The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
Register for this webcast for insight into the changing demands on vulnerability management programs.
[Webinar] Vulnerability Risk Management - Lessons From the Trenches
One of the largest retailers in the world, top 5 medical insurance firm, largest US electric utilities provider - these are just some of the industry leaders that rely on Brinqa Vulnerability Risk Management to secure their critical assets. How do these cybersecurity organizations - representing some of the most complex, diverse and vast technology ecosystems in the world - tackle the most pressing vulnerability management problems of today?
Join us as we share lessons learned from down in the trenches of vulnerability risk management :
How top risk leaders and organizations approach risk prioritization
How to reduce remediation overhead while improving effectiveness
How you can gain insights into emerging threats like Meltdown and Spectre
How to future-proof your vulnerability risk management program
Vulnerability management is consistently ranked among the top priorities for information security organizations. With an ever-growing attack surface and increasingly sophisticated malicious actors, traditional approaches to vulnerability management are struggling to keep pace with the changing threat landscape. Inconsistent, inefficient, manual processes to analyze, triage and remediate vulnerabilities doom many organizations to a never-ending game of catch-up.
In this webinar, we’re going to explore a strategy that can help organizations break out of ‘whack-a-mole’ vulnerability management cycles and begin to secure their IT infrastructure proactively : Automation.
Join this webinar to learn how you can automate large parts of the vulnerability risk management process, including:
* Create accurate asset and vulnerability repositories
* Prioritize vulnerability risk based on business context and threat intelligence
* Group vulnerabilities into tickets, assign ownership and enforce SLAs
* Engage and inform all stakeholders
Welcome to the White Hat Files – a monthly series where the best white hat hackers give you what you need to know about the threat landscape.
Our first White Hat File comes from Josh Berry, who holds OSCP, CISSP, and GIAC certifications.
In this 15-minute webinar, he’ll give you the rundown on Accudata’s most-seen vulnerabilities, as well as best practices you can use to defeat attackers looking to dissect and destroy your business.
Join us for our next edition in June! Register here: https://www.brighttalk.com/webcast/16347/322209?utm_source=Accudata+Systems&utm_medium=brighttalk&utm_campaign=322209
Join us for this webinar as we discuss the visual language necessary to communicate with all the varied stakeholders that are impacted by or part of the vulnerability risk management process: business users, application owners, IT administrators, security professionals, compliance regulators, and others.
We will discuss the data analysis necessary to create and communicate different types of metrics, including :
Business Exposure: What risks are different business entities exposed to due the vulnerabilities?
Vulnerability Impact: How do different technologies and various types of vulnerabilities contribute to risk?
Remediation Performance: How effective and efficient are current remediation efforts?
Supply chains are becoming ever more complex, particularly with the increase in outsourcing and the advancement of multi-tiered global supply networks. More and more organisations are now faced with direct and continuously evolving operational and legislative risks as a result of global market disruption or malpractice in their supply chains.
“Supply chain risk management is the implementation of strategies to manage every day and exceptional risks along the supply chain, underpinned by continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.” (Supply Chain Risk Management: An Emerging Discipline”)
This Supply Chain & Risk Management webinar provides participants with a glimpse of the global supply chain risk landscape. Definitions of risk management and new techniques and tactics to mitigate risk will be discussed, along with profiles of early adopters of Supply Chain Risk Management.
Attend this Supply Chain & Risk Management webinar and get a brief introduction on how to:
Identify global supply chain risks
Assess risks within your supply chain
Mitigate risks throughout your enterprise with new tools and tactics
Manage volatility, uncertainty, complexity, ambiguity and risk
Create a resilient supply chain
In this webinar you will:
- Learn how BitSight Security Ratings is transforming the market for Cybersecurity risk management;
- Understand the importance of the underlying Data Quality for an accurate understanding of a company’s exposure to Cybersecurity Threats;
- Find out how your company can use BitSight to gain better visibility, collaboration and monitoring of its cyber risk posture.
- Bob Lewis, Former Head of External Cyber Assurance & Monitoring
- Rui Serra, Senior Product Manager, at BitSight
- Tiago Pereira, Threat research Team Lead, at BitSight
The key to effectively reducing the attack surface is remediating exactly the right vulnerability or weakness that will be used by the adversary. While the idea is simple enough, executing on it has proven to be one of the largest challenges facing enterprises.
The impact of this lack of visibility into the attacker journey is that vulnerability remediation strategies are likely unaligned, and therefore ineffective.
There’s no data that supports the hypothesis to align early weaponization to breaches, which makes it hard to know when it is the ideal time to fix the vulnerability or weakness.
Vulnerability prioritization and weaponization prediction must be fueled with data and domain expertise. Fixing thousands of vulnerabilities is not enough. We need to make sure we are fixing the right vulnerabilities, at the right time. In this talk we will cover:
• Quantitative and Qualitative: details on RiskSense threat dataset and data sources that allows us to uniquely separate “signal” from “noise”.
• Unprecedented visibility into attack validation data: from over 10+ years, this enables us to reconstruct the complete attacker journey and understand time-based patterns.
• Insights into Vulnerability life cycle: weaponization and breach latency. This will allow us to determine no engagement vs. engagement from a remediation standpoint.
• Attributes and variables: used for Machine Learning to predict Weaponization and Breach Susceptibility
This presentation will be given by Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense. RiskSense’s team was the first to predict WannaCry and has since released Koadic Post Exploitation Command & Control.
A single weak point in a line of code can create an open door for attackers. Threats originating from applications are now more pervasive than ever. We believe that the best defense against application vulnerabilities is a good offense.
In this webinar, we will share results from our recent primary research study that reveals:
• The top five application security risks
• Where these risks originate
• How to remediate these risks
• Best practices to protect your business, protect your customers
With an average of 40 new vulnerabilities emerging every single day, to say that staying ahead of the latest threats is a challenge is an understatement.
Today, organizations are generating an unprecedented amount of data, and with that data, comes thousands, if not millions, of vulnerabilities. Unfortunately, it’s simply impossible for any organization to remediate every single one and ensure 100% coverage of its attack surface.
But that’s where the capability to predict exploits comes into play..
Join us and the Cyentia Institute for our next webinar: From Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies. Fueled by the first-of-its kind research findings from Kenna Security and the Cyentia Institute, we’ll cover:
- The quantitative effectiveness between common remediation strategies and a cutting-edge predictive model
- A detailed review of the data sources available for building or improving decision models for vulnerability remediation
- A discussion of the vulnerability lifecycle and examination of the timelines and triggers surrounding key milestones
- Identification of the attributes of vulnerabilities that correlate with exploitation
Deliver efficiency in your people, tools, time, and dollars to address the threats that pose the greatest risk. Register now.
Vulnerabilities are an inevitable part of software development and management. Whether it’s open source or custom code, new vulnerabilities will be discovered as a code base ages. A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe. As the number of disclosures, patches, and updates grows, security professionals must decide which items are critical and must be addressed immediately and which items can be deferred.
Join Black Duck’s VP of Security Strategy, Mike Pittenger, for a 30-minute discussion of best practices in open source security and vulnerability management. You’ll learn:
- Methods for determining which applications are most attractive to attackers, and which pose the greatest risk
- Ways to assess the risk associated with a disclosed open source vulnerability
- Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made
How do you handle risk assessment and vulnerability management for IoT when multiple security patterns need assessment? There is a new frontier for security that requires breaking conventional control and mitigation assumptions before a Frankenmonster rises from your IoT project.
In this webinar, RiskSense CEO and Co-Founder Dr. Srinivas Mukkamala will discuss:
- The assessment of chaining together multiple vulnerabilities and the potential exploit path through flexible and fractured design components for IoT.
- Consideration for dynamically changing devices and utilization models that break traditional security and risk assessments.
- IoT risk and the growing need to incorporate threat data, unintentional device use-cases, and the mechanisms to keep constant control of the devices themselves.
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
Network-centric security is inadequate for the challenges of security in modern cloud environments. Simply having boxes and firewalls won't detect and protect against bitcoin mining attacks, container configuration issues, or other account compromises that are prevalent in the cloud. Enterprises today need an automated, end-to-end approach to immediately identify threats, apply fixes, and protect critical data.
Tune into this live interview with Lacework as they discuss how to counter these undetected risks with a cloud-first approach. Topics will include:
- How to differentiate among threats, vulnerabilities and risks in the cloud
- What organizations need to do with data from accounts and workloads
- How organizations should address container security
- Why major breaches are still happening and what organizations aren't doing that's putting them and their data at risk
Vulnerability scan data can only provide insight into the existence of vulnerabilities in your infrastructure. To prioritize remediation efforts, it’s essential to have additional information about the impacted assets and the environment in which they exist. Building “queryable infrastructure” allows you to have a real-time snapshot of which vulnerable assets are exposed or are adequately protected by compensating controls. The addition of threat intelligence feeds further helps to narrow focus, as knowing how a vulnerability can be exploited will reveal which systems are most likely to be attacked.
In this webinar you will learn:
What blind spots can be left by scanning and how to fill in the holes
Why it’s important for vulnerability management solutions to be vendor agnostic and able to merge and centralize data
How to use queryable infrastructures in vulnerability management processes
How automation simplifies the maintenance of a queryable infrastructure and risk-based vulnerability analysis
Join Skybox Security Global Director of Technical Product Marketing Sean Keef and featured speaker Josh Zelonis, Forrester senior analyst, in a webinar that considers why “queryable infrastructure” is crucial to effective, informed vulnerability management.
Cyber risk management is no easy task. Why? Because while security teams may know about these vulnerabilities, they often lack the right amount of context to determine which vulnerabilities pose the greatest risk to the organization. Without this, the security team can’t appropriately prioritize which vulnerabilities should be remediated first.
Join Kenna Security for our next webinar - “Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprise Organizations,” with Jon Oltsik, senior principal analyst at ESG and Karim Toubba, CEO of Kenna Security.
In this webinar, we’ll cover:
- Findings from the July 2017 ESG Research Report, Cybersecurity Analytics and Operations in Transition
- The challenges facing leadership teams in traditional methods of vulnerability management
- Why more security data doesn’t always lead to better decisions
- How the Kenna Security Platform can enable you take a risk-based approach to vulnerability management and help teams work cross-functionally to prioritize and mitigate cyber risk
Discover the next wave of risk-based reporting and gain operational efficiency to maximize return on your risk mitigation efforts.
Our fourth White-Hat File is once again from Anton Abaya, CISA, PCI QSA, Senior Consultant in Accudata’s Risk and Compliance practice.
In the July edition, Anton talked about his expertise with physical social engineering. In this 15-minute webinar, he’ll describe the most effective ways he uses online phishing techniques to break into corporate networks—and how you can ensure these remote attacks don’t work on your employees.
To register for the September edition of the White-Hat Files, copy and paste this link: https://www.brighttalk.com/webcast/16347/333750?utm_source=Accudata+Systems&utm_medium=brighttalk&utm_campaign=333750
DevOps allows organizations to bring web and mobile applications to life faster than traditional SDLC. However with more frequent application updates, there is increased risk of introducing exploitable vulnerabilities to the production stream that won't get detected.
Traditional penetration testing can't keep up with the frequency and such short deployment cycles and due to its compliance based nature is not comprehensive enough to mimic increasingly sophisticated cyberattack behavior. The result is many high-profile breaches and an increase of serious, exploitable vulnerabilities in live applications.
Leading organizations are moving towards a security testing model that combines continuous vulnerability scanning tools with continuous manual testing. The manual security testing is performed by international top class Security Researchers who perform offensive and adversarial-based testing that more closely resembles real attack traffic and better aligns with DevOps SDLC.
Join this webinar led by Ron Peeters, Managing Director of Synack, to learn more about how continuous application security testing lowers the risk of dynamic deployments with DevOps SDLC Synack’s continuous, offensive security testing model better supports DevOps SDLC and lowers the risk of being breached.
Our third White-Hat File comes from Anton Abaya, CISA, PCI QSA, Senior Consultant in Accudata’s Risk and Compliance practice.
In this 15-minute webinar, he’ll describe the most effective ways he’s used social engineering and phishing techniques to crack into companies, as well as the best practices you can implement to ensure these attacks don’t work on your business.
Register for the August edition of the White-Hat Files here: https://www.brighttalk.com/webcast/16347/330367
A recent, significant data breach in 2017 has caused people to take a deeper look into Apache Struts vulnerabilities. This weakness emphasized the impending risks for Apache Struts-based applications. Even today, scanners do not detect all known vulnerabilities. As of November 2017, the leading scanners still missed 14 total unique Common Vulnerabilities and Exposures (CVEs).
In this webinar, we will analyze Apache Struts-related vulnerability weaponization patterns spanning the last decade. We will also provide insight into exploit patterns through a live exploit demonstration and explain how these patterns can define an organization’s risk management strategy.
Hear from RiskSense’s Anand Paturi (VP of Research and Development) and Barry Cogan (Senior Security Analyst) as they guide us through the live demonstration and provide insights into exploit patterns
and how attacks can be avoided.
Increase security effectiveness and maintain dev agility
Three certainties in 2017: organizations worldwide will continue to increase their use of open source software; new open source security vulnerabilities will be discovered; exploits of open source vulnerabilities will occur.
With dev teams under constant pressure to accelerate application delivery and with security resources often scarce, organizations need more effective ways to determine which open source vulnerabilities to fix first and the options available to reduce risk during remediation.
Join Black Duck VP of Security Strategy Mike Pittenger as he discusses strategies and emerging best practices for risk-ranking open source vulnerabilities. He will cover:
- the most important considerations in prioritizing open source security issues
- ways to determine the risk associated with a discovered open source vulnerability
- options for dealing with open source security vulnerabilities beyond simply replacing the component
The number of open source vulnerabilities hit an all-time record in 2017 with 3,500 reported vulnerabilities - that's 60% higher than the previous year, and the trend continues in 2018.
Since it’s impossible to keep up with today’s pace of software production without open source, development and security teams are challenged to meet security objectives, without compromising on speed and quality.
It's time for organizations to step up their open source security game. Join WhiteSource's Senior Director of Product Management, Rami Elron, as he discusses:
- the current state of open source vulnerabilities management;
- organizations' struggle to handle open source vulnerabilities; and
- the key strategy for effective vulnerability management.