Attack Surface Management Summit

Let’s be real. Attack surfaces are expanding every day, at least according to 67% of organizations. Promises of attack surface reduction haven’t paid off… and most security teams face a slew of siloed tools that don’t offer complete visibility into their assets and attack surfaces, leaving them in constant fear of the unknown. As we all know, you can’t protect what you can’t see. It’s time to reinvent attack surface management for the real world. Security teams deserve a comprehensive solution that keeps pace with growth, not denying it. One that secures both internal and external attack surfaces and discovers everything attached to networks regardless of whether it’s IT, OT, or IoT and located on-prem, remote or in the cloud. A solution that can surface unknowns and risky outliers quickly, and prioritize exposures based on impact. This session will explore the shifting dynamics of today’s attack surfaces and challenges facing security teams, including new exposures identified by runZero’s research team. See how rethinking old challenges and addressing new ones inspired runZero’s unique approach to cyber asset attack surface management, and how our combination of active scanning, native passive discovery, and integrations can deliver the most complete, accurate, and in-depth visibility across attack surfaces and empower you to proactively secure them.

As large language models (LLMs) become more and more skilled at writing human-like text, the ability to detect what they generate is critical. This session explores a novel attack vector, homoglyph-based attacks, that effectively bypasses state-of-the-art LLM detectors. We'll begin by explaining the idea behind homoglyphs, characters that look similar but are encoded differently. You'll learn how these can be used to manipulate tokenization and evade detection systems. We'll cover the mechanisms of how homoglyphs alter text representation, discuss their impact on existing LLM detectors, and present a comprehensive evaluation of their effectiveness against various detection methods. Join us for an engaging exploration of this emerging threat and to gain insight into how security researchers can stay ahead of evolving evasion techniques.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Unknown assets and vulnerabilities can silently compromise your organization, leading to catastrophic breaches. This presentation explores the hidden threats and so-called “network dark matter” lurking within your environment, viewed through the lens of zero-day vulnerabilities. We'll explore real-world examples of how these unknowns have been exploited and created significant exposures. Join us as we reveal the dark corners of your network and discuss strategies to illuminate and secure them.

Join us for an engaging fireside chat with Chris Wysopal, Chief Security Evangelist at Veracode, on expanding attack surfaces in modern software and how organizations must adapt to mitigate risks up and down the software supply chain. Expect a frank discussion on the state of cybersecurity, cloud and OS monocultures, government regulations and vendor responsibility, the global ransomware epidemic, and the expanding security poverty line.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

It surprises no one that attack surfaces expand as swiftly as AI and ML technologies advance, yet the security landscape lags behind. Join us for an eye-opening session where we dive deep into the dark world of AI security through the lens of attackers. We'll tread carefully between different attacks, accompanied by demos, revealing the strategies and techniques used to compromise AI and LLMs. From reconnaissance and spoofing via supply chain attacks all the way to LLM poisoning, jailbreaking, and compromise—AI attacks are far from just prompt injection. Witness firsthand how attackers exploit vulnerabilities, manipulate AI systems, and leverage AI for malicious purposes. This session, recorded at SecurityWeek’s 2024 AI Risk Summit at the Ritz-Carlton, Half Moon Bay, was previously only available to attendees of the in-person event, is now available for the first time to attendees of the Attack Surface Management Summit.

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.