Features

Ask 10 security leaders to define attack surface management (ASM) and it’s likely that you’ll get as many different answers. For some, it’s an asset inventory. For others, it’s another name for vulnerability scanning. The result is a security term that sounds familiar but means very different things in practice. Without a shared playbook, how do you judge maturity, measure progress or even put it into practice?

“Attack surface management is powerful, but it’s not the silver bullet,” says Richard Cassidy, Rubrik’s EMEA CISO. “On its own, it can absolutely tell you where the cracks are, for lack of a better phrase, but it certainly won’t fix them.”