Cyber Asset Attack Surface Management (CAASM) provides visibility into attack surface of your organization to reduce & protect it.
cyber acid attack surface management or chasm technology is highlighted by Gartner in mid 2021 through their hype cycle
so in this video I will discuss what is the attack surface of cyber acids how these Chasm products operate and then benefits problem areas and certain recommendations for deploying Chasm products so the attack surface of your cyber assets comprises of all your fiber acids and the vulnerability is which are related to these acids and gas in the existing security controls
so calcium solution provides the visibility of your fiber acids and then the scope or impact of any vulnerabilities and then the Gap in security controls and this attack surface is vulnerable vulnerable for Attack by a hacker so you need to protect the attack surface of your cyber assets then coming over to the operations so Chasm Solutions automatically consolidate data from various existing products which are deployed in your organization and these products are already collecting the data added regulated to your assets for example the DHCP server so these product integrate uh with your existing security tools to passively collect data and normalize this data and they do it by using the application programming interfaces of your existing security tools or other products so these tools helps to visualize the coverage of your existing security tools and uh these Solutions also provide visibility into the acids for different users of your organization for example system Architects vulnerability management team and it administrator so you gain a visibility of existing controls and their gaps and overall security posture of your organization and the exposure of your existing assets in order to remediate any risk related to your fiber acids
so the certain benefits of chasms are that you can correct the existing assets record and moreover they can also produce the reports related to your security tools and assets and it also helps to produce quick compliance reports or audit reports no certain problem areas that first of all this Chasm solution can also be considered as another budget overhead and moreover sometimes these Solutions are very cost prohibitive due to their licensing model for example if the license is per asset
and then there are certain scalability issues that is you cannot uh for for a complex organization the single instance of a thousand solution is not sufficient so you have to deploy at multiple instances
and moreover uh your existing uh tools sometimes are too restrictive so they do not provide any application programming interfaces or apis so that these Chasm Solutions can integrate with these security tools moreover you sometimes you have deployed your record asset record systems and these record system do not allow third-party Chasm Solutions uh to make Corrections in their record
now further recommendations which are also by Gartner are the that first of all you should conduct the proof of concept pocs or you can also use free version of cutting Solutions before deploying a full-fledged product and moreover you have to build why you want to use the chasm solution so you have to establish the primary use cases for example either you want to have the visibility of all assets or vulnerabilities or gas in security controls
moreover you have to inventory the application programming interfaces of your existing Tools in order to understand the level of interoperability with custom Solutions
so the moreover you also have to consider the extension or usage of Chasm Solutions beyond your core security teams for example besides your Security operation Center you may extend the dashboard of your Chasm solutions to other it administrators or maybe system architects and before deploying any third-party product you should ask from your existing vendors that either they have a carrying solution or is there anything in their roadmap related to such solution because they already understand the limitation of your organization infrastructure so they can provide better guidance
so this was all moved from my side thank you
source
