Why Cyber Asset Attack Surface Management (CAASM) is now emerging

We here at Sevco are extremely proud to be recognized as a sample vendor in the newly identified Cyber Asset Attack Surface Management (CAASM) category in the Gartner Hype Cycle for Network Security, 2021 AND the Gartner Hype Cycle for Security Operations, 2021.

Gartner defines CAASM as technologies “focused on enabling security teams to solve persistent asset visibility and vulnerability challenges.”

The Creation of the Category

Gartner analysts John Watts and Neil MacDonald are putting a spotlight on a deceptively simple, yet very critical issue: organizations simply do not have complete visibility of their enterprise assets. While accurate asset inventories are foundational to nearly every security framework (CIS Control 1 is the Inventory and Control of Enterprise Assets; NIST CSF Fn 1 is the identification of systems, people and assets; ISO 27001 A.8.1.1 is an always up to date inventory of assets), very few organizations have confidence in their inventory, effectively diluting the confidence in the overall security program’s efficacy.

That brings us to the emerging CAASM category. 

Many of our IT and security tools report inventory but are limited to their perspective of the environment. Agent-based tools are only aware of where they are installed. Network tools only see what’s connected, missing remote employees accessing cloud applications. Every system is siloed. CAASM solutions will enable organizations to aggregate these disparate systems to identify gaps in security controls and coverage.

While the CAASM category may be just emerging, our founders have long believed a need to get “back to basics” as co-founder and CEO J.J. Guy covered previously in this blog.

How Sevco Security Delivers a Cyber Asset Attack Surface Management Solution

Sevco Security is a company with an unusually tenured team that possesses decades of experience creating and establishing new security categories. This team not only knows how to tackle these hard problems but also understands the need to operationalize solutions to be effective.

The lack of complete asset inventory is a very real problem today and Sevco already delivering incredible value to our current customers.  Our solution uniquely provides:

  • Comprehensive Unified Inventory: displayed in an interactive Venn diagram – this highlights the complex state of the asset picture in an organization, quickly highlighting devices in a partial state of configuration. Without this view, you’re forced to run endless queries to identify where you should be focused.
  • Asset Telemetry: comprehensive inventory is certainly required, but only represents the current state. The shortcomings of simply having snapshots of inventory become painfully clear when you’re trying to piece together what changed from one period to the next. Or when you’re in the midst of a critical IR investigation trying to figure out who had an IP address 192.168.0.123 yesterday at 12:10 pm. Sevco generates change events for every asset inventory and asset attribute change. This telemetry provides detailed records of key attributes, critical to investigations and traceability for global inventory changes.
  • Cloud-native SaaS Platform: Sevco is a modern cloud-native, SaaS platform that you would come to expect of any solution today. This makes it easy to evaluate the solution with just 3 sources of information and then scale effortlessly to 10 sources without any re-sizing of resources.

We agree with Gartner that the CAASM market is just emerging, but the most forward-thinking CISO’s are already investing. Contact us if you would like to learn more.

Gartner clients can access the Gartner Hype Cycle for Network Security, 2021 report HERE.

And the Gartner Hype Cycle for Security Operations, 2021 report HERE.

 

 

 

(updated July 28, 2021 for inclusion in Gartner Hype Cycle for Security Operations, 2021)