According to Gartner, EASM is an emerging product set that supports organizations in identifying risks coming from internet-facing assets and systems that they may be unaware of threats such as shadow IT, exposure management, expanding attack surfaces, and more.
Continuous Automated Red Teaming (CART) and Penetration Testings are essential defense-in-depth components to mitigate those persistent threats.
This panel discussion touches upon how to use vulnerability scans and manual pen test results to build a focused attack simulation plan.
Key Discussion Points:
- What is EASM?
- What are the key capabilities of EASM tools?
- Common Use Cases of External Attack Surface Management
- Difference Between EASM and DRPS (Digital Risk Protection Services)
- Effective strategies deployed by industry-leading organizations
- How testing external perimeters can validate what can/cannot be discovered and exploited with automation
- Overview Of MITRE ATT&CK framework