Relying on your configuration management database (CMDB) for a comprehensive view of assets leaves significant gaps in your security program. In this edition of the Cyber Risk Series, we'll go beyond broken CMDBs to consolidate asset inventory and ALL risk factors to one source of truth for Security and IT teams. Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.
Wednesday, May 8, 2024
Virtual
The modern attack surface is dynamic, and a periodically updated list of assets won't secure your organization. CISOs and security teams need an actionable, risk-based approach to attack surface management to prioritize their riskiest assets amidst the sprawl.
Don't miss this unique opportunity to hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate far beyond the limitations of the CMDB.
End-of-life (EoL) and end-of-support (EoS) hardware, software, and operating systems are often seen as an IT responsibility. The problem for security teams is that these instances of tech debt expose the organization to unpatchable vulnerabilities and other critical risks. While IT may control the budget and resources for upgrades, security bears the responsibility for associated risks. So, how can security teams measure the risk and align with IT proactively?
The modern enterprise has thousands of assets outside of its network, exposed to the internet—many of which are unknown. Not only does the cybersecurity team need to find these websites, applications, and legacy systems, but they must identify critical risk among the sprawl. Learn best practices for discovering external assets and providing IT and Security teams with the required intelligence to de-risk the external attack surface.
For IT teams, asset management implies procurement, change management, patching, and operational efficiency. For Security teams, asset management is the foundation for measuring and prioritizing risk. Every organization must find harmony between prioritizing risk and powering business operations through technology. Learn how to create a unified view of technology and risk to bridge the gap between Security and IT.
Many asset management programs focus on building a comprehensive inventory—an important first step. But a list of assets is useless, unless you know the asset criticality along with associated vulnerabilities, misconfigurations, EoL/EoS data, and missing security controls. Learn the difference between visibility and inventory risk assessment.
Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.
Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.
This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption.
Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.
Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.
In the ever-evolving landscape of cybersecurity, the traditional approach of relying solely on periodically updated lists of assets is becoming obsolete. The modern attack surface is dynamic and expansive, presenting new challenges for CISOs and security teams. Join us for an insightful fireside chat with a seasoned CISO as we delve into the critical issue of Attack Surface Management and the limitations of the CMDB.
Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.
That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:
Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.
The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right?
In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:
Join us in bridging the IT-security gap and proving that the CISO and CIO are correct when it comes to a complete asset inventory.
Watch full recordings of every session.
Shira is President, Cybersphere, The Futurum Group’s cybersecurity practice. She is a recognized Cybersecurity executive, cybersecurity advisor, global keynote speaker, influencer and author, who has built two Cybersecurity product companies, and both incepted and led multiple Women-in-Technology initiatives.
Shira also serves as President of the NYC-based technology incubator, Prime Tech Partners and the social-media-security firm, SecureMySocial. In addition, she holds seats on the Boards of Pace University Cybersecurity Programme, The Executive Women’s Forum for Information Security, Leading Women in Technology, the Capri Ventures, Memcyco and many other leading technology and security companies.
Shira has published countless articles and lectures on topics related to the human factors of cybersecurity, blockchain, AI and related topics, and holds several patents/patents-pending in areas related to the application of psychology to improve information technology and Cybersecurity.Shira was awarded as “New Jersey’s Best 50 Women in Business”; “Woman of Influence” by CSO Magazine; “One to Watch” by CSO and the EWF; “Outstanding Woman in Infosec” by the CyberHub Summit; One to Watch in IT Security by SC Media and Top Female Cybersecurity Influencer on Social Media.
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.
Omar is a board member of OASIS Open. Omar is the chair of the Common Security Advisory Framework (CSAF) developing new ways to automate security vulnerability disclosure and management. These efforts include the CSAF Vulnerability Exploitability eXchange (VEX). He is the founder and chair of OpenEoX. Omar is the co-chair of the Forum of Incident Response and Security Teams (FIRST) PSIRT SIG.
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.