No More Checkboxes: Vulnerability Management Evolves

Mike Rothman and Jack Daniel
Vulnerability management is growing in strategic importance as organizations seek to optimize the efficiency of their security teams, and to better understand and manage risk. As managers struggle to make sense of a deluge of vulnerability data, vulnerability scanners are evolving to address these needs. As a result, they’re emerging as a much more strategic component of the security infrastructure. Join Securosis analyst and president Mike Rothman as he discusses critical findings around this market shift – including an examination of underlying drivers and detailed insights into the capabilities and features you’ll need to move to next-generation vulnerability management and begin reaping the rewards. Mike will be joined by Jack Daniel, Tenable Network Security product manager and security blogger, who’ll provide insights into how organizations are achieving these gains today with Tenable products and technologies.

Topics to be covered include:

•What core features are essential in today’s more complex networking environments

•The increasing importance of assessing the application layer

•How to expand capabilities by incorporating value-add technologies to your deployment

•The unique requirements of the enterprise

•Deciding whether you can work with the tools you have – and how to replace them if new technologies are needed
Jun 26 2012
67 mins
No More Checkboxes: Vulnerability Management Evolves
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2855)
  • Upcoming (88)
  • Date
  • Rating
  • Views
  • You are invited to register for our upcoming COSO webinar, COSO 2013: Mapping Controls to Principles. Transitioning to the New COSO Framework is top of mind for many organizations. How do you get started? How do you map controls to principles or vice versa? What are some of the preliminary findings organizations are seeing as they head down the path to implement the framework?

    Please submit top-of-mind questions during the webinar registration process.

    CPE credits will be provided to qualifying attendees.
  • *On this webcast we're giving away a pass to our partner event: the Chicago Cyber Incident Response Summit, between June 21-23, 2014*

    Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas. The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’ With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. You need a blueprint to reverse this trend in your organization.

    In this webinar, William Stewart, Senior Vice President of Booz Allen Hamilton and Jeff Lunglhofer, Principal of Booz Allen Hamilton–a leading management technology and consulting firm driving strategic innovation for clients–will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security, with Mark Bower, VP Product Management and Solutions Architecture at Voltage Security.

    Attend this webinar to learn more about how to:
    •Increase responsiveness and security in your IT environment and architecture
    •Fight pervasive threats from inside and outside attack with data-centric technologies
    •Raise your organization’s overall data privacy, compliance, and security profile
    •Implement a new data de-identification framework across production, test & dev, and analytics use cases
    •Proactively enable critical business initiatives
    --Can't attend live? Register below to receive a link to the recorded webcast.
  • This webinar is presented by McAfee and Intel to help customers understand their Data Protection solution from McAfee and to get the most business value out of their Intel based endpoints. Products that apply to this webcast include McAfee Complete Data Protection Suites, featuring Endpoint Encryption, and EPO Deep Command to extend the reach of your IT department to lower your total cost of ownership. The webinar will include a special highlight on Intel® Core™ vPro™ Processors and associated technologies that increase productivity and hardware-assisted security in the enterprise. This webcast is provided as a 35-40 minute overview and includes 5-10 minutes of Q & A.

    Join this webinar on Data Protection and learn about:
    • The key features of Data Protection and how it can provide you with the security you need
    • Use cases on utilizing the synergy between Intel® vPro™ and McAfee Data Protection technologies to reduce your overall TCO
    • How you can extend the reach of your IT team with the ability to remotely wake up or even power on PC’s, remediate “disabled” endpoints and remotely reset pre-boot passwords
    • How to securely manage your endpoints from a single console while simultaneously providing self-service features for your end-users
  • Modulo Director of Technical Services John Ambra walks Risk Manager users through the latest version 8.4, and answers user questions at the end.
  • Mobile workers are increasingly demanding access to mission-critical data and apps from personal smart phones, tablets and laptops. However, co-mingling of personal and business data and apps on mobile devices creates risk of business data loss and introduction of malware. What are the risks and what technologies can businesses deploy to enable productivity while protecting from these threats ?

    •Learn about the risks introduced when personal and business data and apps co-mingle on mobile devices
    •Learn about available technologies and technology trends to address these risks.

    Join Dell to understand the risks introduced when personal and business data co-mingle on mobile devices and technologies to consider to protect corporate data.
  • Forty-four states, DC and four territories have adopted the Common Core State Standards (CCSS). This means that school districts across the country are planning for 100% online assessments during the 2014-2015 school year. One of the most important conditions needed for being able to administer online assessments is network infrastructure readiness.
    Attend this 30-minute webinar and join Gavin Lee, Senior K-12 Business Development Manager at Juniper Networks, to discuss the critical network must-haves that all school districts should consider when looking to deploy a robust and supportable network. You will also receive practical guidance on how to get the most out of your network infrastructure and how to best prepare for the CCCSS assessments:
    • Consortia network infrastructure
    • Wired and wireless network capabilities
    • Robust network security
    • Network support readiness
    • Juniper Networks network infrastructure readiness resources
  • Jack Madden converses with James Rendell to get the CA perspective on Enterprise Mobility Management’s (EMM) future potential. EMM must not for get BYOD but also go beyond it into Mobile App Management (MAM) and find ways to keep users personal information and employers information separated and find a way to embrace the Internet of Things.
  • Jack Madden discusses Enterprise Mobility with Arun Bhattacharya to get the CA perspective on the way it should be. This means going beyond BYOD and MDM, and embracing MAM, MEM, MCM, and IoT. For many companies, finding the balance between employers and users privacy and security has been a problematic issues.
  • Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data compromised by the vulnerability. The simplicity of the exploit makes it powerful. It appears that over a half million websites are vulnerable.
    In this session we'll cover:
    What you need to know about the Heartbleed vulvnerability
    How to detect it using AlienVault USM
    How to investigate successful Heartbleed exploits
  • In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • Channel
  • Channel profile
Up Down
  • Healthcare’s Unique Vulnerability Management Challenges Recorded: Nov 14 2013 56 mins
    This webcast will explore the unique and very challenging landscape that healthcare provider organizations face managing system vulnerabilities.

    Along with the common vulnerability management challenges associated with operating a large enterprise, healthcare organizations face risks and vulnerabilities from a wide array of medical devices, a proliferation of mobile devices (both managed and non-managed) and electronic medical record (EMR) systems that are often hosted in the cloud.

    During this session, our panel will discuss:

    - The impact of evolving industry security standards and regulation on vulnerability management

    - What safeguards are being implemented to mitigate risk

    - Containing risk, while enabling operational agility to adopt new technologies

    - Your questions and comments

    Panelists:

    - Larry Brandolph, CISO, Temple University

    - Dr. Bryan Cline, VP, CSF Development and Implementation, and CISO for the Health Information Trust Alliance (HITRUST)

    - Joel Garmon, CISO, Wake Forest Baptist Medical Center

    - Brad Sanford, CISO, Emory University and Emory Healthcare

    - Marcus Ranum, CSO, Tenable Network Security

    - Craig Shumard, Principal, Shumard and Associates, LLC, Emeritus CISO, Cigna
  • Communicating Vulnerabilities to Management: Making the Rubber Meet the Road Recorded: Nov 12 2013 62 mins
    Is your organization’s security vulnerability information getting to the right people? Security vulnerability identification without resolution is frustrating and dangerous to your organization.

    Please join Paul, Jack, and Renaud Deraison (Tenable’s Chief Research Officer and the creator of Nessus) for the final webcast in the “Vulnerabilities Exposed” series where we will discuss how to detect and prioritize vulnerabilities, and then communicate them to the responsible parties for resolution.

    Tenable will arm you with new ways to keep the vulnerability information flowing, in the right directions and to the right people.

    • Find the vulnerabilities that matter
    • Prioritize patches for the greatest impact
    • Communicate problems to get, and keep, them fixed
  • Reduce Security and Compliance Gaps with Continuous Security Monitoring Recorded: Nov 7 2013 63 mins
    Organizations are moving from “Periodic” scanning to “Continuous Monitoring” to protect their information assets from advanced threats and exposure from new technologies such as mobile and virtual systems. But, don’t assume that Continuous Monitoring just means more frequent scanning.

    Join Mike Rothman, President of Securosis, and Jack Daniel, Tenable Product Manager, as they discuss how to choose the right technology and focus on the key vulnerability management processes to create a proactive risk-based security and compliance management program.
  • BYOD-Bring Your Own Devastation-Taking On the Mobile Threat-"Vulns Exposed" Recorded: Oct 22 2013 58 mins
    What is the security status of your organization's BYOD environment?

    Join Paul Asadoorian and Jack Daniel for the third webcast in the “Vulnerabilities Exposed” series where they’ll discuss BYOD as one of today’s fastest growing security challenges and present Tenable solutions to help your organization stay ahead of mobile threats.

    Learn how to find and secure your BYOD and corporate mobile devices:

    • Detailed BYOD/mobile device snapshots: find iOS, Android-based, and Windows phone devices connected to your corporate network and their vulnerabilities
    • Full mobile asset discovery: continuously detect transient mobile devices, both managed and unmanaged, and their vulnerabilities
    • Unified mobile device management: powerful dashboards, reporting, alerting, and data sharing for organization-wide management of mobile device risk and compliance
  • How will Software Security Evolve? - Geeking Out with Marcus Ranum Recorded: Oct 17 2013 60 mins
    Software security remains the "elephant in the room" of computing. The obvious answer is that it's a hard problem. But more subtle answers are rooted in how the software industry is structured.

    In this webcast, Gary McGraw and Marcus Ranum will engage in a conversation about how the industry might eventually evolve.
  • Addressing the Security Challenges of Virtualization - "Vulnerabilities Exposed" Recorded: Sep 24 2013 59 mins
    How secure is your virtual environment? Attend the second webcast in the "Vulnerabilities Exposed" webcast series where we'll discuss virtual machine (VM) sprawl, virtual “Whack-a-Mole,” and how your virtualization layer is equivalent to physical access.

    Paul and Jack will explain how to inventory, scan, and harden your virtual infrastructure and present Tenable solutions. Tenable customer, Russell Butturini, will discuss his experiences using Tenable products in the virtual environment at his company.

    Learn how to find and secure your VMs:

    • 7 steps to virtual security nirvana: our process to systematically secure your virtualized environment
    • Found another one!: use active scanning and real-time monitoring to find all your VMs
    • Patch and system hardening made easy: reduce overhead when hardening your virtual environment
    • Communication is key: prioritize risk and distribute the information to the people who can get the problems fixed
  • BYOD and Clouds: "The Perfect Storm" (Part 2) - A Politics of Security Webcast Recorded: Sep 19 2013 56 mins
    Part 2 of this series will focus on the risks and safeguards related to cloud storage repositories and mobile application security in an ‘any device/any channel’ engagement model.
  • Why Choose Tenable over Qualys? Recorded: Sep 5 2013 63 mins
    This webcast highlights the key capabilities of Tenable's vulnerability management solution and the benefits it provides over Qualys.
  • Reducing Your Patch Cycle to Less Than 5 Days - "Vulnerabilities Exposed" Series Recorded: Aug 27 2013 64 mins
    Is a 90-day patch cycle the best your organization can achieve? Join Paul Asadoorian and Jack Daniel for the first webcast in the “Vulnerabilities Exposed” series where they’ll dive deep into the challenges of vulnerability management and present creative solutions to help you fully leverage your vulnerability management process and reduce your patch cycle.

    Learn four ways to dramatically reduce your patch cycle:

    • More is less: complete vulnerability discovery with consolidated remediation means you patch fewer systems to fix more problems
    • Faster is better: real-time monitoring allows you to patch as you go
    • Work smarter, not harder: automated patch management system validation reduces discrepancies between IT security and network operations
    • No one likes surprises: identify deteriorating process trends before they become problematic
  • BYOD and Clouds: "The Perfect Storm" (Part 1) - A Politics of Security Webcast Recorded: Jul 18 2013 55 mins
    This two part webcast series examines how BYOD deployments along with cloud computing are collectively impacting security risks, how various organizations are updating their security processes to account for these technologies, and what safeguards are being implemented to mitigate risks as they are deployed.
  • Vulnerability Management nach BSI IT-Grundschutz Recorded: Jul 16 2013 29 mins
    In diesem Webinar von Tenable Network Security erfahren Sie wie Sie fortlaufend Windows-spezifische Massnahmen & Controls aus dem Massnahmenkatalogen überprüfen und auswerten können und wie Sie nach IT Grundschutz einen Nessus Audit durchführen. Report Auswertung und wie Remediation schnell in die Wege geleitet werden kann werden auch besprochen, oder wie Sie durch kontinuierliches Monitoring IT Grundschutz Compliance-Auflagen erfüllen können.

    Participant dial-in option.

    International Dial-In+44 (0) 1452 555566
    Germany 06922224918
    Austria 019286568
    Switzerland 0565800007

    Please quote the following conference ID: 14321710
  • Implementing an Effective Vulnerability Management Program Recorded: Jul 16 2013 44 mins
    Brian Honan presents this webinar on how to develop an effective Vulnerability Management program and what to consider when incorporating it into a wider security strategy. A best practice guide on how to identify your most critical assets, protect your data and reduce the breach to detection gap.
  • Increase Security Effectiveness with the 20 Critical Security Controls Recorded: Jun 19 2013 34 mins
    Automating the 20 Critical Security Controls has demonstrated reduction in risk by over 90%. Tenable is the first vendor to offer an integrated real-time risk management solution to help organizations easily implement these controls.
  • Geeking Out with Marcus Ranum - Malware Response Recorded: Jun 4 2013 60 mins
    Within the past five years, we have seen an escalating strategic use of malware and its negative impact on organizations. The TTPs (tactics, techniques, and procedures) of various threat actors have caused not only a demand for incident response capabilities, but also the need for in-house reverse engineering and malware response skills to aid incident response and forensic activities.

    Please join Marcus Ranum and special guest, Joel Yonts, on Tuesday, June 4 at 2PM EST for an interactive conversation on malware response programs and their importance and role in today’s enterprise security operations.

    Topics covered:
    •Strategy and objectives for developing a malware response process
    •How to build a malware analysis team
    •What tools to employ for malware response, and other related topics
  • Managing Vulnerabilities in Virtualized and Cloud-based Deployments Recorded: May 30 2013 60 mins
    Technologies such as virtualization and cloud-delivered services offer organizations the benefits of hardware consolidation and rapid provisioning and deployment. However, they also bring security and compliance challenges that break traditional vulnerability management solutions by allowing un-scanned and unpatched systems to become active in any part of the organization. A new model that offers real-time identification and assessment of these technologies is required to mitigate the risks. Find out more about it in this webcast…
  • Cyber Threats News and APT Defenses - A Politics of Security Webcast Recorded: May 23 2013 57 mins
    There has been a lot of press lately on the escalating cyber threats especially from China. A panel of security experts and practitioners will discuss focus on how this press coverage has changed how organizations think about these cyber threats and what countermeasures they need or plan to implement to address escalating crimes, espionage, or warfare cyber risks.
  • Is your Network Infrastructure Adequately Protected? Recorded: May 15 2013 63 mins
    Network devices including firewalls and routers are the gatekeepers to “endpoint” resources and are increasingly using complex software components. These devices are often remotely accessible and whose configuration changes regularly, making them susceptible to vulnerabilities and misconfigurations. To add to this, network and security teams are often separate parts of an organization often leading to incomplete understanding of vulnerable infrastructure. In this webcast, we examine how to identify vulnerable devices and communicate them across multiple teams and ultimately fortify these devices from configuration and security issues.
  • Increase Security Effectiveness with the 20 Critical Security Controls Recorded: May 1 2013 64 mins
    Automating the 20 Critical Security Controls has demonstrated reduction in risk by over 90%. Tenable is the first vendor to offer an integrated real-time risk management solution to help organizations easily implement these controls.
  • How Will CDM Impact Your Organization? Recorded: Apr 10 2013 59 mins
    DHS' CDM program combines the valuable lessons learned from the existing implementation of FISMA mandates, the strides made by the Cyberscope program, and the proven results of the State Department’s iPOST program. During this webinar, we will discuss:

    - Current challenges in enterprise continuous monitoring
    - How to move your program from periodic system state analysis to real-time monitoring
    - A glimpse into the future: DHS CDM and it's affect on security and regulatory compliance
  • Geeking Out with Marcus Ranum - Take 2 Recorded: Apr 3 2013 60 mins
    Defining "normal" is one of the hardest things we do in security (the other is trying to get people to write perfect code!), but there are a few tricks that work. In this second session, Marcus Ranum and Ron Dilley will be talking about detection algorithms and the problem of defining "normal" network activity.
Industry-expert insights on overcoming critical security challenges
Tenable Network Security brings you critical, timely insights and advice on how to protect your IT infrastructure from the latest threats and ensure compliance and clean audits, while effectively understanding and communicating risk. With guests including renowned technical experts and specialists, senior executives, and industry leaders, you’ll gain multiple perspectives on how to address IT security challenges — along with the practical, hands-on advice you need to stay ahead of threats.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: No More Checkboxes: Vulnerability Management Evolves
  • Live at: Jun 26 2012 3:00 pm
  • Presented by: Mike Rothman and Jack Daniel
  • From:
Your email has been sent.
or close
You must be logged in to email this