3 Important Ways Attack Surface Management Must Evolve

For the second time in a row, Bitsight has been named an Overall Leader in the KuppingerCole Leadership Compass for Attack Surface Management (ASM)—and it’s not just a title. The report offers a deep dive into how organizations are using ASM to get ahead of cyber threats by proactively managing their digital risk. It benchmarks vendors across a wide range of capabilities, and Bitsight earned high marks and garnered leadership positioning in every category: Product Leader, Innovation Leader, Market Leader, and Overall.

If you’re grappling with a growing threat landscape and increasing threat complexity, you already know attack surface management is no longer optional. It’s a core component of any modern threat exposure management or enterprise cyber risk strategy. The KuppingerCole report underscores this shift, emphasizing the need for continuous, automated, and risk-prioritized exposure reduction.

Bitsight’s recognition highlights our strength in doing exactly that—with standout capabilities in external asset discovery, integrated threat intelligence, and risk-based prioritization. In other words, we help you detect and prioritize what matters most, so you can act faster and reduce your risk more effectively.

“Given the regular changes, patches, and updates to assets, devices, resources, hardware, and software, as well as the increasingly complex digital supply chains that extend beyond third parties, organizations need a continuous approach to threat intelligence collection and correlation, risk discovery, and proactive monitoring of their IT infrastructure,” wrote Osman Celik, KuppingerCole analyst and author of the Compass report.

To get a full breakdown of the report, check it out with a free download here. 

Attack surface benchmarks continue to evolve

The prevailing theme of this year’s report was one of growing maturity. The last iteration of this study emphasized the emerging nature of ASM in 2023, and KuppingerCole analysts only required eight of the most baseline features as part of their benchmarking. This year’s analysis reflects the robust native features that an ASM platform needs to deliver in 2025, with almost double the features required and a lengthening list of capabilities that should also be built-in or achieved through integration. 

That’s why we’ve built our solutions to deliver on this vision with a cohesive ASM platform that stays ahead of its peers. Not only do Bitsight Exposure Management solutions deliver on External Attack Surface Management (EASM)—which was identified by analysts as the earliest hallmarks of proactively reducing attack surfaces—but they also bring significant capabilities in three key areas that analysts say are crucial to ASM’s future.

1. More emphasis needed from ASM on cyber threat intelligence (CTI).

We recognized the fundamental role that cyber threat intelligence (CTI) and threat context play in powering the insights and risk prioritization delivered by ASM. This is why Bitsight invested in the acquisition of CTI leader Cybersixgill last year and has diligently worked to integrate its threat intel capabilities into our portfolio. 

Because staying ahead of cyber threats is no small task. Every day, we gather over 7 million intelligence signals from more than 1,000 sources across the clear, deep, and dark web in Bitsight Cyber Threat Intelligence—giving you a sharper view of what’s happening around your organization’s attack surface. From uncovering hidden exposures to identifying which ones attackers are most likely to target, we provide the context you need to act. And with prioritized, actionable reporting and built-in automation, you can move faster from insight to response.

2. Third-party risk management (TPRM) is no longer a nice-to-have ASM capability.

Bitsight has a long and storied history of third-party risk management (TPRM) excellence and understands how crucial TPRM is in extending visibility and control over the attack surface exposed by digital supply chains. This latest Leadership Compass report noted that TPRM is now a crucial component of ASM and that solutions need to be able to assess, monitor, and mitigate risks from third-party providers. This continues to be a core competency for Bitsight. We remain committed to helping organizations continuously monitor and take swift action on risks across third-, fourth-, and even nth-party relationships. 

Moreover, our proprietary Dynamic Vulnerability Exploit (DVE) score, powered by Bitsight Cyber Threat Intelligence, adds another layer of insight by predicting the likelihood of vulnerability exploitation using unique threat data. With integrated threat intelligence directly into third-party risk visibility, cross-functional teams can operate on a more unified toolkit and foster stronger collaboration across the organization 

3. ASM needs a full range of Digital Risk Protection (DRP) visibility.

In addition to EASM, CAASM, and TPRM, KuppingerCole brought forward digital risk protection (DRP) as the fourth and final major category of ASM. DRP extends attack surface visibility and mitigation into dark web exposures, credential stealing, brand impersonation attacks, and data leaks on unmonitored parts of the internet. The investments Bitsight has made to integrate CTI into our Exposure Management solutions provides significant DRP-type capabilities, including dark web monitoring and identity intelligence that helps security teams detect compromised credentials and prevent unauthorized access—significantly reducing the risk to their extended attack surface. These new capabilities are strongly compounded with services that enable a multitude of actionable steps including take-down and leaked credential purchases. 

ASM: A critical component of modern cyber risk management

Our ultimate goal is to help customers prioritize exposure across their extended digital ecosystem. The combination of Bitsight’s EASM, CTI, and TPRM capabilities gives you insights into where your organization’s biggest risks lie—whether internally, in the supply chain, or hiding on the dark web—and the actionable advice and automation to mitigate. Beyond that, Bitsight makes it possible to clearly tell the story of your security posture to stakeholders, insurance providers, and regulators through comprehensive governance and risk reporting.

To learn more, download the 2025 KuppingerCole Leadership Compass for ASM.