Attack Surface Management Summit

Attack Surface Management Summit

With the pandemic-induced digital transformation underway, security teams are turning to continuous Attack Surface Management (ASM) to bolster a holistic risk management program.

Today, CISOs, CIO, CTOs and enterprise network defenders are adopting Attack Surface Management tools to continuously discover, inventory, classify, prioritize, and monitor digital assets for signs of weaknesses.

In this special summit, SecurityWeek brings together experts in the field of bug bounties, pen-testing, webapp security assessments, network defenders and cloud security specialist to share best practices around reducing attack surfaces in modern computing.

Watch Sessions on Demand

Presenting Sponsor


Diamond Sponsor

Bishop Fox

Gold Sponsor

Palo Alto Cortex


Silver Sponsor


Join us for a security leadership fireside chat with VP and Chief Information Security Officer at McDonald's Shaun Marion. SecurityWeek's editor-at-large Ryan Naraine will moderate a Q&A session on the role of the modern CISO, the challenges of building a mature risk management program, securing multi-cloud deployments, supply chain anxieties, and much more.r

Cyber-threats are driving a renewed business focus on security posture management but growing attack surfaces have made security hygiene more difficult. However, with as many 30% of exposed assets unknown to security teams and 7 in 10 experiencing a compromise in the past 12 months from unknown or poorly managed assets, executives and corporate boards are increasingly asking for greater visibility and formal metrics via real-time data analysis and better program management.

In this session, Randori Director of Product Marketing Ian Lee will provide insight on the current state of attack surface management, what’s normal, what is and isn’t working, what’s needed to get ahead and what steps leaders say they are taking to improve their external security posture.

Every time a new CVE is published and gains traction in the press, security teams scramble to determine whether those vulnerabilities pose a threat to their business. The truth is that, in many cases, these stories simply become a distraction. In fact, the biggest risks are often vulnerabilities that are much less glamorous, yet much easier to exploit and offer more useful footholds for attackers.

While vulnerabilities like EternalBlue and Log4j garner widespread attention, there are thousands of exposures categorized as “low risk” against pre-defined severity ratings that slip through the cracks. However, in the hands of skilled attackers, many of these exposures serve as launching pads or steppingstones to more complex and destructive attacks. The challenge for many organizations is not only identifying these exposures but also determining the potential business impact in their unique environment.

Join our presentation where we’ll explore:

  • The speed, precision, and covert nature of modern adversaries
  • Commonly observed “low risk” exposures and how they lead to destructive attacks
  • How attack surface management and continuous pen testing can help you uncover, assess, prioritize, and remediate these types of exposures This talk will showcase examples of exposures found in real-world environments, including a step-by-step view into how ethical hackers exploited them to reach high value targets.

The complex nature of the modern corporate network has caused attack surfaces to expand at staggering rates, forcing defenders to rethink approaches to vulnerability and patch management, penetration testing, shadow IT management, threat intelligence and secure multi-cloud deployments.

Join this expert panel of cybersecurity leaders and practitioners for a frank discussion on how to integrate the external visibility from attack surface management tools and processes with internal security controls to completely map all the connections and assets in an enterprise.

Attendees can expect a robust discussion on the evolution of penetration testing, bug bounties, red teaming, automated web-application testing, risks from shadow IT and multi-cloud deployments.

Fundamental to the rise of attack surface management is a growing recognition that
attackers see the world differently.

In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how attackers, like inside the Randori Hacker Operations Center, often come to dramatically different conclusions than security teams about the risk profile of an asset - even when looking at the same information.

Join this session as we look at real examples taken from customer environments and break down some of the ways security teams can adopt the attacker's perspective to better reduce noise, prioritize risk and get on target faster.

It’s no secret that attack surfaces are increasing at an uncontrollable rate and security teams face an uphill battle outpacing adversaries.

Automated approaches have evolved to identify potential vulnerabilities at scale; however, they overwhelm security teams with a massive number of results that aren’t truly exploitable in the real world. On the flip side, point-in-time testing can uncover these true exposures, but they lack flexibility to track with dynamic attack surfaces – and long gaps between tests give attackers an opportunity to strike. A new approach is needed to deliver continuous coverage at the scale and speed required to outfox modern attackers.

Join us for a look at how the next generation of attack surface protection not only delivers better outcomes, but also yields significant ROI. We’ll explore what you can expect from your investment in ASM and the types of returns early adopters are already seeing.

Tune in to:

  • Discover why combining technology with human expertise is more effective at identifying, assessing, and remediating high-risk exposures than automation-only solutions
  • See what types of real-world exposures were uncovered in 2021 across industries and company sizes to benchmark your own risk
  • Gauge the savings you will derive from implementing continuous offensive testing, including a look at how to calculate this for your own organization

Since its inception, there have been a lot of incorrect assumptions about the web’s infrastructure. Unfortunately, those myths impact how specialists view and handle cybersecurity. In this webinar, experts from the Cortex® team will discuss:

  • The pervasive assumptions related to the structure of the internet
  • Why and how these bad assumptions continue to influence cybersecurity strategy
  • How attack surface management (ASM) can help lead security efforts in the future
  • How leading Fortune 2000 companies secure their organizations with ASM

Everyone agrees protecting your attack surface is a critical capability for every security team, but few know how to operationalizing ASM solutions in a way that works for IT, security and the business. In this practical session, Randori Director of Product Management, Drew Roy will break down 5 proven workflows, taken from most effective security teams, you can adopt to minimize your attack surface risk. Attendees will gain in-depth insight into how to integrate ASM with vulnerability management, asset management, ticketing, threat intelligence and cloud providers. Each will include real-world examples of how companies like Air Canada, Lionbridge, NOV, and more are using these workflows to regain control of their attack surfaces

Cosmos proactively defends dynamic attack surfaces by combining advanced technology, automation, and expert-driven testing into a unified solution to continuously identify and remediate high-risk exposures. Learn how Cosmos works – and why human expertise makes all the difference.

Hear from a wide range of prominent CISOs, cloud software engineers, network architects, and security response engineers sharing best practices, defense frameworks and actionable data and to reduce risk from exposed
attack surfaces.

Topics Include:

  • Securing work-from-home cloud deployments at scale
  • Continuous monitoring of known digital assets
  • Management and visibility into Shadow IT (unknown and rogue assets)
  • Ransomware resilience and recovery
  • The evolution of the pen-test and bug bounty
  • Third-party/vendor risk management
  • Threat intelligence and the value of offensive security programs
  • Automating vulnerability and patch management at scale

Leave a Comment

Event Details
  • Start Date
    February 23, 2022 10:45 am


  • End Date
    February 23, 2022 4:00 pm