The Attack Surface is Changing – So Should Your Approach
The attack surface is rapidly changing, especially when it comes to external assets. New threats emerge daily and employees increasingly use new tools and services unknown to IT departments, increasing risk exposure. This has made security organizations more focused on finding ways to better manage their growing attack surface. Security teams employ numerous strategies to address this challenge. The first step is often a simple one: a spreadsheet.
Is a Spreadsheet Enough for Attack Surface Visibility?
A spreadsheet is the common first step in attempting to gain visibility of all external-facing assets. Essentially, security teams run a few asset discovery or vulnerability scans, build API integrations, pull all the assets found into a single spreadsheet, possibly add some sort of categorization or other information, and boom!
My attack surface is now managed, right?
Although this may work in the short-term for some smaller organizations, it quickly turns into a full-time job for individuals already stretched too thin.
Which areas of our network need to be scanned? How often should we run scans? How do we duplicate the information? How do I reduce false positives? Which vulnerabilities do I prioritize? And this list goes on.
An accurate and updated inventory of your attack surface assets and vulnerabilities becomes even more complicated once your organization starts growing and adds even more network segments.
Security professionals may believe this manual approach will provide an inventory of assets and improve the security of those assets for relatively low costs, when it is actually labor-intensive, time-consuming, and often incomplete. Discovering assets is one thing, but keeping up with the changes, associated risks, and potential exposures is another. Trying to figure out which data points to collect, building integrations, normalizing the data, validating and prioritizing findings, and then turning it into usable information is a difficult challenge that comes with large labor costs.
While it’s possible to do, the spreadsheet approach involves considerable trial and error, extensive documentation reading, and inherent gaps. Consequently, this often leads the team to explore alternative solutions via third-party vendors, and oftentimes that involves cobbling together more than one solution.
Challenges with Fragmented Technology for Managing the Attack Surface
Security teams use a combination of third-party vendor technologies, such as security tools, inventory tools, cloud tools, and many more, paired with a spreadsheet or database to piece together the discovery and security of their attack surface. Each of these individual solutions provides valuable information and is an improvement from a spreadsheet approach, but they also come with some drawbacks and inefficiencies. Some common examples include:
Security Tools
Common security tools include vulnerability scanners or security rating tools. They are good for discovering and reporting on the vulnerabilities within the assets you tell them to scan. The challenge with relying on a vulnerability scanners and security rating tools are that they only scan what they are told to scan, leaving unknown assets untested and potentially at risk. These solutions also have limited capabilities for noise reduction and contextualization, which lead to additional labor costs to validate and prioritize the findings they deliver.
Inventory Tools
Inventory tools and configuration management databases (CMDB) are other common technology categories to help manage an organization’s attack surface. They focus on creating and maintaining a database of the company’s assets to assist with the lifecycle management for IT teams. They are really focused on tracking known assets, not finding new assets or the vulnerabilities within them. These are static tools, designed to help IT teams track known assets and their IT configurations, however, they leave out critical information that security teams need.
Cloud Tools
Cloud security posture management (CSPM) tools are common tools focused on cloud environments, ensuring that cloud resources are properly configured and compliant with desired standards. With the shift to the cloud, this is a key area many security teams focus on; however the cloud is only a portion of an organization’s attack surface, leaving gaps in complete visibility.
While each of these tools are useful for their specific purposes, they lead to fragmented information silos, error-prone processes, and efficiency challenges of checking multiple systems for limited parts of the information needed. Security teams require a solution that provides real-time data, integrated workflows, and automated reporting on known and unknown assets throughout their environment. This lead often leads them to review a true attack surface management (ASM) solution.
Gain Internal and External Attack Surface Visibility with NetSPI
ASM solutions have grown exponentially in recent years. Forrester defines ASM as “solutions that continuously identify, assess, and manage the cybersecurity context of an entity’s IT asset estate.”
Through the use of ASM, companies are able to identify and test known and unknown assets and vulnerabilities throughout their environment continuously, allowing them to stay on top of their security in between their point-in-time testing. This drastically reduces risk and improves operational efficiencies when paired with the correct ASM solution. However, not all ASM solutions are created equally.
NetSPI External Attack Surface Management (EASM) delivers always-on external perimeter security, leveraging technology, processes, and human intelligence to uncover both known and unknown assets, while validating and prioritizing vulnerabilities. In addition, NetSPI Cyber Asset Attack Surface Management (CAASM) offers real-time visibility across users, applications, devices, and clouds, mapping and correlating assets within your technology stack to identify risks and coverage gaps. Together, these products deliver internal and external asset and risk visibility, always-on coverage, and deep data context to empower security teams.
So, in summary, can you perform attack surface management on your own with open-source tooling? Yes. However, there will be additional challenges, inefficiencies, and costs.
The best option is to work with a trusted ASM solution company like NetSPI, offering external and internal attack surface management solutions through NetSPI EASM and NetSPI CAASM.
Explore more blog posts
Q&A with Jonathan Armstrong: An Inside Look at CREST Accreditation
Explore the role of CREST accreditation in cybersecurity, its link to DORA, and insights from Jonathan Armstrong on its future in the security industry.
2025 Cybersecurity Trends That Redefine Resilience, Innovation, and Trust
Explore how 2025’s biggest cybersecurity trends—AI-driven attacks, deepfakes, and platformization—are reshaping the security landscape.
NetSPI’s Insights from Forrester’s Attack Surface Management Solutions Landscape, Q2 2024
Read NetSPI’s perspective on key takeaways from Forrester’s The Attack Surface Management Solutions Landscape, Q2 2024.