The hype around different security categories can make it difficult to discern features and capabilities from bias when researching new platforms. You want to advance your security measures, but what steps actually make sense for your business?
For anyone ready to find an attack surface management (ASM) vendor, review these six questions before getting started to understand the key features to look for in an ASM platform and the qualities of the vendor who supports it.
Refer to these as your quick guide for interviewing vendors to walk away with the most suitable ASM platform for your needs.
Checklist: 6 Questions to Ask Attack Surface Management Vendors
- Does your platform have the capability to discover the unknown?
- How do you prevent alert fatigue, prioritize alerts and remove false positives?
- Can you track attack surface changes over time?
- How do you plan to evolve the platform going forward?
- What services related to ASM do you offer?
- Can we demo or test run the platform?
Let's dive deeper into each of these.
1. Does your platform have the capability to discover unknown assets?
Creating an inventory of assets has always been challenging. Attack surface management tools can have limited capabilities that solely focus on identifying familiar assets, such as IP addresses, domains, software, and other known resources. However, some of the best attack surface management platforms today have the ability to locate and safeguard both known and unknown internet-facing assets, which has become a critical requirement for effective ASM tools.
2. How do you prevent alert fatigue, prioritize alerts and remove false positives?
Asset discovery with attack surface management is table stakes. Prioritization of alerts to focus remediation efforts is where the real value comes in.
Top ASM tools address alert fatigue by including human analysis of vulnerabilities in the context of a client's business. This method means clients receive focused remediation efforts only on high-severity vulnerabilities, instead of the more common outcome of receiving a PDF with an extensive list of alerts.
3. Can you track attack surface changes over time?
Traditionally, tracking attack surfaces involved conducting annual or periodic penetration testing. However, this approach lacked the ability to keep up with the rapidly expanding attack surfaces and threats that can emerge anytime.
Instead of relying on occassional pentesting, organizations can achieve better results by combining external network penetration testing with continuous attack surface management. This approach enables teams to effectively monitor the growth of their attack surfaces and identify vulnerabilities as they emerge.
4. How do you plan to evolve the platform going forward?
The partnership between ASM vendors and their clients benefits from a collaborative approach to continually improve platform capabilities. The best attack surface management vendors actively listen to customers in order to drive feature development and platform improvements. By taking their input into account, a dedicated team of software engineers can roll out new updates and features that advance the capabilities of an ASM platform on a consistent basis.
5. What services related to ASM do you offer?
For organizations to continually evolve their offensive security strategies, it's beneficial to have features and capabilities that extend beyond attack surface management and encompass related market categories.
When selecting an ASM platform, it's helpful to consider additional capabilities such as Breach and Attack Simulation, Penetration Testing as a Service, and Application Security Testing. These capabilities broaden the scope and effectiveness of ASM, allowing organizations to strengthen their entire security posture.
6. Can we demo or test run the platform?
Beware of vendors who don't have demos at the ready. ASM vendors typically offer demos of their platforms on-demand, as well as helpful how-to resources, and conversations with subject matter experts so you can be sure your business needs are met. Doing a demo ahead of any purchase also allows you to see the platform's UX and gauge its ease of use. A user-friendly design and easy-to-digest dashboards are essential for an ASM tool you actually want to use.
Keep these six questions in your back pocket when evaluating attack surface management platforms. The nuances of expanding offensive security measures can make or break an engagement, so here's what you're looking for in an ASM platform:
- The ability to discover the unknown
- Inclusion of human analysis to prioritize alerts
- The ability to track attack surface changes over time
- Expertise to develop new features based on business needs
- Capabilities beyond ASM into related market categories
- Demos at the ready showing a clean, easy-to-use UX
See NetSPI's Attack Surface Management platform in action in this on-demand demo.