Preventing breaches begins with understanding and protecting your attack surface. For most enterprises, their attack surface is huge. To help wrangle it, security professionals have struggled for years to use tools such as network mapper (nmap) or vulnerability scanners to discover and test the security of internet-exposed assets; these typically present a path of least […]

The introduction of containers and micro-service architectures have changed the way we develop, deploy, and run our applications.  Not only has this changed application development, but it’s also created some visibility challenges for application security.  Move those applications to the cloud and we only amplify those challenges.  How do we architect our cloud services and […]

Though the term Attack Surface Monitoring (ASM) doesn’t specifically refer to external threats, that’s what this market currently focuses on. In short, products in this category aim to catalogue and help manage an organization’s exposed assets.

Due to this being a new category, we focused our time on understanding the market, how to categorize it and exploring each product’s set of features.

RiskIQ is a great example of where the freemium model works best. They’ve built an essential research tool, so even if someone wasn’t interested in their digital risk protection product, when a new offering like Illuminate comes along, RiskIQ has another opportunity to inform and upsell freemium users on new products.

AlphaWave is targeting the risk analysis and prioritization end of the ASM market. The product collects information on assets and attempts to identify issues and vulnerabilities. These findings are then prioritized for the customer.

Bit Discovery has planted its stake in trying to build the most comprehensive inventory of IP-based assets exposed to the Internet.

Phobos approached building Orbital from the perspective of both a security consultant and the client, receiving the results of an assessment.