Team Cymru recently surveyed 440 security practitioners in the US and Europe. Each survey participant works for a company that currently uses an ASM platform. These professionals were able to provide first-hand knowledge about the benefits and drawbacks of ASM tools today. They shared what they liked and disliked about the tools they use.
The Team Cymru State of Attack Surface Management Report covers a broad spectrum of topics. With over 30 questions, it sheds light on everything from why organizations deploy ASM solutions, to their experience, and how they use it.
Two of the key survey results center around the cost of ASM solutions and the future plans of current users. Here we’ll focus on these two key findings.
How Satisfied are Security Teams with ASM today?
The message conveyed by the results of this survey is loud and clear: many security leaders do not feel their current solution provides value to the security organization.
An alarming number of respondents indicated they were ready to throw in the towel concerning their current solution. Only 51% said they have no immediate plans to stop working with their ASM vendor. That means that an astounding 49% have had enough and are ready to throw up their hands in defeat.
What Security Professionals Say about Price Versus Performance
Many ASM users do not realize the benefits promised when they acquired their solution. Legacy ASM solutions fail to deliver adequate value for modern cloud-based enterprises.
Of those that indicated they were ready to stop working with their current ASM vendor, only 21% said it was because of cost. That tells us that the vast majority of unhappy users are not discouraged by the costs; instead, they fail to see value in what their current solution can do for them.
How Security Teams Plan to Move Forward
That 49% of teams have plans to stop working with their ASM vendor in the next 12 months begs the question, what do these disaffected ASM users plan to do to manage their attack surface?
The survey reveals that 30% of those that plan to stop using their current vendor do not intend to replace their platform. Presumably, these are very small organizations that can go back to spreadsheets and checklists to manage their assets and infrastructure.
However, the inverse of that statistic tells us that 70% of these disgruntled ASM users plan to find a better solution to manage their attack surface. Their move-forward plan is to find a more modern ASM solution that provides value to their security team.
We believe this survey clearly indicates that it is time for companies to rethink their ASM. For many years, ASM has been a fundamental tool for discovering hidden assets and inventory management. Still, this is no longer enough when faced with the growing risk of breaches from external vulnerabilities.
Digital business risk for the organization drives business decisions and must also drive security threat and vulnerability mitigation and remediation strategies. Capabilities like continuous discovery, automated classification, risk-based security decision-making, and more are quickly becoming imperative.
Don’t let your attack surface outpace your ASM solution. Learn how to integrate robust threat intelligence, automation, and risk-based vulnerability remediation to stay ahead of modern threats.