Attack Surface Management Summit

Join us for a must-attend virtual event exclusively focused on Attack Surface Management (ASM) as corporate defenders shift tactics to continuously discover, inventory, classify, prioritize, and monitor digital assets and cloud services.

Agenda

On-Demand

Session

The runZero CAASM Platform

Watch runZero expert, Ali Cheikh, as he guides you through the runZero 4.0 Platform. See how this new kind of #CAASM provides comprehensive security visibility to understand your organization's exposure.

Day - 01

18

September

11:00

Reality Check: Reinventing ASM for your Total Attack Surface

Let’s be real. Attack surfaces are expanding every day, at least according to 67% of organizations. Promises of attack surface reduction haven’t paid off… and most security teams face a slew of siloed tools that don’t offer complete visibility into their assets and attack surfaces, leaving them in constant fear of the unknown. As we all know, you can’t protect what you can’t see. It’s time to reinvent attack surface management for the real world. Security teams deserve a comprehensive solution that keeps pace with growth, not denying it. One that secures both internal and external attack surfaces and discovers everything attached to networks regardless of whether it’s IT, OT, or IoT and located on-prem, remote or in the cloud. A solution that can surface unknowns and risky outliers quickly, and prioritize exposures based on impact. This session will explore the shifting dynamics of today’s attack surfaces and challenges facing security teams, including new exposures identified by runZero’s research team. See how rethinking old challenges and addressing new ones inspired runZero’s unique approach to cyber asset attack surface management, and how our combination of active scanning, native passive discovery, and integrations can deliver the most complete, accurate, and in-depth visibility across attack surfaces and empower you to proactively secure them.

Bryan O’Neil

VP of Customer Engineering, runZero

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Bryan O&rsquo;Neil, VP of Customer Engineering at runZero, leads the Solutions Engineering and Customer Success Engineering teams. With over 12 years of cybersecurity experience, Bryan has collaborated with customers across a wide range of markets and verticals, including Enterprise, Federal, SLED, Channel, MSP, SMB, and Mid-Market. After playing a key role in the early growth of successful startups like Duo Security, Bryan is now driving the continued success of runZero.</span></p>

18

September

11:45

Homoglyph-Based Attacks: Circumventing LLM Detectors

As large language models (LLMs) become more and more skilled at writing human-like text, the ability to detect what they generate is critical. This session explores a novel attack vector, homoglyph-based attacks, that effectively bypasses state-of-the-art LLM detectors. We'll begin by explaining the idea behind homoglyphs, characters that look similar but are encoded differently. You'll learn how these can be used to manipulate tokenization and evade detection systems. We'll cover the mechanisms of how homoglyphs alter text representation, discuss their impact on existing LLM detectors, and present a comprehensive evaluation of their effectiveness against various detection methods. Join us for an engaging exploration of this emerging threat and to gain insight into how security researchers can stay ahead of evolving evasion techniques.

Aldan Creo

Technology Research Specialist, Accenture Labs

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Aldan is a Fulbright Student, sponsored by the U.S. Department of State. He studied Computer Science in Spain, France, and Switzerland, graduating as valedictorian. He has completed four internships and been a Google Summer of Code contributor for Django. He received a public grant to undertake research on Natural Language Processing, and has been recognized for leadership and academic excellence through several awards. He is also the founder of 3 associations and contributes to open source. Currently, he is employed as a Technology Research Specialist working on Knowledge Graphs and Natural Language Processing in Accenture Labs.</span></p>

18

September

12:30

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

18

September

12:45

Dangerous Dark Matter: Confronting the Unknowns in Your Network

Unknown assets and vulnerabilities can silently compromise your organization, leading to catastrophic breaches. This presentation explores the hidden threats and so-called “network dark matter” lurking within your environment, viewed through the lens of zero-day vulnerabilities. We'll explore real-world examples of how these unknowns have been exploited and created significant exposures. Join us as we reveal the dark corners of your network and discuss strategies to illuminate and secure them.

Ali Cheikh

Senior Sales Engineer, runZero

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Ali Cheikh is a seasoned Senior Sales Engineer with over 14 years of global experience, supporting governments, multinational corporations, and Fortune 500 companies. Originally from Djibouti, he joined runZero in 2021 as the company's first-ever Sales Engineer.</span></p>

18

September

13:20

Fireside Chat with Chris Wysopal, Chief Security Evangelist at Veracode

Join us for an engaging fireside chat with Chris Wysopal, Chief Security Evangelist at Veracode, on expanding attack surfaces in modern software and how organizations must adapt to mitigate risks up and down the software supply chain. Expect a frank discussion on the state of cybersecurity, cloud and OS monocultures, government regulations and vendor responsibility, the global ransomware epidemic, and the expanding security poverty line.

Chris Wysopal

Chief Security Evangelist, Veracode

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Chris Wysopal is the Chief Security Evangelist at Veracode, responsible for enhancing the company's industry presence, advocating robust security practices, and fostering customer and peer relationships. Prior to co-founding Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.</span></p>

18

September

13:55

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

18

September

14:10

The Simple, Yet Lethal, Anatomy of an AI Attack

It surprises no one that attack surfaces expand as swiftly as AI and ML technologies advance, yet the security landscape lags behind. Join us for an eye-opening session where we dive deep into the dark world of AI security through the lens of attackers. We'll tread carefully between different attacks, accompanied by demos, revealing the strategies and techniques used to compromise AI and LLMs. From reconnaissance and spoofing via supply chain attacks all the way to LLM poisoning, jailbreaking, and compromise—AI attacks are far from just prompt injection. Witness firsthand how attackers exploit vulnerabilities, manipulate AI systems, and leverage AI for malicious purposes. This session, recorded at SecurityWeek’s 2024 AI Risk Summit at the Ritz-Carlton, Half Moon Bay, was previously only available to attendees of the in-person event, is now available for the first time to attendees of the Attack Surface Management Summit.

Erez Yalon

Checkmarx, VP of Security Research

<p>Erez Yalon is the VP of Security Research at Checkmarx and oversees Checkmarx&rsquo;s research team comprising analysts, pen testers, security engineers, and bug bounty hunters. Erez brings vast experience to his position and his efforts to empower today&rsquo;s developers and organizations to deliver more secure applications. Erez is also the Founder of the DEF CON's AppSec Village and co-leads the OWASP API Security Project.</p>

18

September

14:50

Networking & Virtual Expo

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Speakers

Erez Yalon

Checkmarx, VP of Security Research

READ BIO

Erez Yalon

Checkmarx, VP of Security Research

<p>Erez Yalon is the VP of Security Research at Checkmarx and oversees Checkmarx&rsquo;s research team comprising analysts, pen testers, security engineers, and bug bounty hunters. Erez brings vast experience to his position and his efforts to empower today&rsquo;s developers and organizations to deliver more secure applications. Erez is also the Founder of the DEF CON's AppSec Village and co-leads the OWASP API Security Project.</p>

Chris Wysopal

Chief Security Evangelist, Veracode

READ BIO

Chris Wysopal

Chief Security Evangelist, Veracode

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Chris Wysopal is the Chief Security Evangelist at Veracode, responsible for enhancing the company's industry presence, advocating robust security practices, and fostering customer and peer relationships. Prior to co-founding Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software.</span></p>

Ali Cheikh

Senior Sales Engineer, runZero

READ BIO

Ali Cheikh

Senior Sales Engineer, runZero

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Ali Cheikh is a seasoned Senior Sales Engineer with over 14 years of global experience, supporting governments, multinational corporations, and Fortune 500 companies. Originally from Djibouti, he joined runZero in 2021 as the company's first-ever Sales Engineer.</span></p>

Aldan Creo

Technology Research Specialist, Accenture Labs

READ BIO

Aldan Creo

Technology Research Specialist, Accenture Labs

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Aldan is a Fulbright Student, sponsored by the U.S. Department of State. He studied Computer Science in Spain, France, and Switzerland, graduating as valedictorian. He has completed four internships and been a Google Summer of Code contributor for Django. He received a public grant to undertake research on Natural Language Processing, and has been recognized for leadership and academic excellence through several awards. He is also the founder of 3 associations and contributes to open source. Currently, he is employed as a Technology Research Specialist working on Knowledge Graphs and Natural Language Processing in Accenture Labs.</span></p>

Bryan O’Neil

VP of Customer Engineering, runZero

READ BIO

Bryan O’Neil

VP of Customer Engineering, runZero

<p><span style="font-family: Arial; font-size: 13px; white-space-collapse: preserve;">Bryan O&rsquo;Neil, VP of Customer Engineering at runZero, leads the Solutions Engineering and Customer Success Engineering teams. With over 12 years of cybersecurity experience, Bryan has collaborated with customers across a wide range of markets and verticals, including Enterprise, Federal, SLED, Channel, MSP, SMB, and Mid-Market. After playing a key role in the early growth of successful startups like Duo Security, Bryan is now driving the continued success of runZero.</span></p>

Event Sponsors

runZero

runZero

runZero, rated #1 on Gartner Peer Insights, delivers the fastest, most complete security visibility, discovering managed and unmanaged assets across IT, OT, IoT, cloud, mobile, and remote environments.

Sprocket Security

Sprocket Security

Sprocket Security continuously validates businesses’ security postures using a hybrid approach of automation and expert penetration testing across attack surfaces year-round. We do this to help businesses improve security & reduce IT risk.