There might be no lack of interesting content from Qualys at Black Hat USA 2018 this year. Depending on your interests, you would possibly want to find time for a number of these talks and displays. Visit Qualys at Booth #204 to hear great practices presentations from enterprise leaders.
Qualys Black Hat USA 2018
Wednesday, August 8
10:20 – 10 AM
Endpoint Breach Prevention by Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys
The most scalable manner to save you from breaches of endpoints, servers, and cloud workloads is to reduce the attack surface of the asset itself. Operational vulnerability control, remediation prioritization, transparent patching, secure configuration assessment, real-time threat tracking, and energetic threat searching brought via a unified security platform can drastically lessen the likelihood of breaches by specializing in decreasing the attack surface of an organization’s IT environments. In this consultation, discover ways to become aware of, remediate, stumble upon, and respond to unusual and focused attacks that can avoid traditional and subsequent-generation prevention technology.
Eleven:00 – 11:25 AM
How to Reboot Vulnerability Management for Modern IT and Mature Business Needs
Brian Canaday, IT Security Analyst / Engineer, CSAA Insurance Group
Vulnerability Management applications require new ranges of immediacy, accuracy, and scale as they mature. Brian Canaday will discuss how CSAA Insurance Group identified a misalignment of its VM software desires, equipment, and team, then planned and carried out a VM software reboot to fulfill cutting-edge perceptions and expectations of VM as a strategic part of safety operations. This talk explains CSAA’s reboot manner, which includes a gap evaluation and a phased redeployment of the Qualys Cloud Platform and the Qualys Cloud Agent that delivered CSAA the potential to devour security and compliance statistics on the vital scale and with immediacy had to comfortable contemporary IT infrastructure, then document crucial correct and applicable findings to a selection of cease customers together with executives, software, audit and IT groups.
11:40 AM – 12:05 PM
The Art of Vulnerability Management: From Running Scans to Managing Risk
Jimmy Graham, Director of Product Management, Qualys
To deal with the challenges of vulnerability detections growing year over 12 months, Qualys is introducing new methods to visualize vulnerability information, layering Real-time Threat Information on top of detected vulnerabilities to provide constant and automatic remediation prioritization. AssetView technology in Qualys Vulnerability Management permits customers to immediately search for vulnerabilities and create dynamic widgets and dashboards within the VM module. See the new VM Dashboard and instantaneous seek capabilities, a demo of Qualys Threat Protection, as well as a sneak peek at our new Reporting Module to unify reviews across the Qualys Cloud Platform.
12:20 – 12:forty five PM
How to Build a Successful Vulnerability Management Program for Medical Devices
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
For one agency-scale healthcare employer, effective vulnerability management calls for persevered scanning of every networked tool, including non-traditional devices about vulnerability assessment issues, and which emerge as unresponsive from an experiment. This speech highlights how HCA Healthcare’s Vulnerability Management group overcame those demanding situations and explains key factors of constructing a successful vulnerability control program for scientific gadgets.
1:00 – 1:25 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires agencies to automate real-time visibility and monitoring in their SSL certificate deployments. Learn how Qualys CertView enables customers expand DevSecOps to prevent downtime and disruption, audit and compliance screw ups, and mitigate risks related to expired or weak certificate and inclined TLS configurations.
1:40 – 2:05 PM
Qualys Container Security – Visibility and safety for containers from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys
Containers are the maximum sought-after development device for microservices. Their simplicity and portability permit DevOps to create actual agile builds within development cycles. However, this new kind of surroundings brings a new set of safety threats at every section of this cycle – from an unvalidated software program getting into the surroundings, to secrets being leaked, to runtime drifting and breaking immutable behaviors. This consultation outlines commonplace safety risks and realistic use instances throughout every phase that allows you to help safety groups better recognize a way to successfully control protection at the velocity and scale of DevOps.
2:20 – 2:45 PM
Assess All Web Applications and APIs with Better Security Hygiene
Dave Ferguson, Director of Product Management, Qualys
Whether an organisation has mature utility safety techniques or strives best to fulfill regulatory compliance necessities, all in their net programs and HTTP-based APIs need some level of protection testing. Learn how Qualys Web Application Scanning offers customers extensive testing coverage across numerous environments and scales to work with any length software security program. We’ll talk about how WAS’s flexibility and cloud-based, total architecture allows for a sensible approach to software protection hygiene as well as due diligence for GDPR.
Three:00 – three:25 PM
Using Asset Tags to Increase Effectiveness of Your VM Program
Abe de los Reyes, Security Engineer, Cyber-Threat Management Team, Citrix
Kena Deal, Security Engineer, Cyber-Threat Management Team, Citrix
Asset identity based totally on OS, characteristic, and other known identifiers performs a critical role in successful vulnerability control packages at a global scale. Learn why Citrix calls AssetView a valuable device for identifying, managing, and patching worldwide assets. The presenters will provide an explanation for the stages of their AssetView tagging deployment, how each contributed to sizeable strides in preserving belongings prepared, and the way Citrix used Qualys AssetView tags to elevate its patch achievement rate by the aid of eighty % on a number of its most essential systems within the last six months. This session additionally covers how asset tagging will increase Citrix’s capacity to locate and eliminate abandoned systems, lowering its overall risk landscape.
3:40 – 4:05 PM
Building Bridges and now not partitions – A shift to get into DevSecOps
Hari Srinivasan, Director of Product Management, Qualys
Learn how security teams can leverage automation to offer assistance at the rate and scale of DevOps. This communication outlines use instances and first-class practices from three customers who successfully managed to benefit from visibility and automate security practices of their DevOps pipelines.
Four:20 – four: forty-five PM
Gain Unprecedented Visibility with Global IT Asset Inventory
Pablo Quiroga, Director of Product Management, Qualys
The virtual transformation and the ever-evolving cybersecurity danger panorama introduce a new generation at a growing range, scale, and pace. Simultaneously, groups are trying to control resources below budget constraints and with siloed security answers. Learn to tackle these challenges by delivering extraordinary visibility into all environments with one tool: Qualys Asset Inventory – a single and unified answer that allows higher collaboration and strategic planning across IT and Infosec. See how Asset Inventory discovers property throughout worldwide hybrid infrastructure, normalizes and categorizes each hardware and software program, and enriches with non-discoverable asset intelligence, which includes supplier lifecycle information.
Five:00 – 5:25 PM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra
To provide quicker detection and government reporting, organizations together with Finastra are striving to scale vulnerability control packages at the same time as simultaneously lowering network impact. Josh Oquendo from Finastra will speak about his use cases of the Qualys Cloud Platform and Qualys Cloud Agent, as well as practical advice that he employs at Finastra to acquire quicker detection for executive reporting on newly launched critical vulnerabilities. This session features pleasant practices to encourage strong inventory as a vital base, plus actual global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, test companies, and scripts to optimize scanning at daily intervals.
5:forty – 6:05 PM
A 360-diploma Approach to Securing Public Clouds
Hari Srinivasan, Director of Product Management, Qualys
Cloud is a middle layer of virtual transformation, as customers have a shared protection duty with the cloud providers. This session will introduce the threats and solutions needed to comfy cloud workloads and cloud infrastructure. Learn to take advantage visibility of your public clouds, relaxed workloads from each inner and perimeter vulnerabilities, and set up non-stop security tracking of cloud assets to keep away from problems, including information leaks and cryptomining attacks through your cloud infrastructure.
6:20 – 6:45 PM
Incorporate Visibility of Inaccessible or Sensitive Assets into Your Overall Vulnerability and Compliance Program
Tim White, Director of Product Management, Qualys
Organizations that use programmable logic controllers (PLC) and different secretive or disconnected property may be challenged to incorporate them into the scope of their common cybersecurity and risk program. Such property no longer permits traditional remote or agent-primarily based scanning and, as a consequence, remains outdoor the scope of protection tests. Learn how Qualys Offline Device Assessment, an extension of the Qualys sensor circle of relatives, permits these organizations to enhance traditional risk analysis by way of extending their single-pane view of security and compliance to these inaccessible or touchy assets.
Thursday, August 9
10:20 – 10:forty five AM
Qualys Container Security – Visibility and safety for bins from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys
Containers are the most prominent development device for microservices. Their simplicity and portability permit DevOps to create authentic agile builds inside improvement cycles. However, this new sort of surroundings brings a new set of security threats at each segment of this cycle – from unvalidated software programs getting into the environment, to secrets and techniques being leaked, to runtime drifting and breaking immutable behaviors. This session outlines common security risks and practical use cases throughout each segment to help protection groups better recognize the way to effectively manage protection at the velocity and scale of DevOps.
11:00 – 11:25 AM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra
To offer faster detection and government reporting, agencies which including Finastra, are striving to scale vulnerability management applications while simultaneously lowering network impact. Josh Oquendo from Finastra will speak about his use cases of the Qualys Cloud Platform and Qualys Cloud Agent, as well as practical recommendations that he employs at Finastra to acquire quicker detection for government reporting on newly launched vital vulnerabilities. This talk features exceptional practices to encourage strong stock as a critical base, plus actual global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, experiment groups, and scripts to optimize scanning daily.
Eleven: forty – 12:05 PM
Endpoint Breach Prevention by Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys
The most scalable manner to save you from breaches of endpoints, servers, and cloud workloads is to reduce the attack surface of the asset itself. Operational vulnerability control, remediation prioritization, obvious patching, cozy configuration evaluation, real-time threat monitoring, and lively threat searching brought through a unified protection platform can notably reduce the chance of breaches by specializing in decreasing the attack surface of corporate IT environments. In this session, learn how to become aware of, remediate, hit upon, and reply to commonplace and targeted assaults that can steer clear of traditional and subsequent-gen prevention technologies.
