The Hype about CAASM: What you need to know about Cyber Asset Attack Surface Management

A photo of a woman and digital transformation.

Recent security events, including the ongoing Log4j vulnerability cleanup, have emphasized the need for good cybersecurity asset management to better understand your attack surface and cyber risk. In the recently published Gartner® Hype Cycle™ for Network Security, 2021 report the analysts state a new area of focus , called Cyber Asset Attack Surface Management (CAASM). Gartner defines CAASM as “an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges.”

So, what is CAASM, and why is it so important?

CAASM expands beyond the limited scope of products that focus on a subset of assets such as endpoints, servers, devices, or applications. By consolidating into a single repository, users can query to find gaps in coverage for external attack surface management (EASM) and detection and response tools (e.g. XDR, EDR, NDR).

CAASM provides passive data collection by using API integrations, replacing painful manual and time-consuming processes to collect and reconcile asset information – often across multiple cross-functional teams and a multitude of IT management, DevOps, and cybersecurity technologies. This approach allows organizations to see ALL their assets regardless of where they reside – cloud and on-premises environments. This is done by using agentless API integrations with existing tools, enabling query capabilities to examine asset data, and offering capabilities to remediate issues.

“Cyber Asset Attack Surface Management (CAASM) is an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges. It enables organizations to see all assets (both internal and external) through API integrations with existing tools, query against the consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.”
-Gartner on CAASM

How do you secure what you can’t see or don’t know you have?  

Having full visibility into your operating environment with full contextual insight is a foundational requirement for every organization. If you do not have full visibility into all assets under your organization’s control, you have failed to understand your attack surface area and any existing security control gaps. This new approach to assessing risk exposure provides better enrichment for organizations to decide what matters to them without wondering about the risk impact.

Modern solutions require a modern approach.

Success is when these solutions can provide the following benefits:

  • Consolidation: Provide a consolidated view of all company assets across all teams regardless of their function and location within the organization.
  • Full Visibility: Across all data points east to west – from shadow IT organizations, installed third-party systems and line-of-business applications regardless of who owns governance and control.
  • Risk Reduction: Gain a complete picture of the company attack surface so risk exposure can be continually managed and minimized.
  • Real-time Reporting: Streamline instant audit compliance reporting through accurate, current, and comprehensive asset and security control reports.
  • Automation: Embedded state-based control that can be executed based on high fidelity data, handsfree with absolute certainty, that reduces unplanned high-risk events.
  • Continuous Improvement: Maintain the ability to improve in all aspects and stay ahead of attackers uniformly.

So how important IS automation?

Well, according to IBM – it is A LOT. This year, IBM’s annual Cost of a Data Breach highlighted that automation has the single biggest cost impact. Investments quickly followed this in solutions that reduce system complexity and optimize compliance controls. The numbers speak for themselves, with the potential savings being in the 7 figures range, and Noetic Cyber has an extremely high ROI while making some of the biggest headaches simply go away overnight.

Organizations with fully deployed security AI and automation experienced breach costs of $2.90 million, compared to $6.71 million at organizations without security AI and automation. The difference of $3.81 million, or nearly 80%, represents the largest gap in the study when comparing breaches with vs. without a particular cost factor. The share of organizations with fully or partially deployed security AI and automation was 65% in 2021 vs. 59% in 2020, a 6 percentage point increase and continuing an upward trend. Security AI/automation was associated with a faster time to identify and contain the breach. 

IBM, Cost of a Data Breach, 2021

Why I LOVE Noetic

While working at IBM back in 2016, I had the opportunity to work very closely with the Resilient Systems team. At the time they were an early pioneer of Security, Orchestration, Automation, and Response (SOAR) technology and had recently been acquired by IBM. After seeing how Noetic Cyber founders Paul Ayers, Allen Rogers, Allen Hadden, and the larger team saw the world and operated, I knew this would be another fantastic solution. The team had the foresight to leverage automation well before anyone else. Bringing critical capabilities for security teams, given how limited resources have become and how advanced the adversary is in today’s global threat climate.

The way they have designed their solution can correlate insights from existing tools, allowing users to maximize their existing investments rather than just adding to it with ‘yet another tool.’

By implementing Noetic security and operation teams can –

  • Make faster, more accurate decisions. The context and insights provided help improve security posture accuracy and remediation.
  • Leverage existing investments – pre-built, customizable connectors generate insights from existing IT management and security tools.
  • Deliver rapid time-to-value. Operationalize your data to close security gaps in days, not months.

Paul and I recently sat down to talk about CAASM, the need for a new kind of asset management and how the cybersecurity industry is evolving to meet these new challenges, check out the video of our fireside chat below or contact the Noetic team directly to learn more.