On February 22, 2022, Travis Hoyt was featured in a VentureBeat article titled, Pentesting Firm NetSPI Expands Into Attack Surface Management. Preview the article below, or read the full article online here.
+ + +
Exposure of internet-facing enterprise assets and systems can bring major risks for security. And yet in many cases, enterprises aren’t even aware of all the internet-facing assets they have — which of course makes it impossible to go about securing those assets and systems.
As digital transformation continues turning all enterprises into internet companies, to one degree or another, this problem of exposed assets and systems is growing fast. And that has led to the emergence of a new category of security technology: External attack surface management, or EASM.
The technology — sometimes referred to simply as attack surface management, or ASM — focuses on identifying all of an enterprise’s internet-facing assets, assessing for vulnerabilities and then remediating or mitigating any vulnerabilities that are uncovered.
A separate discipline within security is penetration testing, or pentesting, in which a professional with hacking expertise performs a simulated attack and tries to breach a system, as a way to uncover vulnerabilities that need to be addressed.
Today, enterprise pentesting firm NetSPI announced that it’s bringing the two worlds together, with the debut of its new attack surface management offering. The solution integrates the company’s pentesting experts into the attack surface management process, as a way to improve the triage and remediation of risky exposures, said Travis Hoyt, CTO at NetSPI.
“EASM does not typically include manual pentesting — at least not in the way NetSPI incorporates it into our new offering,” Hoyt in an email to VentureBeat.
However, “both are necessary to truly accomplish a holistic, proactive security program,” he said. “In today’s threat environment, conducting a pentest once a year is no longer effective given the rate at which the attack surface is changing. EASM ensures that corporate networks have constant coverage and attack surface visibility.”
Continue reading Pentesting Firm NetSPI Expands Into Attack Surface Management on VentureBeat (reporting by: Kyle Alspach).