Hi [[ session.user.profile.firstName ]]
Sort by:
    • Vulnerability Risk Management; Not Just Scanners Anymore
      Vulnerability Risk Management; Not Just Scanners Anymore Steven Grossman, VP of Strategy, Bay Dynamics with Guest Speaker, Forrester Sr. Security & Risk Analyst, Josh Zelonis Recorded: Oct 24 2017 4:00 pm UTC 57 mins
    • The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.

      Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:

      - Why is vulnerability risk management more that scanning?
      - How do you prioritize risks beyond CVE and CVSS scores?
      - How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
      -What are the common challenges in moving to a vulnerability risk management model?

      Register for this webcast for insight into the changing demands on vulnerability management programs.

      Read more >
    • Vulnerability Risk Management - Lessons From the Trenches
      Vulnerability Risk Management - Lessons From the Trenches Syed Abdur, Brinqa, Director of Product Recorded: Mar 29 2018 5:00 pm UTC 61 mins
    • [Webinar] Vulnerability Risk Management - Lessons From the Trenches
      One of the largest retailers in the world, top 5 medical insurance firm, largest US electric utilities provider - these are just some of the industry leaders that rely on Brinqa Vulnerability Risk Management to secure their critical assets. How do these cybersecurity organizations - representing some of the most complex, diverse and vast technology ecosystems in the world - tackle the most pressing vulnerability management problems of today?

      Join us as we share lessons learned from down in the trenches of vulnerability risk management :
      How top risk leaders and organizations approach risk prioritization
      How to reduce remediation overhead while improving effectiveness
      How you can gain insights into emerging threats like Meltdown and Spectre
      How to future-proof your vulnerability risk management program

      Read more >
    • Automating Vulnerability Risk Management, An Essential Cybersecurity Strategy
      Automating Vulnerability Risk Management, An Essential Cybersecurity Strategy Syed Abdur, Brinqa, Director of Product and James Walta, Brinqa, Sales Engineer Recorded: Mar 8 2018 6:00 pm UTC 63 mins
    • Vulnerability management is consistently ranked among the top priorities for information security organizations. With an ever-growing attack surface and increasingly sophisticated malicious actors, traditional approaches to vulnerability management are struggling to keep pace with the changing threat landscape. Inconsistent, inefficient, manual processes to analyze, triage and remediate vulnerabilities doom many organizations to a never-ending game of catch-up.

      In this webinar, we’re going to explore a strategy that can help organizations break out of ‘whack-a-mole’ vulnerability management cycles and begin to secure their IT infrastructure proactively : Automation.

      Join this webinar to learn how you can automate large parts of the vulnerability risk management process, including:

      * Create accurate asset and vulnerability repositories
      * Prioritize vulnerability risk based on business context and threat intelligence
      * Group vulnerabilities into tickets, assign ownership and enforce SLAs
      * Engage and inform all stakeholders

      Read more >
    • Supply Chain & Risk Management (SCRM): Disciplines Joined-at-the-Hip
      Supply Chain & Risk Management (SCRM): Disciplines Joined-at-the-Hip Gregory L. Schlegel, CPIM Upcoming: Jan 15 2019 3:00 pm UTC 75 mins
    • Supply chains are becoming ever more complex, particularly with the increase in outsourcing and the advancement of multi-tiered global supply networks. More and more organisations are now faced with direct and continuously evolving operational and legislative risks as a result of global market disruption or malpractice in their supply chains.

      “Supply chain risk management is the implementation of strategies to manage every day and exceptional risks along the supply chain, underpinned by continuous risk assessment with the objective of reducing vulnerability and ensuring continuity.” (Supply Chain Risk Management: An Emerging Discipline”)

      This Supply Chain & Risk Management webinar provides participants with a glimpse of the global supply chain risk landscape. Definitions of risk management and new techniques and tactics to mitigate risk will be discussed, along with profiles of early adopters of Supply Chain Risk Management.

      Attend this Supply Chain & Risk Management webinar and get a brief introduction on how to:
      Identify global supply chain risks
      Assess risks within your supply chain
      Mitigate risks throughout your enterprise with new tools and tactics
      Manage volatility, uncertainty, complexity, ambiguity and risk
      Create a resilient supply chain

      Read more >
    • Predictive Intelligence: Vulnerability Weaponization and Exploitation
      Predictive Intelligence: Vulnerability Weaponization and Exploitation Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense Recorded: Sep 18 2018 7:00 pm UTC 43 mins
    • The key to effectively reducing the attack surface is remediating exactly the right vulnerability or weakness that will be used by the adversary. While the idea is simple enough, executing on it has proven to be one of the largest challenges facing enterprises.

      The impact of this lack of visibility into the attacker journey is that vulnerability remediation strategies are likely unaligned, and therefore ineffective.

      There’s no data that supports the hypothesis to align early weaponization to breaches, which makes it hard to know when it is the ideal time to fix the vulnerability or weakness.

      Vulnerability prioritization and weaponization prediction must be fueled with data and domain expertise. Fixing thousands of vulnerabilities is not enough. We need to make sure we are fixing the right vulnerabilities, at the right time. In this talk we will cover:

      • Quantitative and Qualitative: details on RiskSense threat dataset and data sources that allows us to uniquely separate “signal” from “noise”.
      • Unprecedented visibility into attack validation data: from over 10+ years, this enables us to reconstruct the complete attacker journey and understand time-based patterns.
      • Insights into Vulnerability life cycle: weaponization and breach latency. This will allow us to determine no engagement vs. engagement from a remediation standpoint.
      • Attributes and variables: used for Machine Learning to predict Weaponization and Breach Susceptibility

      This presentation will be given by Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense. RiskSense’s team was the first to predict WannaCry and has since released Koadic Post Exploitation Command & Control.

      Read more >
    • From Prioritization to Prediction-Analyzing Vulnerability Remediation Strategies
      From Prioritization to Prediction-Analyzing Vulnerability Remediation Strategies Wade Baker & Jay Jacobs Co-Founders & Partners, Cyentia Institute & Jonathan Cran, Head of Research, Kenna Security Recorded: Aug 14 2018 4:00 pm UTC 51 mins
    • With an average of 40 new vulnerabilities emerging every single day, to say that staying ahead of the latest threats is a challenge is an understatement.

      Today, organizations are generating an unprecedented amount of data, and with that data, comes thousands, if not millions, of vulnerabilities. Unfortunately, it’s simply impossible for any organization to remediate every single one and ensure 100% coverage of its attack surface.

      But that’s where the capability to predict exploits comes into play..

      Join us and the Cyentia Institute for our next webinar: From Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies. Fueled by the first-of-its kind research findings from Kenna Security and the Cyentia Institute, we’ll cover:

      - The quantitative effectiveness between common remediation strategies and a cutting-edge predictive model
      - A detailed review of the data sources available for building or improving decision models for vulnerability remediation
      - A discussion of the vulnerability lifecycle and examination of the timelines and triggers surrounding key milestones
      - Identification of the attributes of vulnerabilities that correlate with exploitation

      Deliver efficiency in your people, tools, time, and dollars to address the threats that pose the greatest risk. Register now.

      Read more >
    • 4 Steps to Risk Ranking Your Vulnerabilities
      4 Steps to Risk Ranking Your Vulnerabilities Mike Pittenger, VP Security Strategy, Black Duck Software Recorded: Dec 19 2017 4:00 pm UTC 29 mins
    • Vulnerabilities are an inevitable part of software development and management. Whether it’s open source or custom code, new vulnerabilities will be discovered as a code base ages. A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe. As the number of disclosures, patches, and updates grows, security professionals must decide which items are critical and must be addressed immediately and which items can be deferred.
      Join Black Duck’s VP of Security Strategy, Mike Pittenger, for a 30-minute discussion of best practices in open source security and vulnerability management. You’ll learn:
      - Methods for determining which applications are most attractive to attackers, and which pose the greatest risk
      - Ways to assess the risk associated with a disclosed open source vulnerability
      - Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made

      Read more >
    • Piecing Together IoT Risk from Flexible & Fractured Design Components
      Piecing Together IoT Risk from Flexible & Fractured Design Components Dr. Srinivas Mukkamala, CEO and Co-Founder, at RiskSense Recorded: Jun 12 2018 7:00 pm UTC 47 mins
    • How do you handle risk assessment and vulnerability management for IoT when multiple security patterns need assessment? There is a new frontier for security that requires breaking conventional control and mitigation assumptions before a Frankenmonster rises from your IoT project.

      In this webinar, RiskSense CEO and Co-Founder Dr. Srinivas Mukkamala will discuss:

      - The assessment of chaining together multiple vulnerabilities and the potential exploit path through flexible and fractured design components for IoT.
      - Consideration for dynamically changing devices and utilization models that break traditional security and risk assessments.
      - IoT risk and the growing need to incorporate threat data, unintentional device use-cases, and the mechanisms to keep constant control of the devices themselves.

      Read more >
    • Cybersecurity Ratings Part 1: Cyber Risk Monitoring: Adapting to the New Normal
      Cybersecurity Ratings Part 1: Cyber Risk Monitoring: Adapting to the New Normal Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Nick Trigg, Risk Consultant, BitSight Technology Recorded: Oct 9 2018 11:00 am UTC 59 mins
    • Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.

      According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.

      The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors

      Given these challenges can you afford NOT to utilise Security Ratings?

      In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with

      •Do security ratings threaten or compliment traditional methods of questionnaires and audits
      •Why security ratings should be treated as a risk position rather than a vulnerability checklist.
      •Data: sources, accuracy, coverage, currency
      •Context : stakeholders, business impact
      •Time to value : best approach to implementation

      Read more >
    • Using Queryable Infrastructure To Understand Vulnerability Risk
      Using Queryable Infrastructure To Understand Vulnerability Risk Josh Zelonis, senior analyst, Forrester Recorded: Apr 25 2018 3:00 pm UTC 38 mins
    • Vulnerability scan data can only provide insight into the existence of vulnerabilities in your infrastructure. To prioritize remediation efforts, it’s essential to have additional information about the impacted assets and the environment in which they exist. Building “queryable infrastructure” allows you to have a real-time snapshot of which vulnerable assets are exposed or are adequately protected by compensating controls. The addition of threat intelligence feeds further helps to narrow focus, as knowing how a vulnerability can be exploited will reveal which systems are most likely to be attacked.

      In this webinar you will learn:

      What blind spots can be left by scanning and how to fill in the holes

      Why it’s important for vulnerability management solutions to be vendor agnostic and able to merge and centralize data

      How to use queryable infrastructures in vulnerability management processes

      How automation simplifies the maintenance of a queryable infrastructure and risk-based vulnerability analysis

      Join Skybox Security Global Director of Technical Product Marketing Sean Keef and featured speaker Josh Zelonis, Forrester senior analyst, in a webinar that considers why “queryable infrastructure” is crucial to effective, informed vulnerability management.

      Read more >
    • Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprises
      Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprises Jon Oltsik, Sr Principal Analyst at ESG & Karim Toubba, CEO of Kenna Security Recorded: Jul 31 2018 6:00 pm UTC 47 mins
    • Cyber risk management is no easy task. Why? Because while security teams may know about these vulnerabilities, they often lack the right amount of context to determine which vulnerabilities pose the greatest risk to the organization. Without this, the security team can’t appropriately prioritize which vulnerabilities should be remediated first.

      Join Kenna Security for our next webinar - “Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprise Organizations,” with Jon Oltsik, senior principal analyst at ESG and Karim Toubba, CEO of Kenna Security.

      In this webinar, we’ll cover:

      - Findings from the July 2017 ESG Research Report, Cybersecurity Analytics and Operations in Transition
      - The challenges facing leadership teams in traditional methods of vulnerability management
      - Why more security data doesn’t always lead to better decisions
      - How the Kenna Security Platform can enable you take a risk-based approach to vulnerability management and help teams work cross-functionally to prioritize and mitigate cyber risk

      Discover the next wave of risk-based reporting and gain operational efficiency to maximize return on your risk mitigation efforts.

      Read more >
    • Accudata's White-Hat Files | August 2018 Edition
      Accudata's White-Hat Files | August 2018 Edition Anton Abaya, CISA, PCI QSA, Senior Consultant Recorded: Aug 22 2018 4:00 pm UTC 16 mins
    • Our fourth White-Hat File is once again from Anton Abaya, CISA, PCI QSA, Senior Consultant in Accudata’s Risk and Compliance practice.

      In the July edition, Anton talked about his expertise with physical social engineering. In this 15-minute webinar, he’ll describe the most effective ways he uses online phishing techniques to break into corporate networks—and how you can ensure these remote attacks don’t work on your employees.

      To register for the September edition of the White-Hat Files, copy and paste this link: https://www.brighttalk.com/webcast/16347/333750?utm_source=Accudata+Systems&utm_medium=brighttalk&utm_campaign=333750

      Read more >
    • How to Lower Vulnerability Risk of DevOps SDLC  w/ Continuous Security Testing
      How to Lower Vulnerability Risk of DevOps SDLC w/ Continuous Security Testing Ron Peeters, Managing Director EMEA, Synack Recorded: Apr 24 2018 7:00 am UTC 52 mins
    • DevOps allows organizations to bring web and mobile applications to life faster than traditional SDLC. However with more frequent application updates, there is increased risk of introducing exploitable vulnerabilities to the production stream that won't get detected.

      Traditional penetration testing can't keep up with the frequency and such short deployment cycles and due to its compliance based nature is not comprehensive enough to mimic increasingly sophisticated cyberattack behavior. The result is many high-profile breaches and an increase of serious, exploitable vulnerabilities in live applications.

      Leading organizations are moving towards a security testing model that combines continuous vulnerability scanning tools with continuous manual testing. The manual security testing is performed by international top class Security Researchers who perform offensive and adversarial-based testing that more closely resembles real attack traffic and better aligns with DevOps SDLC.

      Join this webinar led by Ron Peeters, Managing Director of Synack, to learn more about how continuous application security testing lowers the risk of dynamic deployments with DevOps SDLC Synack’s continuous, offensive security testing model better supports DevOps SDLC and lowers the risk of being breached.

      Read more >
    • What Your Vulnerability Scanner is Not Telling You
      What Your Vulnerability Scanner is Not Telling You Anand Paturi and Barry Cogan Recorded: Dec 14 2017 7:30 pm UTC 41 mins
    • A recent, significant data breach in 2017 has caused people to take a deeper look into Apache Struts vulnerabilities. This weakness emphasized the impending risks for Apache Struts-based applications. Even today, scanners do not detect all known vulnerabilities. As of November 2017, the leading scanners still missed 14 total unique Common Vulnerabilities and Exposures (CVEs).

      In this webinar, we will analyze Apache Struts-related vulnerability weaponization patterns spanning the last decade. We will also provide insight into exploit patterns through a live exploit demonstration and explain how these patterns can define an organization’s risk management strategy.

      Hear from RiskSense’s Anand Paturi (VP of Research and Development) and Barry Cogan (Senior Security Analyst) as they guide us through the live demonstration and provide insights into exploit patterns
      and how attacks can be avoided.

      Read more >
    • Risk-Ranking Open Source Vulnerabilities
      Risk-Ranking Open Source Vulnerabilities Mike Pittenger, VP Security Strategy, Black Duck Recorded: Jan 19 2017 4:00 pm UTC 43 mins
    • Increase security effectiveness and maintain dev agility

      Three certainties in 2017: organizations worldwide will continue to increase their use of open source software; new open source security vulnerabilities will be discovered; exploits of open source vulnerabilities will occur.

      With dev teams under constant pressure to accelerate application delivery and with security resources often scarce, organizations need more effective ways to determine which open source vulnerabilities to fix first and the options available to reduce risk during remediation.

      Join Black Duck VP of Security Strategy Mike Pittenger as he discusses strategies and emerging best practices for risk-ranking open source vulnerabilities. He will cover:
      - the most important considerations in prioritizing open source security issues
      - ways to determine the risk associated with a discovered open source vulnerability
      - options for dealing with open source security vulnerabilities beyond simply replacing the component

      Read more >
    • The State of Open Source Vulnerabilities Management
      The State of Open Source Vulnerabilities Management Rami Elron, Senior Director of Product Management at WhiteSource Recorded: Nov 21 2018 1:00 pm UTC 51 mins
    • The number of open source vulnerabilities hit an all-time record in 2017 with 3,500 reported vulnerabilities - that's 60% higher than the previous year, and the trend continues in 2018.

      Since it’s impossible to keep up with today’s pace of software production without open source, development and security teams are challenged to meet security objectives, without compromising on speed and quality.

      It's time for organizations to step up their open source security game. Join WhiteSource's Senior Director of Product Management, Rami Elron, as he discusses:

      - the current state of open source vulnerabilities management;
      - organizations' struggle to handle open source vulnerabilities; and
      - the key strategy for effective vulnerability management.

      Read more >