Webinar Announcement: 'Is Once-a-Year Vulnerability Diagnosis Enough for External IT Assets Like Websites and VPNs?'
GMO Cybersecurity by Ierae will host a webinar focused on vulnerability management for external IT assets. Addressing the limitations of annual assessments, the session introduces Attack Surface Management (ASM) for continuous monitoring and automated asset discovery to eliminate blind spots. It will demonstrate practical operations using their domestic ASM tool, 'Net-de-Shindan ASM'.
📋 Article Processing Timeline
- 📰 Published: June 5, 2026 at 18:00
- 🔍 Collected: June 5, 2026 at 09:20
- 🤖 AI Analyzed: June 5, 2026 at 14:35 (5h 14m after Collected)
## Cyber Attacks Targeting External IT Assets Surging; Unmanaged Assets Are the Greatest Risk
IT assets exposed to the internet are increasingly being targeted as points of origin for cyber attacks. Assets accessible from the outside, such as websites and VPN network equipment, are prime 'ingress points' for attackers. The risk of exploitation for known vulnerabilities is particularly high when unpatched vulnerabilities, end-of-life products, or unmanaged test environments and subdomains are left unattended.
Especially in large corporations and group companies, websites and servers are often set up by individual business units or subsidiaries, creating 'rogue assets' that the central IT department cannot fully track. These unmanaged public assets remain exposed to attackers while carrying risks like neglected vulnerabilities or lack of security policy application, making them a primary risk factor for enterprises.
## Annual Vulnerability Assessments Fail to Detect New Vulnerabilities and Unidentified Public Assets
While interest in ransomware countermeasures has increased in recent years, many companies tend to focus their efforts on 'detection and recovery after intrusion.' In reality, the initial ingress points leading to ransomware damage often involve external assets, VPNs, remote access devices, public servers, outdated websites, unpatched known vulnerabilities, unsupported software, and misconfigurations. 'Ingress management' prior to intrusion is just as crucial as post-intrusion measures like EDR, backups, training, and email security.
However, external assets continue to proliferate due to cloud usage, test environments, campaign sites, and independent operations by subsidiaries or business units. If vulnerability assessments are only conducted once a year, companies cannot notice vulnerabilities that emerge between assessments or newly public assets. Furthermore, if 'rogue assets' are not listed in the management ledger, the scope of assessment cannot be correctly identified, creating a dangerous situation where only attackers are aware of their existence. To address these risks, a mechanism for comprehensive identification of external assets and high-frequency, continuous vulnerability assessment is essential.
## Eliminating Blind Spots Through Continuous Monitoring via ASM and Automated Asset Discovery
This webinar introduces an approach to eliminate blind spots in diagnosis by utilizing Attack Surface Management (ASM) to continuously monitor external assets.
ASM is a methodology for discovering a company's internet-exposed IT assets from an attacker's perspective and continuously detecting and evaluating vulnerabilities and risks. In this seminar, we will explain specific operational methods using 'Net-de-Shindan ASM,' a domestic ASM tool provided by GMO Cybersecurity by Ierae, Inc. By simply registering a domain, Net-de-Shindan ASM automatically identifies associated external assets, including subdomains and IP addresses, and conducts regular vulnerability assessments. Since alert notifications are sent when critical vulnerabilities are detected, it enables the visualization of risks even for assets previously unknown to the IT department.
IT assets exposed to the internet are increasingly being targeted as points of origin for cyber attacks. Assets accessible from the outside, such as websites and VPN network equipment, are prime 'ingress points' for attackers. The risk of exploitation for known vulnerabilities is particularly high when unpatched vulnerabilities, end-of-life products, or unmanaged test environments and subdomains are left unattended.
Especially in large corporations and group companies, websites and servers are often set up by individual business units or subsidiaries, creating 'rogue assets' that the central IT department cannot fully track. These unmanaged public assets remain exposed to attackers while carrying risks like neglected vulnerabilities or lack of security policy application, making them a primary risk factor for enterprises.
## Annual Vulnerability Assessments Fail to Detect New Vulnerabilities and Unidentified Public Assets
While interest in ransomware countermeasures has increased in recent years, many companies tend to focus their efforts on 'detection and recovery after intrusion.' In reality, the initial ingress points leading to ransomware damage often involve external assets, VPNs, remote access devices, public servers, outdated websites, unpatched known vulnerabilities, unsupported software, and misconfigurations. 'Ingress management' prior to intrusion is just as crucial as post-intrusion measures like EDR, backups, training, and email security.
However, external assets continue to proliferate due to cloud usage, test environments, campaign sites, and independent operations by subsidiaries or business units. If vulnerability assessments are only conducted once a year, companies cannot notice vulnerabilities that emerge between assessments or newly public assets. Furthermore, if 'rogue assets' are not listed in the management ledger, the scope of assessment cannot be correctly identified, creating a dangerous situation where only attackers are aware of their existence. To address these risks, a mechanism for comprehensive identification of external assets and high-frequency, continuous vulnerability assessment is essential.
## Eliminating Blind Spots Through Continuous Monitoring via ASM and Automated Asset Discovery
This webinar introduces an approach to eliminate blind spots in diagnosis by utilizing Attack Surface Management (ASM) to continuously monitor external assets.
ASM is a methodology for discovering a company's internet-exposed IT assets from an attacker's perspective and continuously detecting and evaluating vulnerabilities and risks. In this seminar, we will explain specific operational methods using 'Net-de-Shindan ASM,' a domestic ASM tool provided by GMO Cybersecurity by Ierae, Inc. By simply registering a domain, Net-de-Shindan ASM automatically identifies associated external assets, including subdomains and IP addresses, and conducts regular vulnerability assessments. Since alert notifications are sent when critical vulnerabilities are detected, it enables the visualization of risks even for assets previously unknown to the IT department.
FAQ
What is the main content of the webinar?
It explains specific operational examples of using ASM to automatically detect external assets like websites and VPNs for continuous vulnerability monitoring.
How can unmanaged assets (shadow IT) be found?
'Net-de-Shindan ASM' uses a mechanism that automatically identifies related subdomains and IP addresses from registered domains.
How does it differ from traditional assessments?
Unlike periodic annual assessments, ASM provides continuous monitoring, enabling immediate response to new vulnerabilities or newly deployed assets.