{"id":306,"date":"2021-05-18T00:15:00","date_gmt":"2021-05-18T00:15:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=306"},"modified":"2024-01-22T08:43:40","modified_gmt":"2024-01-22T16:43:40","slug":"how-to-manage-your-attack-surface","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/","title":{"rendered":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Why finding and securing your attack surface is a problem&nbsp;<\/h2>\n\n\n\n<p>Here\u2019s the situation. If you manage a security team focused on security testing, you\u2019re tasked with keeping the organization secure and preventing breaches, but your budget only stretches so far. You know that there are a number of things standing between you and your goal:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The growing attack surface and shadow IT<\/li>\n\n\n\n<li>The challenges presented by remote or hybrid work environments<\/li>\n\n\n\n<li>The assets and risks you don\u2019t even know about<\/li>\n<\/ul>\n\n\n\n<p>A daunting challenge by any measure. So where do you start? The first step is to get a handle on your attack surface. Your entire attack surface. I say \u201centire\u201d because it\u2019s bigger than you know. It\u2019s more than just your live IP addresses. It encompasses all of your attacker-exposed IT assets, whether you know about them already or not, wherever they are: on-premises, in the cloud, in third-party or partner environments, or in the networks of your subsidiaries.&nbsp;<\/p>\n\n\n\n<p>For example, Figure 1 shows our actual results from a recent attack surface reconnaissance where our customer estimated they had 10,000 IP addresses but CyCognito found 13,936 IP addresses which means at least 39% were unknown. Our platform goes beyond IP addresses and classifies assets into web applications, domains and certificates, and when these are counted the platform found 21,115 total assets in this particular attack surface, including 7,179 other assets that were not estimated by the customer at all:&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Actual Assets in Attack Surface (Initial Estimate of 10K IPS)<\/h5>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>IP ADDRESSES<\/td><td>WEB APPS<\/td><td>DOMAINS<\/td><td>CERTIFICATES<\/td><\/tr><tr><td>13,936<\/td><td>1,267<\/td><td>3,378<\/td><td>2,534<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Figure 1. An attack surface discovery by the CyCognito platform shows a total of 21,115 assets.<br><\/p>\n\n\n\n<p>But how can you possibly get a handle on your attack surface when you have teams spinning up microservices they don\u2019t tell you about, mergers and acquisitions and failed devops projects happening on the regular, and fewer employees operating within the secure corporate environment of the office than ever before? Answer: an\u00a0<a href=\"\/external-attack-surface-management\/\">external attack surface management solution<\/a>\u00a0(EASM). Because with the scope and the constantly changing nature of your attack surface, you can\u2019t possibly protect it manually and, if you try, your budget will need to be\u2026 prohibitively large.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The eternal question: build vs buy?<\/strong><\/h2>\n\n\n\n<p>You could attack this problem by building a solution in-house (and some large companies have tried), but EASM isn\u2019t exactly a core competency any enterprise wishes to invest in because it will be costly and difficult to design, develop, maintain and operate, especially when independent software vendors can use cloud services to provide a better, more cost effective solution. To simplify the build vs. buy question, I sometimes draw a parallel to how I engage with my lawn. And, if you happen to be an American, you\u2019ll be able to relate to this because, like&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20190401005679\/en\/New-Research-Confirms-Americans-Still-Value-Lawns-and-Green-Spaces\">79% of Americans<\/a>&nbsp;I value my lawn. Nowadays I don\u2019t own a lawnmower because I am fortunate enough to have someone else who mows and trims my lawn for me (as do&nbsp;<a href=\"https:\/\/landscape-business.com\/national-survey-finds-40-percent-of-americans-with-a-yard-hired-professionals-for-lawn-or-landscape-work-in-the-last-year\/\">40% of Americans who have lawns<\/a>). While I could buy a lawn mower and trimmer, and spend the sweaty hours maintaining my lawn myself, I would never do it as well or as often as I would want. And I would lose the opportunity to spend my time on things where my skills are better put to use, like grilling, writing blogs or playing with my kids. And while I give up money by purchasing the lawn mowing service, I know it\u2019s done well, I get to benefit from the results, and I don\u2019t have to do that drudgery.<\/p>\n\n\n\n<p>Very much like that, your cybersecurity team doesn\u2019t want to do the error prone work of manually combing through public data like news stories, company websites, and SEC filings, or scanning IP ranges, banners and DNS records looking for assets in your attack surface. You don\u2019t want your highly skilled team spending their time sifting through passive DNS data or old financial records to find that&nbsp;forgotten-about subsidiary or branch office&nbsp;in Singapore with access into your corporate network that\u2019s still using an Accellion FTA. To continuously find all of the assets from all of your owned and related entities would almost certainly require a much larger team than you can justify, and they\u2019d need much more time than you have (and I didn\u2019t even address storing and curating the data you\u2019d collect). More so, is that really where you want your security team spending their time?&nbsp;<\/p>\n\n\n\n<p>It\u2019s time to consider the Iron Triangle (see Figure 2) of project management. When building your own solution in-house you can\u2019t have coverage, cadence, and low (or even reasonable) cost. Realistically, only two are possible at any one time with legacy or homegrown solutions. And if you consider what\u2019s most likely to happen, it\u2019s that your budget will rule the day, and you\u2019re going to end up with whatever coverage and investigation cadence you can shoehorn into your existing budget. So going the do-it-yourself route, you need to make some tough decisions. Do you sacrifice coverage (i.e., how much of your attack surface do you get to know and protect), cadence (i.e., how often do you monitor) or money?&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"659\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\" alt=\"\" class=\"wp-image-307\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png 800w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle-512x422.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle-768x633.png 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n<p>Figure 2. The Iron Triangle is a project management model that illustrates that the quality of a project\u2019s work is constrained by its coverage (scope), cadence (schedule) and cost.<br><\/p>\n\n\n\n<p>Fortunately, you don\u2019t have to sacrifice coverage and cadence, and your security, to stay on budget. CyCognito was founded to answer the fundamental question of &#8220;where are valuable assets exposed and presenting a path of least resistance to attackers?&#8221; CyCognito recognizes that solving this problem requires complete visibility, context, and security assessment of the whole attack surface. Built by ex-intelligence agency reconnaissance experts, CyCognito is the only company to do this.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CyCognito delivers coverage and cadence more cost-effectively than what you&#8217;re doing&nbsp;<\/h2>\n\n\n\n<p>So, what exactly do I think you\u2019re doing today to manage your attack surface that allows me to make that claim? I\u2019m sure that attaining even a small portion of the visibility you have now requires many tools and hours of work per week, many weeks per year and, at some large organizations, several people working at it full time. See Figure 3 for a list of the many types of tools organizations used today to do attack surface management.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"307\" src=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-1280x307.png\" alt=\"\" class=\"wp-image-308\" srcset=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-1280x307.png 1280w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-512x123.png 512w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-768x184.png 768w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-1536x368.png 1536w, https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/Blog-TOC-2048x491.png 2048w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/figure><\/div>\n\n\n<p>Figure 3. Common tools and workflow used to provide attack surface visibility.<\/p>\n\n\n\n<p>To see and protect all of your attacker-exposed assets with a set of tools like this (and the implied manual process that go with it), would cost a ton.&nbsp;<\/p>\n\n\n\n<p>We\u2019ve created a solution that goes far beyond legacy&nbsp;<a href=\"\/learn\/attack-surface-management.php\">attack surface management approaches<\/a>&nbsp;and manual processes to provide more comprehensive, continuous, and cost-effective coverage than you can get anywhere else, including manual or in-house efforts. CyCognito delivers visibility and protection across your entire internet-exposed attack surface by combining three key areas:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Asset Discovery with classification and attribution<\/li>\n\n\n\n<li>Automatic risk detection via evidence-based security testing<\/li>\n\n\n\n<li>Contextual prioritization, fix validation and security posture improvement analytics<\/li>\n<\/ul>\n\n\n\n<p>Rather than ask you to do part or all of it yourself with a host of disparate tools and tedious manual labor, CyCognito offers one solution that does it all. Our attack surface protection solution continuously discovers all attacker-exposed assets; identifies and prioritizes risks across the entire IT ecosystem, even on those assets your team doesn\u2019t yet know about (or forgot); offers remediation guidance and validation; and does this at a lower cost.&nbsp;<\/p>\n\n\n\n<p>We\u2019ve done thousands of hours of research to determine what it takes to manage attack surface management workflows with existing tools and processes, and I\u2019ll expand upon that in an upcoming blog post. Based on that research, we created a total cost of ownership calculator that shows exactly how CyCognito compares to the tools depicted in the diagram above, and if you&#8217;re interested in seeing a comparison, I think you\u2019ll be astounded by the value CyCognito can offer!&nbsp;<\/p>\n\n\n\n<p>Until that next post,&nbsp;<a href=\"https:\/\/meetings.hubspot.com\/lorraine24\/cycognito-discussion\" target=\"_blank\" rel=\"noreferrer noopener\">schedule some time<\/a>&nbsp;and we can walk through the TCO calculator if you\u2019re intrigued.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When building your own cybersecurity solution in-house you can\u2019t have coverage, cadence, and low cost. But where do you start?<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,18,17],"class_list":["post-306","post","type-post","status-publish","format-standard","hentry","category-product","tag-attack-surface-management","tag-easm","tag-external-attack-surface-management"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"When building your own cybersecurity solution in-house you can\u2019t have coverage, cadence, and low cost. But where do you start?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-18T00:15:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-22T16:43:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\" \/>\n<meta name=\"author\" content=\"Jim Wachhaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jim Wachhaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\"},\"author\":{\"name\":\"Jim Wachhaus\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0\"},\"headline\":\"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question\",\"datePublished\":\"2021-05-18T00:15:00+00:00\",\"dateModified\":\"2024-01-22T16:43:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\"},\"wordCount\":1385,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\",\"keywords\":[\"Attack Surface Management\",\"EASM\",\"External Attack Surface Management\"],\"articleSection\":[\"Product\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\",\"name\":\"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\",\"datePublished\":\"2021-05-18T00:15:00+00:00\",\"dateModified\":\"2024-01-22T16:43:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png\",\"width\":800,\"height\":659},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0\",\"name\":\"Jim Wachhaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g\",\"caption\":\"Jim Wachhaus\"},\"description\":\"Was Director of Technical Product Marketing at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/jim-wachhaus\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/","og_locale":"en_US","og_type":"article","og_title":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog","og_description":"When building your own cybersecurity solution in-house you can\u2019t have coverage, cadence, and low cost. But where do you start?","og_url":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/","og_site_name":"CyCognito Blog","article_published_time":"2021-05-18T00:15:00+00:00","article_modified_time":"2024-01-22T16:43:40+00:00","og_image":[{"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png","type":"","width":"","height":""}],"author":"Jim Wachhaus","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jim Wachhaus","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/"},"author":{"name":"Jim Wachhaus","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0"},"headline":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question","datePublished":"2021-05-18T00:15:00+00:00","dateModified":"2024-01-22T16:43:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/"},"wordCount":1385,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png","keywords":["Attack Surface Management","EASM","External Attack Surface Management"],"articleSection":["Product"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/","url":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/","name":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png","datePublished":"2021-05-18T00:15:00+00:00","dateModified":"2024-01-22T16:43:40+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/quality-triangle.png","width":800,"height":659},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/how-to-manage-your-attack-surface\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Answering the Attack Surface Management \u201cBuild vs Buy\u201d Question"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0","name":"Jim Wachhaus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g","caption":"Jim Wachhaus"},"description":"Was Director of Technical Product Marketing at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/jim-wachhaus\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=306"}],"version-history":[{"count":7,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/306\/revisions"}],"predecessor-version":[{"id":669,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/306\/revisions\/669"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}