Evolving%20Perspectives%20The%20Future%20of%20Attack%20Surface%20Management.png?profile=RESIZE_710x

 

In the dynamic realm of cybersecurity, the concept of Attack Surface Management (ASM) continues to undergo evolution and refinement. As organizations grapple with the challenges of securing their digital assets, questions arise regarding the maturity of ASM programs and their adaptability to emerging threats. In this blog, we explore the shifting landscape of ASM and its potential trajectory towards internal attack surface management, alongside considerations of deception technology and the unknown unknowns that challenge traditional security paradigms.

 

 

Here is the verbatim discussion:

That you may miss out something right which defeats the purpose of the unknown unknown so uh yes I absolutely agree that's going to happen but operationally it's going to be more difficult uh there's a second question which is do you think the use of deception technology is a sign of maturity of an ASM program um so I I I don't because ASM is discovering what's already out there uh you know for the most part and I love deception technology don't get me wrong that's one of the topics that I've I've written at length about for a few years uh I think it's provides tremendous value it's easy to deploy uh and it's it's simple and intuitive but I don't see it sure you want to pick one yes um so is the field of ASM eventually moving into internal attack surface management so uh I'll try and do this quickly the the answer is I see yes um maybe not as quickly as we would like and it may not look like a tax surface management that we know today uh but much in the same way that EDR was revolutionary for endpoint detection or endpoint security and they said fendors said hey EDR work great for our endpoints I wish we could do that on our Cloud on our identity on our Network so EDR has evolved into xdr the extended detection and response uh I see a similar story for ASM or easm if if the vendor only doing external attack surface management hey this is great this is wonderful it's done all sorts of
 
Speakers: 

Chris Ray, a seasoned professional in the cybersecurity field, brings a wealth of experience from small teams to large financial institutions, as well as industries such as healthcare, financials, and tech. He has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform