Attack surface management (ASM) is a growing and continuously innovating market space. But how accessible are these tools to smaller orgs? Are operational maturity and a bigger security budget generally seen as barriers to succeeding with ASM?
To explore emerging ASM use cases for companies of all sizes, a recent episode of The Virtual CISO Podcast features David Monnier, Chief Evangelist and Fellow at Team Cymru. Pivot Point Security CISO and Managing Partner, John Verry, is the podcast host.
A mid-market target
Because their offerings combine automation with expert human guidance, Team Cymru generally targets mid-market and enterprise customers. Their Pure Signal Orbit solution is “definitely appropriate for medium-sized businesses” right now because it employs this hybrid onboarding approach.
“We hope to get [Orbit] worked out to where small businesses can just plug right in and go,” clarifies David. “But there’s still a fairly extensive learning project that happens at the beginning of [an engagement]. So, for right now we’re scaling it to medium and up.”
Team Cymru’s Pure Signal Recon product has been on the market longer, but it requires experienced staff to make the best use of its capabilities.
“A deeper analytical effort does tend to require a more mature team,” continues David. “A team that has a threat hunter on it, those types of folks tend to be in the Global 1,000 or something like that.”
Are there plans to support SMBs?
Team Cymru is currently working to create a version of their Pure Signal Orbit solution for SMBs.
“What we’re focusing on is lowering that curve at the beginning of the [onboarding] process, that analytical discovery effort, and trying to make better use of some other machine learning methodologies,” David states. “There are some methodologies that you can use to automate discoverability—and I’m not just talking about crawling an IP space…”
To hear the podcast with David Monnier in its entirety, click here.
Interested in another cutting-edge viewpoint on attack surface management? You’ll appreciate this thought leadership from NopSec’s CTO: NopSec’s Vision for Attack Surface Management