The modern enterprise attack surface doesn’t just include resources within a ring-fenced network, but in all apps and services, traversing through the cloud and networks’ edge. That includes email, too.

Today, email and brand protection provider Red Sift announced it has acquired attack surface management (ASM) provider, Hardenize, after Red Sift raised $54 million in series B funding earlier this year in an attempt to include email under the banner of the attack surface.

As a solution, the Red Sift Platform provides inbound and outbound email protection, blocking email impersonation attacks, while enabling users to take down lookalike domains, and with Hardenize’s technology, to control risks targeting other internet-facing assets.

The acquisition will enable Red Sift to enhance its existing email security solutions, not just protecting an organization’s email environment, but also expanding to protect the wider assets and infrastructure, to help organizations understand their critical attack surface. 

Bringing email under the banner of attack surface management

Red Sift’s acquisition highlights that the attack surface continues to grow, to the point where siloed and disjointed security tools aren’t enough to protect modern enterprises from threat actors.

This appears to be something that enterprises are well aware of, with research showing that external attack surface management is the number one investment priority for large enterprises in 2022.

When considering that 7 in 10 organizations have been compromised via an unknown, unmanaged, or poorly managed internet-facing asset in the past year, it’s clear that protecting internet-facing assets is a pain point for many companies.

“This move gives us the capability to do more for cybersecurity than we ever have before, elevating the breed of solution available to enterprise businesses for full attack surface management and resilience,” said Red Sift founder and CEO, Rahul Powar. 

By acquiring Hardenize, Red Sift is attempting to bring email security under the banner of attack surface management. It’s an approach that Powar believes will enable “enterprise customers to see their full attack surface, solve the issues at hand, and secure their valuable assets in an ever-evolving threat continuum.” 

The attack surface management market 

The attack surface management market falls loosely within the broader purview of the security and vulnerability management market, which researchers valued at $13.8 billion in 2021, and anticipate will reach $18.7 billion by 2026, as more organizations look to eliminate potential entry points into their environments. 

Out of the attack surface management vendors making waves, one of the most significant is Randori, which was acquired by IBM earlier this year for an undisclosed amount. 

Randori’s platform is cloud based and automatically begins identifying assets like services, IPs, domains, networks and hostnames, and provides security teams with an accurate risk assessment. 

Another key player in the market is CyCognito, which raised $100M in series C funding in December 2021. CyCognito’s platform can automatically discover assets while offering contextualized risk mapping so that users can accurately understand their environment’s risk posture. 

The key differentiator between Red Sift and these competitors is that it now adds email to the external attack surface. 

“We believe the market has missed an opportunity to include one of the greatest attack vectors there is — email — into its traditional definition of ASM. By acquiring Hardenize and incorporating their ASM capabilities into our existing email- and domain-security focused platform, we have an opportunity to start a new conversation,” Powar said.