Ask any CISO in any organization of any size: do you know your complete attack surface right now?
Not last quarter. Not at your last scheduled assessment. Right now - at this moment, including every cloud workload that spun up this morning, every SaaS application a team member adopted last week, every contractor device that authenticated to your systems yesterday.
In 22 years of working with enterprise technology teams, I have asked this question hundreds of times. Fewer than one in twenty security leaders can answer it with genuine confidence. The rest give one of three answers: a qualified yes that falls apart under follow-up questions, an honest no, or a reference to their CMDB - which is where the real problem of attack surface management lives.
Why CMDBs Fail at Attack Surface Management
CMDBs were built for IT service management. For tracking assets through procurement and lifecycle processes. They were not built for the cloud era. They were absolutely not built for the ephemeral workloads - containers, serverless functions, auto-scaling compute, that now make up a significant fraction of every enterprise's actual attack surface. These workloads appear and disappear in minutes. No change request was ever filed. No CMDB entry was ever created. They are part of your attack surface and they are invisible to your asset management process.
I use a simple analogy when I talk to security leaders about this. A CMDB is a photograph of a river. It was accurate when it was taken. The river has moved since. In a cloud-native enterprise, the river moves every hour. A photograph you update quarterly is not true attack surface management. It is a delayed record of a reality that no longer exists.
This gap matters more than almost anything else in security, because everything downstream depends on it. Threat detection without asset context is pattern matching in the dark. Controls management without a current asset inventory is theater. Risk prioritization without knowing what you actually have is guesswork dressed up as a process.
At Netenrich, we built the Resolution Intelligence CloudTM on the conviction that asset and entity intelligence has to be operationalized directly into the security data platform - not managed in a separate system and queried through API calls. Every asset, every entity, every connection, every ephemeral workload - a native, continuously updated participant in the unified data model, available in real time for every analytical and inference workflow.
A Continuous Approach to Asset Intelligence
This is the first question in our A.C.T. framework: Assets (Think Attack Surface). Not threats. Not controls. Assets first. Because without knowing exactly what you are protecting, in its current state, your entire strategy for attack surface management is working with incomplete information.
The question is not a gotcha. Most security leaders are genuinely trying to solve this problem with the tools they were given. The point is that the tools - static CMDBs, periodic assessments, manual inventory processes, were designed for a world that no longer exists.
The world has changed. The approach to asset intelligence has to change with it.
*Part of my ongoing series on data science and the future of security operations.*
About the Author
.webp?width=30&name=Raju%20(1).webp){kind=small}
Raju Chekuri: 07/05/2026
