SANS Attack Surface Management Virtual Conference

  • Wednesday, 14 Apr 2021 10:30AM EDT (14 Apr 2021 14:30 UTC)
  • Speakers: Phil Neray, David Cowen, Pierre Lidome, David Wolpoff, Aaron Portnoy, Kyle Howson, Dan MacDonnell, Joseph Menn, Eric McIntyre

You will earn 6 CPE credits for attending this virtual event.

Forum Format: Virtual - US Eastern

Event Overview

Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shadow IT and the rise of ransomware attacks.

Attendees will gain valuable lessons on how to operationalize attack surface management in order to improve their threat intelligence, vulnerability management and offensive security programs.


10:30 - 10:35 AM EDT - Event Welcome

Dave Cowen, @HECFBlog, Forum Chair, SANS Institute, @SANSInstitute

10:35 - 11:05 AM EDT - Defending Forward in Today's Exposed World

David "Moose" Wolpoff, @HexadeciMoose, CTO, CO-Founder, Randori, @RandoriSecurity

Dan MacDonnell, Retired Rear Admiral, Former Deputy Chief NSA/CSS, Randori, @RandoriSecurity

Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes'look into forces driving today's cyber landscape and what they tell us about the future of security.

Attendees will leave with a firm understanding of the macro-forces driving today's cyberwar, clarity into why today's approaches won't cut it tomorrow, and why it's essential organizations defend forward - adopting proactive strategies that leverage the attacker's perspective to anticipate threats and test resiliency.

11:05 - 11:35 AM EDT - Getting on Target: Looking at Your Attack Surface Like An Attacker

Aaron Portnoy, @aaronportnoy, Principal Scientist, Randori, @RandoriSecurity

Fundamental to the rise of attack surface management is a growing recognition that attackers see the world differently. In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how red teams, like the Randori Attack Team, can often come to dramatically different conclusions than security teams about an asset - even when both are looking at the same information. He will look at real examples taken from customer environments and break down some of the ways he's see security teams adopting the attacker's perspective to reduce noise, prioritize risk and get on target faster.

11:35 AM - 12:05 PM EDT - Hunting Threat Actors with Attack Surface Management

Kyle Howson, Cyber Security Operations Centre Specialist, Air Canada, @AirCanada

Dan Pistelli, Security Solutions Engineer, LogicHub, @Logichubhq

With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential.

In this session, Air Canada's Kyle Howson and LogicHub's Dan Pistelli will break down how Air Canada is 'integrating the attacker's perspective into their asset, vulnerability, and threat management workflows through LogicHub to hunt for APTs and quickly find, prioritize, and act upon issues as they are discovered.

In this session, Kyle and Dan will walk through tangible examples and break down how attendees can replicate these actions in their organization, by:

  • Establishing an external source of truth for threat prioritization between Security and IT
  • Increasing the efficiency of remediation efforts by combining threat intelligence with real time visibility into their attack surface
  • Identifying process failures and shadow IT that poses categorical risks.
  • Leveraging the attacker's perspective to turn threat data into actionable narratives both executives and practitioners can agree-on.
  • Saving time and money by focusing teams on the specific threats that pose the greatest risk to Air Canada.

12:05 - 12:15 PM EDT - Randori Attack Platform

See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations.

12:15 - 12:45 PM EDT - Evaluating Attack Surface Management Tools

Pierre Lidome, @texaquila, SANS Instructor and Cyber Hunter, SANS Institute, @SANSInstitute

Attack surface management (ASM) is an emerging category that aims to help organizations address these challenges by providing a continuous perspective of an organization's external attack surface.

In this session, SANS course author Pierre Lidome will provide an overview of Attack Surface Management, the key use-cases and 'benefits and limitations of today's solutions. Based off his research developing the SANS Guide to Evaluating Attack Surface Management, Pierre will also provide attendees with 'actionable guidance they can use 'when crafting RFPs and PoCs for ASM projects.

12:45 - 12:55 PM EDT - Randori Attack Platform

See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations.

12:55 - 1:25 PM EDT - Top IOT/OT Security Attack Vectors

Eric McIntyre, @pwnpnw, Director of Research and Development, Randori, @RandoriSecurity

Phil Neray, Director of Azure IoT & Industrial Cybersecurity, Microsoft, @Microsoft

IoT and OT devices are now everywhere, helping individuals and businesses collect real-time data and automate tasks for greater productivity and efficiency.

This is increasingly true in enterprises, as workers rely on a diverse set of smart devices to get their work done. These devices are often unpatched, unmanaged, and invisible to IT and OT teams ' making them soft targets for adversaries seeking to gain access to corporate networks in order to steal sensitive intellectual property or deploy ransomware.

In this talk, join Phil Neray from Microsoft and Randori's Eric McIntyre for a look into the top IT and OT Attack Vectors and how organizations are using ASM to reduce their exposure.

1:25 - 2:15 PM EDT - Fireside Chat: Exchanging Zero Days - Where Do We Go From Here?

Moderator - Joseph Menn


Window Snyder, @window, former CISO at Square, Square, @Square

Richard Puckett, CISO, SAP, @SAP

Stewart Baker, Former General Counsel of NSA

David "Moose" Wolpoff, @HexadeciMoose, CTO and CO-Founder, Randori, @RandoriSecurity

SolarWinds and Microsoft Exchange were not the first, and they won't be the last, major cyber attacks to leverage zero days to infect tens of thousands of organizations. In this session - attendees will hear from a panel of leading experts from the commercial and public sector on how they see our approaches to security evolving post these two seismic supply chain attacks. Topics discussed will include - what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or "Defending Forward," has in the future of security.

2:15 - 2:25 PM EDT - Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

Joseph Menn, Reuters Cybersecurity Journalist and author

Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone.

2:25 - 2:30 PM EDT - Wrap-up