Brought to you by:
Enterprise Strategy Group | Getting to the Bigger Truth™
By Jon Oltsik, ESG Senior Principal Analyst and Fellow
OCTOBER 2021
Of all the business applications used by your organization, approximately what percentage is currently public cloud-resident? How do you expect this to change – if at all – over the next 36 months? (Percent of respondents, N=664)
Source: Enterprise Strategy Group
Requirement | Description | Metrics and Capabilities |
---|---|---|
Automated asset discovery | Ability to create a baseline of all known and unknown assets across the entire internet and public cloud infrastructure | ● No setup required ● Scale and performance to deliver on time to interview ● Low false positive rates ● Discovery independent of other security product logs |
Continuous monitoring | Ability to monitor for moves, adds, and changes associated with internet and cloud-based assets | ● Detect changes continuously ● Maintain historical records for future investigations ● Present data in an intuitive UI/UX to support user productivity ● Monitor and track progress of security posture over time |
Attack surface analysis and prioritization | Ability to take an adversary perspective on any asset issues discovered; Ability to prioritize these issues based on their attractiveness for use in cyber-attacks | ● Clear descriptions on issues discovered and why they are deemed to be remediation priorities. ● Details regarding departments, owners, and stakeholders associated with each asset ● Presentation of issues using the MITRE ATT&CK Framework taxonomy |
Source: Enterprise Strategy Group
1. Enterprise functionality. Enterprise security teams can include dozens of individuals while IT departments may have five times as many employees. To accommodate these organizations, ASM tools must be built for individual roles and team collaboration by including functionality for alerting (i.e., using email, collaboration software, etc.), ticketing, data sharing, read-only access, rules-based/policy management, and commenting. In other words, ASM solutions must be built for enterprise needs and support organizational dynamics.
Requirement | Description | Metrics and Capabilities |
---|---|---|
Enterprise Operations Functionality | Ability to use ASM across different processes, roles, and organizations | ● Role-based access control ● Read-only access ● Role-based dashboards and templates ● Multiple alerting methods |
Multi-dimensional reporting and use cases for technologists and executives | Technical reports/use cases for IT and security personnel; Executive-level reports for CISOs, executives, and corporate boards | ● Templatized and custom reporting ● Simple data query capabilities ● Automated report generation ● Executive-level summary reports |
Technology integration and interoperability | Ability to integrate with a large variety of security and IT operations systems, like asset management, case management, CMDBs, SIEM, SOAR, vulnerability management, etc. | ● Well-documented APIs ● Developer support ● Ecosystem of integration partners |
Remediation guidelines | Clear and concise instructions for risk mitigation presented based on the priority of each known issue | ● Intuitive risk prioritization model ● Specific detailed remediation instructions ● Ability to customize and share instructions ● Ability to operationalize instructions through tools integration ● Alignment with MITRE ATT&CK ● Alignment with regulatory compliance requirements |
Source: Enterprise Strategy Group
Has the solution demonstrated the ability to scale the size of the organization’s network | Y/N |
Does the solution use multiple sources to comprehensively discover and automatically attribute assets that belong to an organization? | Y/N |
Is the false-positive rate for the assets discovered and attributed by the ASM solution acceptable? (>99% accuracy is ideal) | Y/N |
Can the solution help identify a wide range of issues like exposed RDP, Telnet, expiring/self-signed certs, etc.? | Y/N |
Can the solution integrate with your cloud security solutions and identify advanced issues like co- located assets? | Y/N |
Does the solution have strong out-of-the box policies and options for building custom policies? | Y/N |
Does the solution help uncover both unknown assets in your network and unknown communications to your network? | Y/N |
Can the solution seamlessly integrate with your existing SIEM/SOAR solution? | Y/N |
Does the solution provide dashboards or executive-level reporting? | Y/N |
Does the solutions provide a dedicated support team and not just documentation or email support? | Y/N |
Continuously discover, evaluate, and mitigate attack surface risk
This ESG White Paper was commissioned by Palo Alto Networks and is distributed under license from ESG.
1 Source: ESG Research Report, 2021 Technology Spending Intentions Survey, Jan 2021.
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
Enterprise Strategy Group | Getting to the Bigger Truth™
Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.