Last week our team headed to the Gartner Security & Risk Management Summit in National Harbor, Maryland. This summit brings together security professionals and this year’s theme was to accelerate the evolution ofsecurity, to reframe and simplify it. Our team arrived ready to showcase our Attack Surface Management solution, but also wanted to hear from the community what the most important issues and topics are for them in cybersecurity.
Here’s what we learned from our time at the summit.
Attack Surface Management is top of mind
At Censys, we’re talking attack surfaces and attack surface management every day, but how does the cybersecurity community view it? Attack Surface Management (ASM) itself is an emerging category of security products, so we were happy to learn at Gartner that, as a category, ASM has fully emerged and is top of mind for attendees. Many attendees we spoke to had plans to address the risks to their external attack surfaces within the next one-to-two years – companies are moving very quickly to address the growing security concerns with their internet exposure.
Teams are focusing on the highest area of return
When you’re the one in charge of monitoring a company’s security tools, everything can feel urgent. Enterprise security teams are often overwhelmed and under-resourced, without the ability to address every issue. As a result, many security professionals are leaning into a strategy that addresses the risks that have the highest return. In our conversations with Gartner attendees, there was nearly universal agreement that systems exposed to the outside world must be addressed first. What was also interesting was that we heard that ASM has somewhat of a bad reputation given the lack of clarity some vendors provide and the amount of false positives and noise.
The reason ASM has a reputation for false positives is because most solutions don’t have the appropriate visibility into or knowledge of the internet. These solutions also are not refreshing your attack surface quickly enough which creates stale data. Censys knows the Internet better than anyone, and our global scanning infrastructure lets us go faster and cover more than anyone else. We also continuously update organizations’ attack surfaces on a daily basis to make sure we are finding the new workloads in the cloud and removing assets that no longer belong to you. This is why it’s essential to be informed when you are looking into ASM vendors.
The ability to scan the (whole) internet is essential
Censys scans the entire internet and cloud IP space. We give you the most accurate and holistic view of your external attack surface. No other vendor is as focused on getting this right as we are. And we heard from attendees this is essential.
As the CISO at a large retailer said, “If I can’t see everything we’ve exposed to the Internet I can’t build a security practice. We will never protect what we don’t know about.”
That’s why Attack Surface Management is essential – you can’t protect what you don’t know about. But with Censys ASM, it’s our job to know what’s on the internet.
Organizations want an ASM tool that is easy to use
Surprisingly, not one attendee felt confident that they knew what they currently had exposed on the internet. It’s difficult – it’s a moving target every single day to know what your risks are.
One thing we kept hearing over and over again was that attendees and organizations need a vendor who makes it easy to solve this problem of knowing the risks to their external attack surface. Not only is Censys working every day to make sure we have the most accurate data, we make it really easy to get started and to find everything that’s been exposed. In the background, we’re continuously checking for anything new, while at the same time integrating into existing workflows. Attack Surface Management is top of mind for a great reason – it’s really effective at exposing the risks of attack surfaces – and essential as the first line of defense in a cybersecurity posture.
We had a great time at Gartner and we hope to see everyone again next year!
Are you interested in learning more about Attack Surface Management? See it in action now.