[vc_row][vc_column width=”1\/2″][vc_custom_heading heading_semantic=”p” text_font=”font-213936″ text_size=”h5″ text_height=”fontheight-843833″ uncode_shortcode_id=”708361″]Kriativ-tech Volume 1, Issue 11, Edi\u00e7\u00e3o N\u00ba 11 \u2013 14-12-2025[\/vc_custom_heading][vc_custom_heading heading_semantic=”h3″ text_size=”h3″]Authors[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_size=”” uncode_shortcode_id=”157696″]Ivo Ricardo Dias Rosa, Invited Assistant Professor, ISTEC Lisboa – Instituto Superior de Tecnologias Avan\u00e7adas Lisboa, Portugal
\n[\/vc_custom_heading][\/vc_column][vc_column width=”1\/2″][vc_custom_heading]Media[\/vc_custom_heading][vc_button button_color=”accent” border_animation=”btn-ripple-out” border_width=”0″ link=”url:http%3A%2F%2Fwww.kriativ-tech.com%2Fwp-content%2Fuploads%2F2025%2F12%2FArticle-Template_ISTEC_ASM.pdf|target:_blank” button_color_type=”uncode-palette” uncode_shortcode_id=”168807″]PDF[\/vc_button][vc_custom_heading heading_semantic=”h4″ text_size=”h4″]To cite this article[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_size=”” uncode_shortcode_id=”120781″]Ivo Ricardo Dias Rosa Attack surface management (ASM): Strategic pillar of modern cybersecurity operations<\/b>[\/vc_custom_heading][\/vc_column][\/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”1″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column column_width_percent=”100″ gutter_size=”0″ override_padding=”yes” column_padding=”1″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1\/1″][vc_custom_heading heading_semantic=”h3″ text_size=”h3″]Abstract[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_font=”font-213936″ text_size=”” text_height=”fontheight-843833″ uncode_shortcode_id=”129550″]In an increasingly dynamic digital landscape, the expansion of the attack surface has become one of the foremost challenges for modern cybersecurity. Traditional perimeter-based defense models are no longer sufficient in the face of distributed digital assets, widespread cloud adoption, and the proliferation of connected devices. In this context, Attack Surface Management (ASM) emerges as a strategic pillar, enabling organizations to adopt a proactive stance in identifying, monitoring, and mitigating cyber risks. This article explores the core principles of ASM, outlining key categories of the attack surface and addressing both EASM (External Attack Surface Management) and CAASM (Cyber Asset Attack Surface Management) approaches. Strategic benefits\u2014such as continuous visibility, integration with Security Operations Centers (SOCs), and risk-based prioritization\u2014are discussed, along with technical and operational challenges tied to ASM implementation. Practical use cases and performance indicators are presented to support effective exposure management. Ultimately, ASM is positioned as a cybersecurity maturity accelerator, essential for building a resilient and adaptive security posture aligned with regulatory demands and business continuity imperatives in an ever-evolving digital ecosystem.[\/vc_custom_heading][vc_empty_space empty_h=”2″][vc_custom_heading heading_semantic=”h3″ text_size=”h3″]Keywords[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_size=”” uncode_shortcode_id=”131333″]Attack Surface Management (ASM), External Attack Surface Management (EASM), Shadow IT, Threat Intelligence, Risk-Based Prioritization, Cybersecurity Maturity, CI\/CD Security, Security Operations Center (SOC), Exposure Management, Regulatory Compliance.[\/vc_custom_heading][\/vc_column][\/vc_row][vc_row][vc_column column_width_percent=”100″ gutter_size=”0″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1\/1″][vc_custom_heading heading_semantic=”h3″ text_size=”h3″]References[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_font=”font-213936″ text_size=”” text_height=”fontheight-843833″ uncode_shortcode_id=”586395″][1] M. C. Montoya, D. C. Yates, and P. N. Otto, \u201cManaging Your Digital Attack Surface,\u201d ISACA Journal, vol. 4, pp. 1\u20135, 2021.
\n[2] Gartner, \u201cMarket Guide for Attack Surface Management,\u201d Gartner Research, 2021.
\n[3] S. Adair and C. Hessel, \u201cSeeing Your Organization Through the Eyes of an Attacker,\u201d Dragos White Paper, 2020.
\n[4] ENISA, \u201cThreat Landscape for Attack Surface Management,\u201d European Union Agency for Cybersecurity, 2023.
\n[5] Palo Alto Networks, \u201cUnderstanding EASM: External Attack Surface Management,\u201d Palo Alto Whitepaper, 2022.
\n[6] Rapid7, \u201cInsightVM and ASM Integration Guide,\u201d Rapid7 Documentation, 2021.
\n[7] M. Curphey, \u201cDevSecOps and ASM Automation,\u201d OWASP Global AppSec, 2020.
\n[8] Trend Micro, \u201cASM with API-first Security Architecture,\u201d Trend Micro Blog, 2021
\n[9] BitSight, \u201cSecurity Ratings vs. Attack Surface Management: Understanding the Differences,\u201d BitSight Whitepaper, 2022.
\n[10] Randori, \u201cReal-Time Visibility with ASM,\u201d Randori Attack Surface Report, 2021.
\n[11] SecurityScorecard, \u201cHow Security Ratings Complement ASM,\u201d SecurityScorecard Insights, 2021.
\n[12] Recorded Future, \u201cDark Web Monitoring for ASM,\u201d Recorded Future Intelligence Report, 2020.
\n[13] Forescout Technologies, \u201cVisibility and Control of OT and IoT Assets,\u201d Forescout Whitepaper, 2022.
\n[14] IBM, \u201cZero Trust and Endpoint ASM,\u201d IBM Security Report, 2021.
\n[15] McAfee, \u201cShadow IT: A Growing Risk,\u201d McAfee Threats Report, 2020.
\n[16] SANS Institute, \u201cPrioritizing Risk in Attack Surface Management,\u201d SANS White Paper, 2022.
\n[17] FireEye, \u201cThreat Intelligence for ASM,\u201d FireEye Threat Research, 2021.
\n[18] Proofpoint, \u201cASM and Credential Phishing Trends,\u201d Proofpoint Quarterly Report, 2022.
\n[19] Splunk, \u201cASM Data in SIEM\/SOAR Workflows,\u201d Splunk Security Essentials, 2021.
\n[20] ISO\/IEC, \u201cISO\/IEC 27001:2022 – Information Security,\u201d ISO Standard, 2022.
\n[21] GitLab, \u201cShift Left with DevSecOps and ASM,\u201d GitLab DevSecOps Handbook, 2021.
\n[22] Gartner, \u201cContinuous Threat Exposure Management: A New Framework,\u201d Gartner Report, 2022.
\n[23] Tenable, \u201cManaging False Positives in ASM,\u201d Tenable Blog, 2021.
\n[24] Cisco, \u201cASM Integration Challenges,\u201d Cisco Cybersecurity Series, 2020.
\n[25] Forrester, \u201cThe Limits of Attack Surface Visibility,\u201d Forrester Consulting, 2021.
\n[26] Netskope, \u201cDiscovering Shadow IT Assets,\u201d Netskope Cloud Report, 2020.
\n[27] Check Point, \u201cIdentifying Shadow Cloud Instances,\u201d Check Point Research, 2021.
\n[28] OWASP, \u201cAPI Security Top 10,\u201d OWASP Foundation, 2023.
\n[29] Deloitte, \u201cCyber Due Diligence in M&A,\u201d Deloitte Insights, 2021.
\n[30] Bugcrowd, \u201cZombie Servers and Forgotten Assets,\u201d Bugcrowd ASM Report, 2022.
\n[31] Axonius, \u201cAsset Inventory Metrics for ASM,\u201d Axonius Tech Brief, 2021.
\n[32] Gartner, \u201cKPIs for ASM Platforms,\u201d Gartner Research Note, 2021.
\n[33] Mandiant, \u201cMeasuring Exposure Time in ASM,\u201d Mandiant Threat Report, 2022.
\n[34] ServiceNow, \u201cCMDB Integration with ASM,\u201d ServiceNow Whitepaper, 2021.
\n[35] Qualys, \u201cUnmanaged Asset Discovery in ASM,\u201d Qualys Whitepaper, 2021.
\n[36] NIST, \u201cCybersecurity Framework Implementation Tiers,\u201d NIST CSF, 2020.
\n[37] ISACA, \u201cBridging the Gap between IT and Security,\u201d ISACA Cyber Leadership Study, 2022.
\n[38] CrowdStrike, \u201cFeeding ASM with Endpoint Intelligence,\u201d CrowdStrike Tech Blog, 2021.
\n[39] Gartner, \u201cMaximizing ROI from ASM Investments,\u201d Gartner Strategic Planning Assumptions, 2021.
\n[40] Accenture, \u201cASM Maturity Assessment Framework,\u201d Accenture Cyber Strategy, 2022.
\n[41] Microsoft, \u201cASM and Adaptive Security Architecture,\u201d Microsoft Security Blog, 2022.
\n[42] World Economic Forum, \u201cCybersecurity Leadership and Communication,\u201d WEF White Paper, 2021.
\n[43] KPMG, \u201cCyber Resilience in a Digital World,\u201d KPMG Security Insights, 2022.
\n[\/vc_custom_heading][\/vc_column][\/vc_row]<\/p>\n","protected":false},"excerpt":{"rendered":"
[vc_row][vc_column width=”1\/2″][vc_custom_heading heading_semantic=”p” text_font=”font-213936″ text_size=”h5″ text_height=”fontheight-843833″ uncode_shortcode_id=”708361″]Kriativ-tech Volume 1, Issue 11, Edi\u00e7\u00e3o N\u00ba 11 \u2013 14-12-2025[\/vc_custom_heading][vc_custom_heading heading_semantic=”h3″ text_size=”h3″]Authors[\/vc_custom_heading][vc_custom_heading heading_semantic=”p” text_size=”” […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[72],"tags":[],"_links":{"self":[{"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/posts\/66544"}],"collection":[{"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=66544"}],"version-history":[{"count":1,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/posts\/66544\/revisions"}],"predecessor-version":[{"id":66546,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=\/wp\/v2\/posts\/66544\/revisions\/66546"}],"wp:attachment":[{"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=66544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=66544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kriativ-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=66544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}