Palo Alto Networks

Value Drivers for an Attack Surface Management (ASM) Program

Published by Palo Alto Networks

A few years ago, the term attack surface management (ASM) wasn’t part of the common cybersecurity lexicon. Most organizations employed a few security and IT personnel who could identify their internet-facing assets and manage security hygiene and posture using an assortment of tools like vulnerability scanners, CMDBs, and threat intelligence feeds.

This white paper concludes:

  • ASM continues to lag. Despite massive attack surface growth, organizations continue to perform ASM manually, using an assortment of data sources, security/IT tools, and even spreadsheets. Furthermore, organizations only monitor a portion of their attack surface, it takes ample time and resources for attack surface discovery, and most organizations continue to do discovery on a periodic basis. These haphazard steps result in an incomplete and out-of-date picture of the attack surface, leaving organizations vulnerable to attack.
  • ASM weaknesses lead to security incidents. While security teams muddle through ASM, sophisticated adversaries use automated scanning tools to quickly identify vulnerable assets for exploitation. The results are alarming—69% of organizations surveyed report that they’ve experienced a cyber-incident resulting from an unknown, unmanaged, or poorly managed internet-facing device.
  • It’s time for ASM automation. CISOs can’t bridge the ASM gap with tactical adjustments, but rather need ASM processes and technologies that can address the scale, scope, and dynamic nature of the growing attack surface. New, innovative, and automated security ASM solutions like Cortex Xpanse can discover assets across the internet, collect and centralize the data, provide analytics for risk scoring, and integrate with other security and IT tools for remediation and risk mitigation.

Download to learn more.

Download Now


Required fields*

Please agree to the conditions

By requesting this resource you agree to our terms of use. All data is protected by our Privacy Notice. If you have any further questions please email

Related Categories Cloud Computing, SaaS, ERP, Cloud Computing, Cloud Security, Server, Cloud Computing, Server, Cloud Computing, Collaboration, Malware, Network, Applications, SaaS, SAN

More resources from Palo Alto Networks