ASM strategies to protect digital assets

Attack surface management (ASM) has seen significant growth in recent years, evolving into a recognised market category that provides businesses with the visibility and strategies needed to safeguard their digital assets, reports Kyle Pillay, security as a service manager at Datacentrix

As Forrester’s Attack Surface Management Solutions Landscape, Q2 2024 notes, ASM “delivers insights on assets that ultimately support business objectives, keep the lights on, generate revenue, and delight customers.”

At its essence, ASM involves continuously discovering, identifying, inventorying, and assessing the exposures of an organisation’s IT asset estate, a foundational step in maintaining a strong security posture.

Knowing your environment

Fundamentally, ASM helps organisations ‘know your environment’, highlighting gaps in defenses before attackers can exploit them.

Every threat actor or hacker begins with reconnaissance, mapping out your external-facing assets. This is why External Attack Surface Management (EASM) exists: it concentrates on what attackers can see. Without viewing your environment through this external lens, organisations cannot know which access points are visible or exploitable, leaving them unable to proactively detect or prevent threats before incidents occur.

First steps in protecting your attack surface

The first step in ASM is identifying external-facing touchpoints such as public IPs and domains. For instance, you might recognise your primary domain (e.g., mydomain.co.za), but visibility into similar domains, like mydomain.com, mydomain.net, mydomain.tech, or mydomain.ac.za, is also crucial. These can be targeted for domain squatting or cybersquatting, where attackers exploit similar names to mislead users and enable phishing attacks.

A strong ASM solution not only maps your current footprint but also identifies domains worth securing before malicious actors register them.

If a deceptive domain is registered, like mydomain-tech.co.za, you need an effective takedown process. International domain takedowns can be complex, requiring a partner capable of legally liaising with registrars across jurisdictions. With the right procedures and partnerships, such domains can often be removed within four to eight hours, limiting potential damage.

Keeping pace with today’s infrastructure

One of ASM’s biggest challenges is keeping up with the rapid growth and sprawl of modern IT environments. While multiple tools exist, none fully match the speed of change, even as vendors iterate frequently, often in weekly development sprints, to maintain relevant detection capabilities.

Beyond speed, perspective matters. While an organisation may have visibility from one viewpoint, attackers do not limit themselves to a single angle. To defend effectively against modern threats, you need to view your environment as attackers do and understand vulnerabilities exploitable from within. This is where distinguishing between external and internal ASM becomes crucial.

External ASM (EASM) focuses on publicly exposed digital assets, whereas internal ASM addresses vulnerabilities inside the network. Internal ASM uses network exposure activity tools to simulate real-world attack techniques, often following frameworks like MITRE ATT&CK, to identify weaknesses from the inside. These simulations test whether known attack methods bypass security controls, whether sensitive data can be exfiltrated, whether passwords are weak or compromised, and if lateral movement within the network is possible.

Combining internal and external ASM provides a more accurate view of your security posture, allowing organisations to close gaps before exploitation.

Making the business case for ASM

Cost is often a concern with ASM investments, but when weighed against the reputational and financial impact of a breach, or the risk of sensitive data appearing on the dark web, the case for prevention is clear.

The reality is simple. Without a combination of internal and external ASM, organisations remain essentially blind to vulnerabilities. The ability to identify, monitor, and remediate gaps before adversaries exploit them has become a business imperative.

MultiChoice strengthens Africa’s digital ecosystem, protecting creative content and customer data through advanced cybersecurity solutions

Cybersecurity has evolved from a technical necessity to a core pillar of trust, business continuity, and safe digital experiences

For MultiChoice, Africa’s leading video entertainment company, protecting both customer data and the creative works at the heart of its business is a top priority. In an increasingly connected environment, threats such as phishing, ransomware, and piracy continually evolve, posing risks not only to corporate systems but also to the creative content that drives Africa’s entertainment economy.

To address these challenges, MultiChoice invests heavily in advanced cybersecurity systems, global best practices, and strategic partnerships. The company’s dedicated cybersecurity and information security teams monitor digital threats around the clock, ensuring data integrity and maintaining a secure environment for millions of customers across the continent. These efforts demonstrate that cybersecurity is not just about defending networks; it is also about protecting intellectual property and the creative output that fuels Africa’s storytelling industry.

A major area of focus for MultiChoice is combating piracy, one of the most persistent threats to the sustainability of local content. Piracy undermines creators, producers, and investors by depriving them of rightful earnings. To tackle this, MultiChoice has partnered with global leader Irdeto, a specialist in digital platform cybersecurity. Together, they have developed cutting-edge anti-piracy technologies capable of detecting, disrupting, and removing illegal content distribution networks in real time.

Beyond technology, MultiChoice collaborates closely with law enforcement to bring perpetrators to justice. Several operations have successfully dismantled piracy syndicates, leading to arrests and reinforcing the company’s commitment to defending Africa’s creative economy. Through these measures, MultiChoice is setting a benchmark for content protection across the continent, safeguarding intellectual property while supporting the growth of local creative industries.

Cybersecurity Awareness Month serves as a timely reminder that protecting digital assets, whether personal data or creative content, is a shared responsibility. MultiChoice continues to champion this mission by fostering a culture of awareness, innovation, and collaboration. By integrating advanced cybersecurity technologies, partnering with global experts, and actively supporting law enforcement efforts, the company ensures that African creativity is both respected and secure.

MultiChoice’s ongoing initiatives, from monitoring threats to combating piracy, reflect a broader mission: “to create a secure, trusted, and sustainable digital ecosystem where African creativity can thrive.” In doing so, the company not only protects its platforms and customers but also empowers the continent’s creative industry, ensuring that local storytellers, producers, and innovators can flourish in a safe and resilient digital environment.

NETSCOUT’s report shows Morocco, Tunisia, Libya, and Algeria facing intensifying DDoS threats on telecoms in early 2025

NETSCOUT SYSTEMS, INC., a leading provider of observability, AIOps, cybersecurity, and distributed denial of service (DDoS) protection solutions, has released its latest global threat intelligence report highlighting the intensification of DDoS attacks across North Africa

The study shows that telecommunications operators, both wired and wireless, were the primary targets in Morocco, Tunisia, Libya, and Algeria during the first half of 2025.

Northern Africa by the numbers

Morocco registered more than 75,600 DDoS incidents, making it the second highest in Africa for attack volume after South Africa. Tunisia experienced the continent’s longest single DDoS campaign, lasting nearly seven hours (418.68 minutes), while also recording the highest bandwidth peak at 756.61 Gbps. Libya faced the second-longest single attack in the region at 242.6 minutes, with the highest attack complexity recorded, involving 23 vectors in one incident. Algeria, although recording fewer attempts (186), still endured significant threats, with peaks of 432.02 Gbps in bandwidth and 41.05 Mpps in throughput.

“Across the region, threat actors consistently targeted the telecommunications sector, unleashing high-volume, multi-vector attacks that disrupted connectivity and threatened service reliability,” commented Bryan Hamman, regional director for Africa at NETSCOUT. “Overall though, the results show an interesting mix of results when compared to our last Threat Intelligence Report, which looked at the second half of 2024.

“For example, Morocco continues to lead North Africa in the number of DDoS strikes sustained, with the country’s attack count rising from around 69,800 to over 75,600. Tunisia shifted from higher volumes - just short of 8,700 in 2H 2024 - to fewer attacks at 6,346 between January and July 2025, but contrastingly with record-breaking peaks in bandwidth and duration.

“Libya, however, more than doubled its attack volume, from just over 1,600 to nearly 3,750 incidents. Algeria saw fewer events but continued to face severe peak magnitudes.”

DDoS activity across the region

In Morocco, the majority of attacks targeted wireless telecommunications carriers, with 64,517 incidents. Wired providers followed with 1,342 incidents, along with research and development organisations in Social Sciences and Humanities (53), and shoe retailers (41). Common vectors included TCP ACK, DNS amplification, and SYN/ACK amplification. The largest recorded attack in the country reached 158.88 Gbps in bandwidth and 17.74 Mpps in throughput.

Tunisia’s attacks primarily struck wired telecommunications providers, with 5,288 incidents, followed by wireless carriers and the hospitality sector (excluding casino hotels and motels). Despite a lower number of attacks compared with 2H 2024, Tunisia endured the largest single DDoS assault in North Africa, with peaks of 756.61 Gbps and 49.51 Mpps, and an aggregate surge hitting 27 Tbps in April 2025. The average duration of attacks also increased substantially, exceeding 400 minutes in some cases.

In Libya, although peak bandwidths were smaller at 113.15 Gbps, attackers deployed 23 different vectors in a single incident — the most complex attack in the region. Wireless telecommunications providers were the primary targets, with 2,519 attacks, but unusual attempts against gasoline stations were also recorded.

Algeria reported 186 DDoS incidents in 1H 2025, the lowest among the four countries. However, the scale of attacks was significant, with peaks hitting 432.02 Gbps. Both wired and wireless telecommunications operators were the main targets, with DNS amplification identified as the most common attack method.

“North Africa is a prime example of how rapid digital growth attracts malicious activity,” adds Hamman. “The first half of 2025 shows that attackers are not only increasing their volumes in countries like Morocco, but are also using more sophisticated multi-vector methods in Libya and high-magnitude events in Tunisia. Even Algeria, with relatively fewer incidents, cannot ignore the scale of its largest attacks.

“The lesson is clear: organisations must prepare for the scale and sophistication of today’s threats,” he concluded.

NETSCOUT maps the DDoS landscape through passive, active, and reactive vantage points, providing unique visibility into global attack activity. The company protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic exceeding 800 Tbps in the first half of 2025. It tracks tens of thousands of daily DDoS attacks by monitoring multiple botnets and DDoS-for-hire services that exploit millions of compromised devices.

Enhanced CWS boosts hybrid multicloud protection

Kaspersky has unveiled an upgraded version of its Kaspersky Cloud Workload Security (CWS) platform, offering enhanced protection for hybrid and multicloud environments

The update addresses the increasing complexity of cloud infrastructures by improving visibility, strengthening runtime defense for containers, and providing organisations with a more flexible, cost-efficient approach to safeguarding workloads.

As cloud infrastructures grow, security challenges continue to pose significant risks. In a research paper titled ‘Alleviating cloud migration difficulties with robust hybrid-cloud and container security’, Kaspersky and ISG found that 60% of surveyed organisations rank monitoring and proactively preventing runtime misconfigurations of cloud assets among their top five concerns regarding current cloud security solutions. The latest updates in CWS aim to help organisations stay ahead of evolving cyberthreats.

Kaspersky Cloud Workload Security consists of two core products: Kaspersky Container Security (KCS) and Kaspersky Hybrid Cloud Security (KHCS). The updated KCS introduces node OS vulnerability scanning and file threat protection, extending runtime security across both nodes and orchestrators. Organizations can now enhance network connection reputation data by integrating their own vulnerability feeds alongside NIST’s and Kaspersky’s databases, providing tailored intelligence that reflects their unique threat landscape.

Operational transparency is also improved with detailed logging of changes in RBAC (Role-Based Access Control) cluster objects. Incident response is more agile thanks to support for WebHooks, enabling data sharing with compatible software even without direct integration. Additionally, KCS now supports Microsoft Azure Registry and Google Cloud Platform Kubernetes & Registry, allowing organizations to secure workloads across a broader set of platforms.

Security policies, including Assurance, Runtime, and Response, have been expanded to deliver higher detection rates and greater flexibility, ensuring protection aligns with both business priorities and regulatory requirements.

In tandem with this release, the Light Agent in Kaspersky Hybrid Cloud Security has been enhanced. The solution now leverages Kaspersky Endpoint Security for Windows (12.10) and Kaspersky Endpoint Security for Linux (12.3) as light agents, improving integration and overall security capabilities in hybrid environments.

The update addresses common customer challenges, including cloud security blind spots, rising infrastructure costs, regulatory compliance pressures, and the limitations of traditional endpoint and open-source solutions in protecting multicloud workloads. By combining advanced automation with rich contextual intelligence, Kaspersky helps enterprises maintain resilience while meeting both business and compliance objectives.

"With the latest updates to Kaspersky Cloud Workload Security, we're continuing to push the boundaries of cloud security, providing our customers with the most comprehensive and robust protection available," commented Anton Rusakov-Rudenko, senior product marketing manager, cloud & network security product line at Kaspersky. "Our goal is to empower businesses to take full advantage of the cloud's potential, without compromising on security. With these updates, we're helping our customers to stay one step ahead of emerging threats and maintain the highest levels of security and compliance in their cloud infrastructure."