
What’s Next For Attack Surface Management? Perspectives From The Market Leader

We are delighted to announce that Cyberint, a Check Point company, was recently named a Leader and an Outperformer in the GigaOm Attack Surface Management Radar report. To read the full analysis, download the report here.
In light of this major recognition, it’s worth taking a moment to reflect on the evolution of ASM—both the specific capabilities that Check Point provides to customers and on the trends of the broader Attack Surface Management market. Perhaps most importantly, we will also discuss what’s next for ASM and where the market is headed in 2025.
The Origins of Attack Surface Management
The need for attack surface management tools came about in the 2010s as many large enterprises accelerated their digital transformation strategies and went all-in on the cloud.
With thousands, tens of thousands, or even hundreds of thousands of assets spread out across environments—legacy on-premise datacenters, private clouds, cloud environments across multiple CSPs—security teams struggled to maintain visibility on all the corporate assets that needed to be inventoried, monitored, and protected.
A new term was coined to describe the problem: “shadow IT.” This became a catch-all phrase to refer to the digital assets that were unknown to the cyber security team. Back in 2016, Gartner predicted that “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.” After all, you cannot protect the assets you don’t know about.
Attack surface management solutions addressed the challenge of shadow IT by automating the process of discovering, inventorying, and analyzing digital assets. Using a variety of techniques and public data sources, ASM tools could find all the ‘unknown unknowns’ in an organization’s digital estate.
Steady Evolution of ASM Tools
Over time, some vendors began adding new functionality to ASM products. While asset discovery is useful, it’s much more valuable to go beyond that initial step to run port scans, enumerate software, detect CVEs, and identify other issues that may put the asset at risk. These steps were accompanied by risk scoring to help with prioritization, integrations with ticketing systems as well as other SOC tools (SIEM, XDR, SOAR, etc.) and a variety of other features that primed the ASM market for takeoff.
Meanwhile, Cyberint was busy pioneering the combination of attack surface management with threat intelligence, dark web monitoring, and brand protection capabilities into a single comprehensive external risk management solution. The ASM module was never seen as a single-purpose product, but as an essential component of a more powerful platform.
Historically, products focused on dark web monitoring and digital risk protection detected threats by monitoring the web for specific keywords. While these keywords could be anything—a brand name, a product name, or the name of an executive—in many cases, the keywords were simply web domains.
In other words, digital assets that could be discovered, inventoried, and monitored by an attack surface management tool.
For the engineering team at Cyberint, this made the integration of ASM with threat intelligence, brand protection, and dark web monitoring— other product categories viewed as distinct at the time—a rather natural progression. It wasn’t long before other vendors followed suit and developed along the same technological path that Cyberint forged.
The Lay of the Land: The ASM Market Today
After several years of development, plus more than a dozen acquisitions of ASM vendors, attack surface management is less commonly a standalone product and more frequently a single capability provided as part of a larger platform offering. While the discovery of shadow IT remains a valuable functionality, enterprise security teams are expecting more than that when they procure an ASM solution.
In many ways, the way we think of the “attack surface” is also much broader than the way we did 5+ years ago. Previously, most people thought of the attack surface as all the digital assets that an attacker could see and interact with from the public internet, including domains and IP addresses, plus all the software running on those assets.
Now, the attack surface is considered much larger, as other types of assets can be abused and leveraged in devastating cyber attacks.
- Brand Assets: Brand names and logos can be used in a variety of impersonation attacks, such as phishing sites that impersonate legitimate corporate websites, fraudulent social media profiles, and malicious apps that masquerade as an organization’s official applications.
- Corporate Credentials: Stolen credentials are consistently a top initial attack vector. If an employee uses a malware-infected personal device to access a corporate account, the corporate credentials can easily be harvested by an InfoStealer and sold on the dark web to ransomware gangs or other criminals.
- Applications: Attackers can exploit vulnerabilities in web apps and mobile apps, potentially leading to fraudulent activity, data leakage, or full compromise of the underlying infrastructure. It isn’t just the domains and IP addresses where the applications are hosted that need to be secured. Applications themselves can be attacked through the interface with attacks like SQL injection, cross-site scripting, file upload vulnerabilities, and many other techniques.
With this expanded conception of the attack surface, it makes sense that ASM is part and parcel of more robust products.
Solutions like Cyberint, otherwise known as Infinity External Risk Management, can continuously monitor, protect, and mitigate threats to the entire scope of the attack surface, including all the assets named above and much more.
Looking Ahead: What’s Next For ASM
Attack surface management has traditionally been defined by passive scanning and analysis of publicly accessible data, such as WHOIS data, DNS records, and responses received upon sending requests sent to internet-facing assets.
The next big hurdle for the ASM market is moving beyond this passive and OSINT approach to active scanning capabilities that automatically test assets for exploitability. It’s one thing to determine that unpatched software with a known CVE is running on an external digital asset. It’s another thing entirely to prove that the CVE can be exploited through automated techniques. This is where the ASM market is headed in 2025.
Infinity External Risk Management is continuing to demonstrate leadership with active exposure validation (AEV). AEV uses intelligent automation to test exposures for exploitability.
In other words, it doesn’t simply generate lists of passively-observed risks; it tells you which risks can actually be exploited by threat actors to breach your organization. Surfacing these urgent issues enables your team to stay two steps ahead of threat actors and remediate risks before they can be exploited.
Conclusion
Cyberint, a Check Point company, is honored to have been named a Leader and Outperformer in the recent GigaOm Attack Surface Management Radar report. Above all else, Cyberint is committed to meeting the needs of customers and providing a valuable solution that solves real pain points for enterprise cyber security teams.
Stay tuned for further developments to the Attack Surface Management module, as well as other components of the External Risk management solution, as we continue to innovate and lead in 2025 and beyond.