In the world of cybersecurity, you can’t secure something if you don’t know it’s there.
Enter cybersecurity asset management, an admittedly unsexy fragment of the booming industry that investors have shown an ever-increasing appetite for over the past 18 months.
The cybersecurity industry experienced what is being hailed by some as a “golden year” — funding for cyber startups climbed by 138% to $29.5 billion in 2021 and M&A activity skyrocketed by more than 294% to $77.5 billion. And those focused on securing an organization’s internet-facing assets have received more attention than most.
Over the past 12 months alone, Sternum, a Tel Aviv-based startup that provides real-time asset management for internet-connected devices, raised $27 million; Censys, a search engine for networked devices, secured $35 million; JupiterOne, a platform that helps companies see all of their digital and cloud assets, raised $19 million; and Axonius, which lets organizations manage and track computing-based assets, bagged $100 million.
Big-name tech giants clearly see the value in this often-overlooked area of the industry, too. Microsoft spent $500 million in July to acquire RiskIQ, a company that provides visibility into what assets, devices and services can be accessed outside of a company’s firewall, describing the takeover as a “powerful” addition to its portfolio.
Assets, assets everywhere
While asset management was once the concern of in-house IT teams managing on-premise hardware, it has evolved to warrant the purview of the chief information security officer and is the backbone of any effective cybersecurity strategy.
Asset management is a foundational challenge for security leaders, and the transformation we’ve seen with modern digital infrastructure has created a renewed impetus to fix it. Shawn Cherian
That’s because, in order to effectively address security issues, enterprises need a comprehensive and reliable inventory of their internet-facing assets. Once comprised of PCs and servers, the pandemic-induced digital shift means that organizations have increasingly diverse assets and more platforms in place than ever before — from operational technology systems and Internet of Things (IoT) devices to company-owned and cloud-based services.
The proliferation of new asset types, along with the widespread shift to remote work, has resulted in assets becoming more highly distributed, making them even more difficult to manage and inventory.
“Asset inventory has historically been a challenge when workforces were physically sitting in company offices and on company networks,” Paul Baird, chief technical security officer at security and compliance giant Qualys, told TechCrunch. “With the pandemic solidifying a new normal of either fully remote or hybrid working approaches, the complexities surrounding asset inventory have only increased in difficulty.”