Attack Surface Management: Measuring Real-World Impact
Our experts explain how to tell if your ASM is effective, what teams often miss, and why it’s more than just tracking known vulnerabilities.
Many organizations invest in Attack Surface Management (ASM) solutions, but how can security leaders determine if they are truly effective? This session brings together industry experts to dissect what really matters in ASM—beyond vendor promises—to help decision-makers make informed investments.
Watch our expert panel as they discuss:
- How decision-makers evaluate ASM solutions – What executives look for when assessing ASM effectiveness and ROI.
- The state of ASM in the industry – Research-backed insights on the latest trends, challenges, and innovations shaping ASM.
- ASM vs. real-world threats – How attackers actually exploit attack surfaces—and where ASM solutions succeed or fall short.
This conversation goes beyond the marketing buzz to give security leaders the practical insights they need to measure, optimize, and improve their ASM strategy.
If you want practical, unfiltered insight on how to strengthen your ASM game, this session’s for you.
Host: Mark Goodwin, Director of Managed Security Services, Bishop Fox
Guests:
- Chris Ray, Field CTO, Gigaom
- Sergio Villegas, Sr. Managing Analyst, Bishop Fox – ASI, where he leads a team focused on attack surface intelligence
- Richard Brown, Sr. Managing Operator, Bishop Fox – TEA, where he leads a team focused on threat enablement and analysis
Summary
In this engaging panel, Bishop Fox’s Mark Goodwin sits down with Chris Ray (GigaOm), Sergio Villegas, and Richard Brown (Bishop Fox) to talk about what really makes an Attack Surface Management (ASM) program effective.
They answer a key question: If you’re investing in ASM, how do you know it’s actually working?
Highlights from the Discussion:
-
ASM ≠ Vulnerability Management – ASM focuses on discovering unknown assets and gaps, not just tracking known issues.
-
Common Misconceptions – Many teams think they’re covered, but often miss assets from cloud apps, mergers, or rogue domains.
-
Why Threat Intelligence Matters – Integrating real-time intel helps teams prioritize what truly matters.
-
Emerging Trends – Organizations are starting to apply ASM internally to catch issues before attackers do.
-
Measuring Success – It’s about more than critical findings—track trends over time, response speed, and attack surface hygiene.
Key Takeaway:
ASM isn’t just a tool—it’s a partnership. The best programs combine automation, expert insight, and strong collaboration to stay ahead of threats.