There might be no lack of interesting content from Qualys at Black Hat USA 2018 this yr. Depending on your interests, you would possibly want to find time for a number of these talks and displays. Visit Qualys at Booth #204 to hear great practices presentations from enterprise leaders.
Qualys Black Hat USA 2018
Wednesday, August 8
10:20 – 10: forty five AM
Endpoint Breach Prevention by Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys
The most scalable manner to save you breaches of endpoints, servers, and cloud workloads is to reduce the attack floor of the asset itself. Operational vulnerability control, remediation prioritization, transparent patching, secure configuration assessment, real-time pastime tracking, and energetic danger searching brought via a unified security platform can drastically lessen the likelihood of breaches via specializing in decreasing the attack surface of organization IT environments. In this consultation, discover ways to become aware of, remediate, stumble on, and respond to not unusual and focused attacks that can avoid traditional and subsequent-gen prevention technology.
Eleven:00 – 11:25 AM
How to Reboot Vulnerability Management for Modern IT and Mature Business Needs
Brian Canaday, IT Security Analyst / Engineer, CSAA Insurance Group
Vulnerability Management applications require new ranges of immediacy, accuracy, and scale as they mature. Brian Canaday will discuss how CSAA Insurance Group identified a misalignment of its VM software desires, equipment, and team, then planned and carried out a VM software reboot to fulfill cutting-edge perceptions and expectations of VM as a strategic part of safety operations. This talk explains CSAA’s reboot manner, which includes a gap evaluation and a phased redeployment of the Qualys Cloud Platform and the Qualys Cloud Agent that delivered CSAA the potential to devour security and compliance statistics on the vital scale and with immediacy had to comfortable contemporary IT infrastructure, then document crucial correct and applicable findings to a selection of cease customers together with executives, software, audit and IT groups.
11:40 AM – 12:05 PM
The Art of Vulnerability Management: from Running Scans to Managing Risk
Jimmy Graham, Director of Product Management, Qualys
To deal with the challenges of vulnerability detections growing yr over 12 months, Qualys is introducing new methods to visualize vulnerability information, layering Real-time Threat Information on pinnacle of detected vulnerabilities to provide constant and automatic remediation prioritization. AssetView technology in Qualys Vulnerability Management permits customers to right away search throughout vulnerabilities and create dynamic widgets and dashboards within the VM module. See the new VM Dashboard and instantaneous seek capabilities, a demo of Qualys Threat Protection, as well as a sneak peek at our new Reporting Module in an effort to unify reviews across the Qualys Cloud Platform.
12:20 – 12:forty five PM
How to Build a Successful Vulnerability Management Program for Medical Devices
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
For one agency-scale healthcare employer, effective vulnerability management calls for persevered scanning of every networked tool including non-traditional devices with regarded vulnerability assessment issues, and which emerge as unresponsive from a experiment. This speak highlights how HCA Healthcare’s Vulnerability Management group overcame those demanding situations and explains key factors of constructing a a hit vulnerability control program for scientific gadgets.
1:00 – 1:25 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires agencies to automate actual-time visibility and monitoring in their SSL certificate deployments. Learn how Qualys CertView enables customers expand DevSecOps to prevent downtime and disruption, audit and compliance screw ups, and mitigate risks related to expired or weak certificate and inclined TLS configurations.
1:40 – 2:05 PM
Qualys Container Security – Visibility and safety for containers from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys
Containers are the maximum sought after development device for microservices. Their simplicity and portability permit DevOps to create actual agile builds within development cycles. However, this new kind of surroundings brings a new set of safety threats at every section of this cycle – from unvalidated software program getting into the surroundings, to secrets being leaked, to runtime drifting and breaking immutable behaviors. This consultation outlines commonplace safety risks and realistic use instances throughout every phase that allows you to help safety groups higher recognize a way to successfully control protection at the velocity and scale of DevOps.
2:20 – 2:45 PM
Assess All Web Applications and APIs with Better Security Hygiene
Dave Ferguson, Director of Product Management, Qualys
Whether an organisation has mature utility safety techniques or strives best to fulfill regulatory compliance necessities, all in their net programs and HTTP-based APIs need some stage of protection checking out. Learn how Qualys Web Application Scanning offers customers extensive checking out coverage throughout numerous environments and scales to work with any length software security program. We’ll talk how WAS’ flexibility and cloud-based totally architecture lets in for a sensible approach to software protection hygiene as well as due diligence for GDPR.
Three:00 – three:25 PM
Using Asset Tags to Increase Effectiveness of Your VM Program
Abe de los Reyes, Security Engineer, Cyber-Threat Management Team, Citrix
Kena Deal, Security Engineer, Cyber-Threat Management Team, Citrix
Asset identity based totally on OS, characteristic and different known identifiers performs a critical role in successful vulnerability control packages at global scale. Learn why Citrix calls AssetView a valuable device for identifying, managing and patching worldwide belongings. The presenters will provide an explanation for the stages of their AssetView tagging deployment, how each contributed to sizeable strides in preserving belongings prepared, and the way Citrix used Qualys AssetView tags to elevate its patch achievement fee with the aid of eighty% on a number of its most essential systems inside the final six months. This session additionally covers how asset tagging will increase Citrix’ capacity to locate and cast off abandoned systems, lowering its general danger landscape.
3:40 – 4:05 PM
Building Bridges and now not partitions – A shift to get into DevSecOps
Hari Srinivasan, Director of Product Management, Qualys
Learn how security teams can leverage automation to offer assist at the rate and scale of DevOps. This communicate outlines use instances and first-class practices from three customers who efficaciously managed to benefit visibility and automate security practices of their DevOps pipelines.
Four:20 – four:forty five PM
Gain Unprecedented Visibility with Global IT Asset Inventory
Pablo Quiroga, Director of Product Management, Qualys
The virtual transformation and the ever-evolving cybersecurity danger panorama introduce new generation at growing range, scale and pace. Simultaneously, groups are trying to control resources below budget constraints and with siloed security answers. Learn to tackle these challenges by using delivering extraordinary visibility into all environments with one tool: Qualys Asset Inventory – a unmarried and unified answer that allows higher collaboration and strategic making plans across IT and Infosec. See how Asset Inventory discovers property throughout worldwide hybrid infrastructure, normalizes and categorizes each hardware and software program, and enriches with non-discoverable asset intelligence which includes supplier lifecycle information.
Five:00 – 5:25 PM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra
In order to provide quicker detection and government reporting, organizations together with Finastra are striving to scale vulnerability control packages at the same time as simultaneously lowering network impact. Josh Oquendo from Finastra will speak his use instances of the Qualys Cloud Platform and Qualys Cloud Agent as well as practical advice that he employs at Finastra to acquire quicker detection for executive reporting on newly launched vital vulnerabilities. This speak features pleasant practices to encourage strong inventory as a vital base plus actual-global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, test companies and scripts to optimize scanning at daily intervals.
5:forty – 6:05 PM
A 360-diploma Approach to Securing Public Clouds
Hari Srinivasan, Director of Product Management, Qualys
Cloud is a middle cloth of virtual transformation, as customers have a shared protection duty with the cloud providers. This session will introduce the threats and solutions needed to comfy cloud workloads and cloud infrastructure. Learn to advantage visibility of your public clouds, relaxed workloads from each inner and perimeter vulnerabilities, and set up non-stop security tracking of cloud assets to keep away from problems including information leaks and cryptomining attacks through your cloud infrastructure.
6:20 – 6:45 PM
Incorporate Visibility of Inaccessible or Sensitive Assets into Your Overall Vulnerability and Compliance Program
Tim White, Director of Product Management, Qualys
Organizations the usage of programmable logic controllers (PLC) and different secretive or disconnected property may be challenged to incorporate them into the scope in their common cybersecurity and risk program. Such property do no longer permit traditional remote or agent-primarily based scanning and as a consequence remain outdoor the scope of protection tests. Learn how Qualys Offline Device Assessment, an extension of the Qualys sensor circle of relatives, permits these organizations to beautify typical chance analysis by way of extending their unmarried-pane-view of security and compliance to these inaccessible or touchy belongings.
Thursday, August 9
10:20 – 10:forty five AM
Qualys Container Security – Visibility and safety for bins from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys
Containers are the most prominent development device for microservices. Their simplicity and portability permit DevOps to create authentic agile builds inside improvement cycles. However, this new sort of surroundings brings a new set of security threats at each segment of this cycle – from unvalidated software program getting into the environment, to secrets and techniques being leaked, to runtime drifting and breaking immutable behaviors. This session outlines common security risks and practical use cases throughout each segment in order to help protection groups higher recognize the way to effectively manage protection at the velocity and scale of DevOps.
11:00 – 11:25 AM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra
In order to offer faster detection and government reporting, agencies which include Finastra are striving to scale vulnerability management applications while simultaneously lowering network impact. Josh Oquendo from Finastra will speak his use cases of the Qualys Cloud Platform and Qualys Cloud Agent as well as practical recommendation that he employs at Finastra to acquire quicker detection for government reporting on newly launched vital vulnerabilities. This talk features exceptional practices to encourage strong stock as a critical base plus actual-global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, experiment groups and scripts to optimize scanning at each day periods.
Eleven:forty – 12:05 PM
Endpoint Breach Prevention by using Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys
The most scalable manner to save you breaches of endpoints, servers, and cloud workloads is to reduce the attack surface of the asset itself. Operational vulnerability control, remediation prioritization, obvious patching, cozy configuration evaluation, actual-time hobby monitoring, and lively threat searching brought through a unified protection platform can notably reduce the chance of breaches via that specialize in decreasing the assault floor of corporation IT environments. In this session, learn how to become aware of, remediate, hit upon, and reply to commonplace and targeted assaults which can steer clear of traditional and subsequent-gen prevention technologies.