DSPM, ASM, and ITDR: where exposure management still breaks down

TL;DR: SANS 2025 ASM Survey findings show only 28% of organisations can effectively identify sensitive files across their attack surface, while 89% expect risk quantification per asset and 55% want protection across internal and external assets, according to Netwrix-cited survey data. The security gap is no longer visibility alone: without data and identity context, exposure management cannot reliably separate noise from business risk.

NHIMG editorial — based on content published by Netwrix: DSPM, ASM, and ITDR: Building a Data-Driven, Exposure-Aware Security Strategy

By the numbers:

• Only 28% of organizations can effectively identify sensitive files across their attack surface.
• 89% expect risk quantification for each asset, but most platforms fall short.
• 55% need protection that spans both internal and external assets.

Questions worth separating out

Q: How should teams prioritise exposure remediation when ASM finds too many assets?

A: Teams should rank exposed assets by the sensitivity of the data they hold, the identities that can reach them, and whether those identities show suspicious behaviour.

Q: Why do exposure management programmes need identity context?

A: Exposure becomes dangerous when an identity can use it.

Q: What do security teams get wrong about ASM-only programmes?

A: They often assume visibility is the same as control.

Practitioner guidance

• Correlate ASM findings with data classification Join exposed asset inventories to DSPM labels so remediation starts with systems that contain regulated, crown-jewel, or business-critical data.
• Map identity paths to sensitive data Identify which service accounts, human admins, and machine identities can reach sensitive repositories through exposed assets and over-privileged access.
• Feed identity telemetry into exposure triage Use ITDR signals such as abnormal session activity, privilege changes, and lateral movement indicators to reprioritise exposure findings that show active abuse.

What's in the full article

Netwrix's full post covers the operational detail this analysis intentionally leaves for the source:

• Step-by-step DSPM workflows for classifying sensitive data across cloud and on-premises repositories
• Operational ASM guidance for correlating exposed assets with remediation priorities
• ITDR examples for detecting identity abuse, lateral movement, and malicious session activity
• Product-specific handling of Microsoft 365, SQL, Azure Files, and Active Directory use cases

👉 Read Netwrix's analysis of DSPM, ASM, and ITDR for exposure-aware security →

DSPM, ASM, and ITDR: where exposure management still breaks down?

Explore further

View Full Forum →  |  NHI Foundation Course →