SANS Attack Surface Management Survey 2025

This research report presents findings from the SANS Attack Surface Management (ASM) Survey 2025, which surveyed over 200 security professionals regarding their experiences and expectations with ASM solutions. The report outlines key findings, including that 55% of organizations expect their ASM to protect both internal and external assets, and 59% desire daily scanning of their environments. The survey highlights a significant gap in the effectiveness of current ASM platforms, with only 28% of respondents stating their platform effectively identifies sensitive files across the entire attack surface. The report discusses the importance of ASM in providing real-time visibility and bridging the gap between asset visibility and security effectiveness. It emphasizes the need for organizations to adopt comprehensive ASM solutions that integrate both offensive and defensive security methodologies. The findings indicate a shift towards a unified approach to asset management, reflecting the evolving landscape of cybersecurity threats and the necessity for organizations to enhance their security postures.