security testing and attack surface monitoring work hand in hand to validate an organization’s security controls and help mitigate cyber-risk.

ESG Research Report

Learn why security testing and attack surface monitoring work hand in hand.

CyCognito, in partnership with the Enterprise Strategy Group (ESG), completed a research survey of 200 cybersecurity and IT professionals who are directly involved with their organization’s cybersecurity strategies, controls, and operations.

The survey results and analysis lead CyCognito and ESG to conclude that, while security professionals recognize the
importance of attack surface protection, the operational practices and tools organizations use in this area aren’t up to the challenge. This report presents more specific data in support of these conclusions, and actionable recommendations for attack surface protection processes and technologies.

The vast majority of security professionals (98%) report that attack surface monitoring is a Top 10 Security priority for their organization. But, they also report that they don't look at their full attack surface or adequately test what they do see.

What's the right approach? Organizations should be continuously monitoring and testing their attack surface, and focusing their Security and IT operations teams with prioritized results.

Why is attack surface monitoring so critical? To paraphrase an old business adage, “You can’t manage what you can’t measure.”

Attack surface monitoring helps organizations discover and monitor all the assets connected to their networks regardless of their location—in the DMZ, in public clouds, on third-party networks, etc.

By discovering and monitoring these assets, security professionals can then find the “path of least resistance” and vulnerabilities that hackers may use as a doorway to penetrate corporate networks and commence a cyber-attack. Armed with this intelligence, security teams can develop countermeasures, fine-tune security controls, and monitor signals that may indicate an attack in progress.

Register below to see the data behind these key takeaways:

Attack surface monitoring is critical but incomplete
Organizations focus only on the known attack surface
Attack surface testing remains separate and periodic
A continuous closed-loop attack surface monitoring and security testing process is needed

A SNEAK PEAK OF THE DATA
Over 2/3 of organizations report they experienced cyber-attacks
that originated from an unknown, unmanaged, or poorly managed company asset (see chart below). More surprising – 75% say they believe it will happen again!
Screen Shot 2020-11-10 at 8.47.01 PM

Just how big is the average attack surface for an organization with more than 4,000 employees?

When research respondents were asked about the number of assets that make up their attack surface, the estimated mean number of assets was over 100,000. Additionally, 22% of organizations estimate that their attack surface is made up of anywhere from 100,000 to more than 500,000 assets!

Complete this registration to receive the 16-page report.

COVER-ESG report