My Qualys attack surface management study, covered by SecurityBrief

I authored a Qualys-sponsored study on attack surface management, surveying more than 200 cybersecurity professionals about how they actually run ASM today. SecurityBrief Australia has now covered it in Qualys study calls for unified attack surface management.

The short version: organizations are moving away from fragmented, reactive security toward integrated risk management, and the expectations people place on an ASM platform have grown well beyond “find my external assets.”

A few of the findings that stood out:

None of this surprises me, but it is good to see it in the numbers. The theme throughout is consolidation: continuous visibility, business-contextual prioritization, and increasingly AI-driven response, brought together instead of scattered across disconnected tools.

You can read SecurityBrief’s write-up here. iTWire also covered it, framing the shift well in New SANS survey finds attack surface management is evolving from severity scores to business-aligned risk operations.