Evolution Of Attack Surface Management
Security Boulevard, Friday, August 30th, 2024
While it was not called ASM, the concept of managing attack surface management began with basic asset management practices in the late 1990s and early 2000s.
Organizations focused on keeping an inventory of their digital assets, such as servers, desktops, and network devices. The primary objective was to maintain an accurate record of these assets to ensure proper configuration and patch management. This phase saw organizations grappling with an ever-increasing number of on-premises (later cloud), cyber-physical, and personally-owned assets, which expanded their attack surfaces.