:16+00:00\" \/>\n<meta name=\"author\" content=\"Rob Gurzeev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rob Gurzeev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\"},\"author\":{\"name\":\"Rob Gurzeev\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679\"},\"headline\":\"The State of External Attack Surface Management (EASM)\",\"datePublished\":\"2021-08-23T00:06:00+00:00\",\"dateModified\":\"2024-01-22T16:59:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\"},\"wordCount\":540,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Attack Surface Management\",\"Cybersecurity\",\"EASM\",\"External Attack Surface Management\"],\"articleSection\":[\"Company\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\",\"name\":\"The State of External Attack Surface Management (EASM) | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2021-08-23T00:06:00+00:00\",\"dateModified\":\"2024-01-22T16:59:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The State of External Attack Surface Management (EASM)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679\",\"name\":\"Rob Gurzeev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g\",\"caption\":\"Rob Gurzeev\"},\"description\":\"CEO &amp; Co-Founder\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/rob-gurzeev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The State of External Attack Surface Management (EASM) | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/","og_locale":"en_US","og_type":"article","og_title":"The State of External Attack Surface Management (EASM) | CyCognito Blog","og_description":"Hear from Rob Gurzeev, CEO thoughts regarding EASM and why machine learning & cybersecurity protection capabilities have passed manual, human-led efforts.","og_url":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/","og_site_name":"CyCognito Blog","article_published_time":"2021-08-23T00:06:00+00:00","article_modified_time":"2024-01-22T16:59:16+00:00","author":"Rob Gurzeev","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rob Gurzeev","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/"},"author":{"name":"Rob Gurzeev","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679"},"headline":"The State of External Attack Surface Management (EASM)","datePublished":"2021-08-23T00:06:00+00:00","dateModified":"2024-01-22T16:59:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/"},"wordCount":540,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Attack Surface Management","Cybersecurity","EASM","External Attack Surface Management"],"articleSection":["Company"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/","url":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/","name":"The State of External Attack Surface Management (EASM) | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2021-08-23T00:06:00+00:00","dateModified":"2024-01-22T16:59:16+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/the-state-of-enterprise-attack-surface-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The State of External Attack Surface Management (EASM)"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/d5cdeba13fde783ae5ebf80d0765b679","name":"Rob Gurzeev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/188f9b5d63c82a731809f453b8cc26f8?s=96&d=mm&r=g","caption":"Rob Gurzeev"},"description":"CEO &amp; Co-Founder","url":"https:\/\/www.cycognito.com\/blog\/author\/rob-gurzeev\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=293"}],"version-history":[{"count":3,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/293\/revisions"}],"predecessor-version":[{"id":687,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/293\/revisions\/687"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}