Though the term Attack Surface Monitoring (ASM) doesn’t specifically refer to external threats, that’s what this market currently focuses on. In short, products in this category aim to catalogue and help manage an organization’s exposed assets.
Due to this being a new category, we focused our time on understanding the market, how to categorize it and exploring each product’s set of features.
RiskIQ is a great example of where the freemium model works best. They’ve built an essential research tool, so even if someone wasn’t interested in their digital risk protection product, when a new offering like Illuminate comes along, RiskIQ has another opportunity to inform and upsell freemium users on new products.
While some ASM products left us wondering where the details were and other products buried us in discovered assets with no prioritization, Intrigue strikes a solid balance between the two.
CyCognito has one of the most functional, mature and stylized user interfaces (UI) of all the ASM tools we tested. The UI isn’t all flash and no substance, however.
The most notable aspect of Randori’s product is that it is split into two parts: Recon is a fully automated SaaS product that gathers information about a company’s exposed digital assets through both passive and active methods. Randori’s other product, Attack aims to go deeper with Recon’s findings.
The real selling point for CAST revolves around the skilled staff that both validates findings and trains the ‘brain’ of the automated system.
ImmuniWeb occupies an interesting space in the ASM market. While it offers many features only seen in some of the more complex offerings, pricing is SMB-friendly.
Phobos approached building Orbital from the perspective of both a security consultant and the client, receiving the results of an assessment.
Bit Discovery has planted its stake in trying to build the most comprehensive inventory of IP-based assets exposed to the Internet.
AlphaWave is targeting the risk analysis and prioritization end of the ASM market. The product collects information on assets and attempts to identify issues and vulnerabilities. These findings are then prioritized for the customer.