In preparing the Horizon Report “Automating Defense: Implementing Continuous Discovery and Validation,” the Stratascale Innovation Labs team assessed 41 companies to evaluate different approaches to enabling key components of an automated attack surface management (ASM)/continuous validation (CV) strategy.
Vendor identification isn’t included in Horizon Reports, but there is ongoing interest in understanding which vendors might be positioned to support a strategy or specific function – and in that spirit, we decided to share our observations regarding “vendors to watch, know, understand” in the ASM/CV space. The initial list of 41 reflected input from the four authors of the report (Michael O’Neil, Joseph Karpenko, Michael Wilcox and Ryan Benson) and from a variety of external sources, notably Vation Ventures, which tracks investment trends across technology segments.
Please note that while Stratascale has assembled this list as a starting point for companies that are looking for sources of attack surface management and continuous validation (ASM/CV) and related solutions/capabilities, no recommendation or warranty is implied by the inclusion of any vendor within this report.
The ‘long list’ of 41 vendors that have established relevant ASM/CV market positions includes firms active in one or more of six different competitive markets: Attack Surface Management (ASM), External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), Threat Intelligence (TI), Continuous Automated Red Teaming (CART) and IT Asset Management (ITAM). This initiative yielded a set of suppliers that provide diverse capabilities, addressing a wide range of threats that are inherent in today's evolving, increasingly-complex digital business environments.
These suppliers were then reviewed from our customers’ perspectives. Stratascale serves (broadly) Fortune 1000 companies, and these large organizations require a combination of solutions, tools and third-party support for integrating and managing the ASM/CV function. In our experience, enterprises looking at potential suppliers consider:
Each of the 41 long list firms has established a position that connects their discrete capabilities with client needs; these capabilities may be an ideal fit for your business.
If you are seeking a starting point, Stratascale recommends that readers begin their investigation with the following vendors. Brief observations from Stratascale experts are included in quotes to provide context.
Multiple vendors included in this report offer deep capabilities for specific use cases and should be considered if their focus overlaps with a discrete requirement. These vendors, with brief descriptions of their focus areas (drawn from Vation/vendors), include:
In addition to the firms listed above, Stratascale’s research scope included Alphawave (acquired by LookingGlass in 2021), Balbix, BinaryEdge (acquired by Coalition in 2020), Bishop Fox, Bitdefender, Black Kite, CTM360, CyberInt, Cyberpion, ImmuniWeb, Intrigue, IntSights, Netsparker, Order, Reposify, RiskLens, SpyCloud and Sweepatic. Readers might also look to vendors such as Cisco Systems, FireEye, Mandiant, Microsoft, and Palo Alto Networks, which may incorporate needed ASM, EASM, DRPS, TI, CART and/or ITAM capabilities within their portfolios. These vendors were not included in the Horizon Report evaluation, but may meet the needs of specific buyers, particularly those with existing investments in one or more of these vendors.
Stratascale brings a unique combination of expertise, solution depth and vendor relationships and insight to the cybersecurity market. Readers seeking support for the Attack Surface Management and Continuous Validation (ASM/CV) function are encouraged to contact their Stratascale Account Executive.