Articles about Modern Attack Surface Management

Thanks to the rise of hybrid working and SaaS the traditional concept of ‘attack surface’ -- limited to hardware, software, and network infrastructure -- is dangerously outdated and no longer sufficient to ensure cybersecurity.

We spoke to Mike Riemer, senior vice president Network Security Group and field CISO at Ivanti, to find out how organizations need to adapt to keep their systems secure.

Continue reading →

Attack surfaces keep expanding, making it increasingly challenging for organizations to obtain and make sense of the most relevant insights from their attack surface data.

Attack surface management platform Detectify says its users see an average of 300 breaches per set policy, with over 70 percent of active policies focusing on spotting risky open ports.

Continue reading →

The external attack surface -- those assets which face the internet -- is attracting a lot of attention at the moment, with Gartner naming it as a top security risk.

To find out more about external attack surface management (EASM) and why organizations need to take it seriously, we spoke to Rickard Carlsson, CEO of Detectify.

Continue reading →

Security teams today are contending with an ever-increasing attack surface and an exponentially growing volume of vulnerabilities. Yet most teams are still equipped with the cybersec equivalent of a bucket to shovel out an ocean of CVEs. Buying them another shiny new bucket pales in comparison to plugging the actual leak in your ship (or enterprise).

Vulnerabilities can’t all be patched, so prioritizing these based on business risk is the most grounded approach. While leading security teams have begun to implement more advanced vulnerability management (VM) programs, others are struggling with outdated, manually intensive and less effective ways of managing vulnerabilities without context or insights on the true risk they pose. This can only work for so long, as it requires the continuous process of monitoring, discovering, analyzing, and remediating vulnerabilities across all potential attack vectors. Even then, good old human error sneaks its way in.

Continue reading →