6 Ways to Vet Your Next ASM Vendor
Attack surface management (ASM) is a critical security function, and the market for ASM solutions is growing rapidly. However, with the evolution to ASM 2.0, the process of selecting a new ASM vendor can be confusing. This article will outline six ways to vet your next ASM vendor. We’ll discuss key features to look for and explain how to determine if a vendor can meet your organization’s specific needs.
Key Features to Look For When Choosing an ASM Vendor
1. Data Collection and Display
When looking for an ASM vendor, finding a solution to collect and display relevant data is essential.
An ASM solution is only as good as the information it collects. ASM should create an inventory of all your external assets, including shadow IT assets that may not be on your radar. However, this is just the beginning. ASM should also track assets held by your business partners, vendors and other sources that could leave your organization vulnerable.
These critical tools should be able to identify assets that specifically belong to your organization in public clouds. This feature is crucial because it allows you to assess the risk of those assets accordingly. ASM tools should also be able to collect and display relevant data as well as helpful search and filter functions.
It’s critical to receive continual updates that reveal new assets on your attack surface. You can do this through regular scans. However, you may also wish to exclude some assets from groups that should have exclusive access to them. An ASM 2.0 platform can do that for you.
The information gathered from all your security tools should be displayed on a centralized dashboard. This view should include a summary of your organization’s security posture, not just assets detected or when you ran scans last, but also how risk has evolved and been managed over time. Effective security management requires understanding context, so the dashboard should have a unified interface for assets, risk and policy information.
Finally, you’ll want to see all assets grouped in a way that is logical and easy to understand, preferably mapping precisely to your organizational structure. This ability will help identify who owns each asset and ensure that collaborative efforts to manage risks are more effective.
2. Search and Filter
The ability to search and filter this data is also critical, as it will allow you to surface the most important information quickly and easily.
A list of your assets by itself doesn’t do you much good. Look for a solution that provides filters—such as risk, asset type, asset category and vulnerability severity—to quickly identify what you need to know across the attack surface. This search function should be customizable and you want to be able to retain filters so they can be repeated often by you or other members of the security team.
3. Monitoring and Alerts
Additionally, your ASM solution should include monitoring, alerts, scans and reports.
These features will give you visibility into your organization’s attack surface and help you identify potential risks.
It is vital to monitor for sensitive data exposure and to receive alerts for new vulnerabilities that can emerge in near-real-time. The ASM solution you choose should be able to generate custom reports and alerts and provide a view of your overall risk trend. In addition, the platform should be able to schedule automated reports sharable in raw formats like CSV, downloaded as curated PDFs and sent directly from the platform via email, SMS or Slack/Datadog.
Scanning your attack surface should be a function your security team can readily control. They should be able to set scanning schedules and create and run custom scans on the fly. You must be able to exclude assets based on the time of day so you don’t slow a critical operation while you run a scan.
Transparency is in everyone’s best interest, including your department when it comes to budgeting and support. The goal of generating reports is not just to keep your security team informed but also to keep the C-suite and board of directors aware of the company’s security posture.
4. Risk-Based Remediation
Another critical feature to look for is risk-based remediation.
This capability will allow you to prioritize and remediate threats based on their risk level.
A best-of-breed ASM platform should be able to provide risk-based supporting evidence of the vulnerability it has identified, remediation guidance and remediation progress. Additionally, it should have robust remediation capabilities.
5. APIs and Integration
Additionally, APIs and integration are essential considerations when choosing an ASM vendor.
These capabilities will allow you to integrate your ASM solution with other security tools and customize it to fit your specific needs.
Integrating your ASM with key applications that are part of modern business operations will help you to secure your business better. These applications include ServiceNow, Tenable, Jira, Armis, Qualys, and others. By using APIs that provide quick response times — 20 seconds maximum — you can ensure that your ASM is a practical part of your security toolkit.
6. Additional Features
Finally, there are a few additional features that you may want to consider when choosing an ASM vendor.
When considering other essential features, your ASM solution should be able to discover certificates, identify revoked or expired ones, and identify dangling DNS from public name servers and domain spoofing. You will want to use pre-defined and customized role-based access. Any changes to the attack surface should be visible through an audit trail and automatic notifications of those changes.
Conclusion
Historically, vendors have provided cybersecurity teams with complex, poorly integrated tools that reveal only a limited amount of useful information. Legacy tools provide little or no guidance on how to prioritize and remediate the threats they face every day. ASM 2.0 is designed to change this and provide teams with the features they need to do their jobs.
When selecting an ASM vendor, it is essential to consider your organization’s specific needs. By looking for the features and capabilities outlined in this article, you will be able to find a solution that fits your requirements.
