SANS Institute Spring Cyber Solutions Fest 2024: Attack Surface & Vulnerability Management Track

Using a vulnerability scanner or an ASM tool is not enough. While ASM technology continuously scans for assets, security teams still need human intelligence to provide business context and additional testing around vulnerabilities identified.

Even when organizations have a robust inventory of assets they own and an understanding of what those assets are, it is critical also to understand their potential risk exposure. This means leveraging a team, which sometimes means a team of one, to manually identify and analyze each asset to find and exploit vulnerable exposures, then validate and prioritize critical ones that need to be remediated—a time-consuming, error-prone task.

During this talk, we cover steps to address these manual pain points and help the team focus on what matters the most to accelerate remediation and reduce the constant alert fatigue.

1. Discover and create a comprehensive map of your organization’s assets and external attack surface
2. Identify potential exposures within your organization’s external-facing assets
3. Validate and prioritize the critical risks to your external facing assets for fast remediation