While this report deals primarily with ASM rather than continuous discovery and validation, the authors selected the title purposefully. ASM is a critical management issue today, one that enables cybersecurity leaders to "say yes" to the business by establishing a security posture that aligns with the volatile business, technology, and threat landscapes. However, given the pace of change and the constraints that apply to real-world security operations, leaders cannot achieve this goal without the intelligent use of automation across the ASM process.
There will be no deceleration in management appetite for data and control. There will be no reversal of emphasis on digital business, extending to remote work and online customer interaction. There will be no slowdown in the use of DevOps to create products and features that provide even temporary advantage in dynamic competitive environments. And there is no real prospect of relief from an attacker community that is profitable, organized, and armed with cutting-edge tools and discomforting levels of insider information and access.
Cybersecurity professionals need to stay abreast of rapid, unpredictable change in business expectations, internal technology requirements, and external threat actors. A sound, long-term approach to ASM/CV will support the agility needed by every business as they look past technology and security constraints towards delivering greater value to their markets.
