Attack Surface Management (ASM) has a decisive role in an organization's external exposure to threats, and therefore, I will focus on the core concepts of ASM and how it differs from traditional means such as Asset Management and CMDB. Through real-world examples, attendees will understand how ASM can help enterprises unveil undiscovered dark corners (Assets) and expose potential problems such as Misconfigurations that people are unaware of.

In fact, ASM has difficulties just like the others with similar functions, such as the possibility of evaluation of intranet devices, and the granularity level of threat detection patterns in regards to both depth and breadth. Thankfully, we can still supplement the Context-enriched Content with other sources to achieve the complementary effect. During the session, I will demonstrate how the usefulness and evaluation results of ASM can be greatly enhanced by introducing other trustful sources.

In the end, I will conclude by showing how companies can enact a series of subsequent security hygiene processes through the introduction of ASM, and eventually achieve a comprehensive understanding of themselves.