Other

Qualys at Black Hat USA 2018: Hear best practices from industry leaders

7 Mins read

There might be no lack of interesting content from Qualys at Black Hat USA 2018 this yr. Depending on your interests, you would possibly want to find time for a number of these talks and displays. Visit Qualys at Booth #204 to hear great practices presentations from enterprise leaders.Image result for Qualys at Black Hat USA 2018: Hear best practices from industry leaders

Qualys Black Hat USA 2018

Wednesday, August 8
10:20 – 10: forty five AM
Endpoint Breach Prevention by Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys

The most scalable manner to save you breaches of endpoints, servers, and cloud workloads is to reduce the attack floor of the asset itself. Operational vulnerability control, remediation prioritization, transparent patching, secure configuration assessment, real-time pastime tracking, and energetic danger searching brought via a unified security platform can drastically lessen the likelihood of breaches via specializing in decreasing the attack surface of organization IT environments. In this consultation, discover ways to become aware of, remediate, stumble on, and respond to not unusual and focused attacks that can avoid traditional and subsequent-gen prevention technology.

Eleven:00 – 11:25 AM
How to Reboot Vulnerability Management for Modern IT and Mature Business Needs
Brian Canaday, IT Security Analyst / Engineer, CSAA Insurance Group

Vulnerability Management applications require new ranges of immediacy, accuracy, and scale as they mature. Brian Canaday will discuss how CSAA Insurance Group identified a misalignment of its VM software desires, equipment, and team, then planned and carried out a VM software reboot to fulfill cutting-edge perceptions and expectations of VM as a strategic part of safety operations. This talk explains CSAA’s reboot manner, which includes a gap evaluation and a phased redeployment of the Qualys Cloud Platform and the Qualys Cloud Agent that delivered CSAA the potential to devour security and compliance statistics on the vital scale and with immediacy had to comfortable contemporary IT infrastructure, then document crucial correct and applicable findings to a selection of cease customers together with executives, software, audit and IT groups.

11:40 AM – 12:05 PM
The Art of Vulnerability Management: from Running Scans to Managing Risk
Jimmy Graham, Director of Product Management, Qualys

To deal with the challenges of vulnerability detections growing yr over 12 months, Qualys is introducing new methods to visualize vulnerability information, layering Real-time Threat Information on pinnacle of detected vulnerabilities to provide constant and automatic remediation prioritization. AssetView technology in Qualys Vulnerability Management permits customers to right away search throughout vulnerabilities and create dynamic widgets and dashboards within the VM module. See the new VM Dashboard and instantaneous seek capabilities, a demo of Qualys Threat Protection, as well as a sneak peek at our new Reporting Module in an effort to unify reviews across the Qualys Cloud Platform.

12:20 – 12:forty five PM
How to Build a Successful Vulnerability Management Program for Medical Devices
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare

For one agency-scale healthcare employer, effective vulnerability management calls for persevered scanning of every networked tool including non-traditional devices with regarded vulnerability assessment issues, and which emerge as unresponsive from a experiment. This speak highlights how HCA Healthcare’s Vulnerability Management group overcame those demanding situations and explains key factors of constructing a a hit vulnerability control program for scientific gadgets.

1:00 – 1:25 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys

Risk management in the age of DevOps and public clouds requires agencies to automate actual-time visibility and monitoring in their SSL certificate deployments. Learn how Qualys CertView enables customers expand DevSecOps to prevent downtime and disruption, audit and compliance screw ups, and mitigate risks related to expired or weak certificate and inclined TLS configurations.

1:40 – 2:05 PM
Qualys Container Security – Visibility and safety for containers from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys

Containers are the maximum sought after development device for microservices. Their simplicity and portability permit DevOps to create actual agile builds within development cycles. However, this new kind of surroundings brings a new set of safety threats at every section of this cycle – from unvalidated software program getting into the surroundings, to secrets being leaked, to runtime drifting and breaking immutable behaviors. This consultation outlines commonplace safety risks and realistic use instances throughout every phase that allows you to help safety groups higher recognize a way to successfully control protection at the velocity and scale of DevOps.Image result for Qualys at Black Hat USA 2018: Hear best practices from industry leaders

2:20 – 2:45 PM
Assess All Web Applications and APIs with Better Security Hygiene
Dave Ferguson, Director of Product Management, Qualys

Whether an organisation has mature utility safety techniques or strives best to fulfill regulatory compliance necessities, all in their net programs and HTTP-based APIs need some stage of protection checking out. Learn how Qualys Web Application Scanning offers customers extensive checking out coverage throughout numerous environments and scales to work with any length software security program. We’ll talk how WAS’ flexibility and cloud-based totally architecture lets in for a sensible approach to software protection hygiene as well as due diligence for GDPR.

Three:00 – three:25 PM
Using Asset Tags to Increase Effectiveness of Your VM Program
Abe de los Reyes, Security Engineer, Cyber-Threat Management Team, Citrix
Kena Deal, Security Engineer, Cyber-Threat Management Team, Citrix

Asset identity based totally on OS, characteristic and different known identifiers performs a critical role in successful vulnerability control packages at global scale. Learn why Citrix calls AssetView a valuable device for identifying, managing and patching worldwide belongings. The presenters will provide an explanation for the stages of their AssetView tagging deployment, how each contributed to sizeable strides in preserving belongings prepared, and the way Citrix used Qualys AssetView tags to elevate its patch achievement fee with the aid of eighty% on a number of its most essential systems inside the final six months. This session additionally covers how asset tagging will increase Citrix’ capacity to locate and cast off abandoned systems, lowering its general danger landscape.

3:40 – 4:05 PM
Building Bridges and now not partitions – A shift to get into DevSecOps
Hari Srinivasan, Director of Product Management, Qualys

Learn how security teams can leverage automation to offer assist at the rate and scale of DevOps. This communicate outlines use instances and first-class practices from three customers who efficaciously managed to benefit visibility and automate security practices of their DevOps pipelines.

Four:20 – four:forty five PM
Gain Unprecedented Visibility with Global IT Asset Inventory
Pablo Quiroga, Director of Product Management, Qualys

The virtual transformation and the ever-evolving cybersecurity danger panorama introduce new generation at growing range, scale and pace. Simultaneously, groups are trying to control resources below budget constraints and with siloed security answers. Learn to tackle these challenges by using delivering extraordinary visibility into all environments with one tool: Qualys Asset Inventory – a unmarried and unified answer that allows higher collaboration and strategic making plans across IT and Infosec. See how Asset Inventory discovers property throughout worldwide hybrid infrastructure, normalizes and categorizes each hardware and software program, and enriches with non-discoverable asset intelligence which includes supplier lifecycle information.

Five:00 – 5:25 PM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra

In order to provide quicker detection and government reporting, organizations together with Finastra are striving to scale vulnerability control packages at the same time as simultaneously lowering network impact. Josh Oquendo from Finastra will speak his use instances of the Qualys Cloud Platform and Qualys Cloud Agent as well as practical advice that he employs at Finastra to acquire quicker detection for executive reporting on newly launched vital vulnerabilities. This speak features pleasant practices to encourage strong inventory as a vital base plus actual-global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, test companies and scripts to optimize scanning at daily intervals.

5:forty – 6:05 PM
A 360-diploma Approach to Securing Public Clouds
Hari Srinivasan, Director of Product Management, Qualys

Cloud is a middle cloth of virtual transformation, as customers have a shared protection duty with the cloud providers. This session will introduce the threats and solutions needed to comfy cloud workloads and cloud infrastructure. Learn to advantage visibility of your public clouds, relaxed workloads from each inner and perimeter vulnerabilities, and set up non-stop security tracking of cloud assets to keep away from problems including information leaks and cryptomining attacks through your cloud infrastructure.

6:20 – 6:45 PM
Incorporate Visibility of Inaccessible or Sensitive Assets into Your Overall Vulnerability and Compliance Program
Tim White, Director of Product Management, Qualys

Organizations the usage of programmable logic controllers (PLC) and different secretive or disconnected property may be challenged to incorporate them into the scope in their common cybersecurity and risk program. Such property do no longer permit traditional remote or agent-primarily based scanning and as a consequence remain outdoor the scope of protection tests. Learn how Qualys Offline Device Assessment, an extension of the Qualys sensor circle of relatives, permits these organizations to beautify typical chance analysis by way of extending their unmarried-pane-view of security and compliance to these inaccessible or touchy belongings.

Thursday, August 9
10:20 – 10:forty five AM
Qualys Container Security – Visibility and safety for bins from Build to Deployments
Hari Srinivasan, Director of Product Management, Qualys

Containers are the most prominent development device for microservices. Their simplicity and portability permit DevOps to create authentic agile builds inside improvement cycles. However, this new sort of surroundings brings a new set of security threats at each segment of this cycle – from unvalidated software program getting into the environment, to secrets and techniques being leaked, to runtime drifting and breaking immutable behaviors. This session outlines common security risks and practical use cases throughout each segment in order to help protection groups higher recognize the way to effectively manage protection at the velocity and scale of DevOps.

11:00 – 11:25 AM
Scaling a Vulnerability Management Program While Reducing Network Impact
Josh Oquendo, Threat Intelligence Analyst, Finastra

In order to offer faster detection and government reporting, agencies which include Finastra are striving to scale vulnerability management applications while simultaneously lowering network impact. Josh Oquendo from Finastra will speak his use cases of the Qualys Cloud Platform and Qualys Cloud Agent as well as practical recommendation that he employs at Finastra to acquire quicker detection for government reporting on newly launched vital vulnerabilities. This talk features exceptional practices to encourage strong stock as a critical base plus actual-global advice for Qualys Vulnerability Management customers to strategically leverage scanners, sellers, experiment groups and scripts to optimize scanning at each day periods.

Eleven:forty – 12:05 PM
Endpoint Breach Prevention by using Reducing Attack Surfaces
Chris Carlson, Vice President of Product Management, Qualys

The most scalable manner to save you breaches of endpoints, servers, and cloud workloads is to reduce the attack surface of the asset itself. Operational vulnerability control, remediation prioritization, obvious patching, cozy configuration evaluation, actual-time hobby monitoring, and lively threat searching brought through a unified protection platform can notably reduce the chance of breaches via that specialize in decreasing the assault floor of corporation IT environments. In this session, learn how to become aware of, remediate, hit upon, and reply to commonplace and targeted assaults which can steer clear of traditional and subsequent-gen prevention technologies.

691 posts

About author
Introvert. Incurable tv guru. Internet lover. Twitter trailblazer. Infuriatingly humble communicator. Spent a weekend creating marketing channels for cod in New York, NY. Spent the 80's writing about fried chicken in Pensacola, FL. In 2009 I was investing in sock monkeys in the government sector. Spent high school summers exporting cannibalism in Deltona, FL. A real dynamo when it comes to donating Roombas in Miami, FL. Spent 2001-2005 supervising the production of acne for no pay.
Articles
Related posts
Other

Reddit suffers data breach despite using SMS-based 2FA

3 Mins read
Popular social news aggregation and discussion internet site Reddit has suffered a breach. The attacker broke into a number of its structures…
Other

Facebook CSO Alex Stamos leaves to join Stanford Uni

2 Mins read
Facebook Chief Security Officer Alex Stamos has introduced that he’s leaving the organization on August 17 and will be joining Stanford University…
Other

HP plugs critical RCE flaws in InkJet printers

1 Mins read
HP has plugged important vulnerabilities (CVE-2018-5924, CVE-2018-5925) affecting many of its InkJet printers and is urging customers to put in force the…