According to Gartner, Cyber Asset Attack Surface Management (CAASM) is “an emerging technology focused on enabling information security teams to solve persistent asset visibility and vulnerability challenges.” In short, it is a cyber security Asset Intelligence platform.
Asset Intelligence allow organizations to see all assets regardless of where they reside. This is achieved by using API integrations with existing tools, enabling query capabilities to examine asset data, and offering capabilities to remediate issues.
The process of gathering asset data (with a primary focus on devices, cloud instances, and users) to strengthen core security functions, including detection and response, vulnerability management, cloud security, incident response, and continuous control monitoring.
Why Asset Intelligence?
Asset management is foundational to security. Put simply, you cannot protect what you cannot see or understand.
Many IT and security teams struggle to gain the right level of visibility into all assets in their environment, making it harder to secure them. Asset data exists in many different systems – but the data is siloed, duplicative, or contradictory. This makes it exceedingly difficult for IT and security teams to answer even the most basic questions about their IT environment.
While IT Asset Management (ITAM) and Configuration Management Database (CMDB) platforms are frequently used to maintain asset inventories, they often don’t contain sufficient and accurate data to help security teams. Gaining visibility across diverse types of assets requires an approach that automatically and continuously discovers assets in their environment. By aggregating, normalizing, and correlating asset data, Asset Intelligence platforms help teams confidently understand and protect all their assets from various vendors.
This allows organizations to:
- Offer a consolidated view of all company assets to multiple teams: spanning IT and infrastructure, security, risk, and more
- Gain a complete picture of the company attack surface
- Understand security control coverage and efficacy
- Streamline audit preparation and compliance reporting
- Understand shadow IT and assets that lack governance and control
Use Cases Examples for Cybersecurity
Asset Management
Correlates asset data from existing sources to provide an always up-to-date inventory, uncover security gaps, and automate action
Vulnerability Management
Discover, track, prioritize, enrich, remediate, and report on all vulnerabilities across all devices in your environment efficiently and accurately
Attack Surface Management
Unify all assets (internal and external) and learn which assets are not properly protected and ensure that cybersecurity controls meet or exceed requirements.
Incident Response
In just minutes, Asset Intelligence provides a comprehensive view into all assets, uncovers associated vulnerabilities, and expedites forensic investigations.
Agent Coverage
Asset Intelligence orchestrates asset visibility, whether an agent is present or not. Discover where agents are deployed, missing, and even malfunctioning.
Coverage Gap Discovery
With vast adapter network and correlation engine, it ensures all assets are identified, protected, managed, and assessed by your security controls.