Skip to main content
Press Release

New Emerging Technology: External Attack Service Management

June 2, 2021

External Attack Surface Management Recognized as An Emerging Technology by Gartner; CyCognito Among List of Vendors Offering this Technology

External attack surface management helps identify previously unknown or forgotten internet-facing assets and the risks they present

Palo Alto, Calif. — CyCognito, the leader in external attack surface management and protection, announced it has been recognized by Gartner as a vendor offering the emerging technology External Attack Surface Management (EASM). EASM, a new technology market identified by Gartner, is “an emerging product set that supports organizations in identifying risks coming from internet-facing assets and systems that they may be unaware of.”1

Attackers look for the path of least resistance to breach organizations and those easy paths often involve accessing an organization’s data, applications, and networks, whether they are on-premises or in cloud, subsidiary, third-party, or partner environments. Recent supply chain and ransomware attacks are evidence of this. To stay ahead, organizations must think like an attacker and consider the entire attack surface. Therefore, the best way for an organization to protect itself, is to see, understand and manage all the ways an attacker might gain access.

In late 2020, CyCognito and ESG surveyed security professionals who reported that, when defining their attack surface:

  • 47 percent don’t think to include SaaS applications.
  • 45 percent don’t think to include workloads running in the public cloud.
  • 45 percent don’t think to include third parties.

Attackers have proven over and over that their way works. They surveil and test attack surfaces nearly continuously until they find a path that provides little resistance. Preventing breaches requires that organizations do the same. They must perform reconnaissance across their entire IT ecosystem, using an external attack surface point of view, and thoroughly test all exposed assets using an sophisticated array of security testing techniques.