Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

DSPM, ASM, and ITDR: where exposure management still breaks down


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: SANS 2025 ASM Survey findings show only 28% of organisations can effectively identify sensitive files across their attack surface, while 89% expect risk quantification per asset and 55% want protection across internal and external assets, according to Netwrix-cited survey data. The security gap is no longer visibility alone: without data and identity context, exposure management cannot reliably separate noise from business risk.

NHIMG editorial — based on content published by Netwrix: DSPM, ASM, and ITDR: Building a Data-Driven, Exposure-Aware Security Strategy

By the numbers:

Questions worth separating out

Q: How should teams prioritise exposure remediation when ASM finds too many assets?

A: Teams should rank exposed assets by the sensitivity of the data they hold, the identities that can reach them, and whether those identities show suspicious behaviour.

Q: Why do exposure management programmes need identity context?

A: Exposure becomes dangerous when an identity can use it.

Q: What do security teams get wrong about ASM-only programmes?

A: They often assume visibility is the same as control.

Practitioner guidance

  • Correlate ASM findings with data classification Join exposed asset inventories to DSPM labels so remediation starts with systems that contain regulated, crown-jewel, or business-critical data.
  • Map identity paths to sensitive data Identify which service accounts, human admins, and machine identities can reach sensitive repositories through exposed assets and over-privileged access.
  • Feed identity telemetry into exposure triage Use ITDR signals such as abnormal session activity, privilege changes, and lateral movement indicators to reprioritise exposure findings that show active abuse.

What's in the full article

Netwrix's full post covers the operational detail this analysis intentionally leaves for the source:

  • Step-by-step DSPM workflows for classifying sensitive data across cloud and on-premises repositories
  • Operational ASM guidance for correlating exposed assets with remediation priorities
  • ITDR examples for detecting identity abuse, lateral movement, and malicious session activity
  • Product-specific handling of Microsoft 365, SQL, Azure Files, and Active Directory use cases

👉 Read Netwrix's analysis of DSPM, ASM, and ITDR for exposure-aware security →

DSPM, ASM, and ITDR: where exposure management still breaks down?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Exposure management fails when organisations treat assets, data, and identities as separate control problems. ASM can show where systems are reachable, but it cannot tell defenders what is actually sensitive or which identities can abuse the path. That separation creates a governance blind spot because prioritisation remains asset-centric instead of risk-centric. The practitioner implication is that correlation, not inventory volume, determines whether exposure management reduces risk.

A few things that frame the scale:

  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
  • A separate finding shows that 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.

A question worth separating out:

Q: How can organisations tell whether DSPM, ASM, and ITDR are working together?

A: They should see fewer high-risk findings left untriaged, faster containment of suspicious identities near sensitive data, and remediation decisions based on exposure plus data sensitivity rather than asset counts alone. If each tool produces its own queue, the programme is still fragmented. The signal of maturity is one shared prioritisation model.

👉 Read our full editorial: DSPM, ASM, and ITDR show why exposure management needs identity context



   
ReplyQuote
Share: