The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
Register for this webcast for insight into the changing demands on vulnerability management programs.
[Webinar] Vulnerability Risk Management - Lessons From the Trenches
One of the largest retailers in the world, top 5 medical insurance firm, largest US electric utilities provider - these are just some of the industry leaders that rely on Brinqa Vulnerability Risk Management to secure their critical assets. How do these cybersecurity organizations - representing some of the most complex, diverse and vast technology ecosystems in the world - tackle the most pressing vulnerability management problems of today?
Join us as we share lessons learned from down in the trenches of vulnerability risk management :
How top risk leaders and organizations approach risk prioritization
How to reduce remediation overhead while improving effectiveness
How you can gain insights into emerging threats like Meltdown and Spectre
How to future-proof your vulnerability risk management program
Vulnerability management is consistently ranked among the top priorities for information security organizations. With an ever-growing attack surface and increasingly sophisticated malicious actors, traditional approaches to vulnerability management are struggling to keep pace with the changing threat landscape. Inconsistent, inefficient, manual processes to analyze, triage and remediate vulnerabilities doom many organizations to a never-ending game of catch-up.
In this webinar, we’re going to explore a strategy that can help organizations break out of ‘whack-a-mole’ vulnerability management cycles and begin to secure their IT infrastructure proactively : Automation.
Join this webinar to learn how you can automate large parts of the vulnerability risk management process, including:
* Create accurate asset and vulnerability repositories
* Prioritize vulnerability risk based on business context and threat intelligence
* Group vulnerabilities into tickets, assign ownership and enforce SLAs
* Engage and inform all stakeholders
Welcome to the White Hat Files – a monthly series where the best white hat hackers give you what you need to know about the threat landscape.
Our first White Hat File comes from Josh Berry, who holds OSCP, CISSP, and GIAC certifications.
In this 15-minute webinar, he’ll give you the rundown on Accudata’s most-seen vulnerabilities, as well as best practices you can use to defeat attackers looking to dissect and destroy your business.
Join us for our next edition in June! Register here: https://www.brighttalk.com/webcast/16347/322209?utm_source=Accudata+Systems&utm_medium=brighttalk&utm_campaign=322209
Join us for this webinar as we discuss the visual language necessary to communicate with all the varied stakeholders that are impacted by or part of the vulnerability risk management process: business users, application owners, IT administrators, security professionals, compliance regulators, and others.
We will discuss the data analysis necessary to create and communicate different types of metrics, including :
Business Exposure: What risks are different business entities exposed to due the vulnerabilities?
Vulnerability Impact: How do different technologies and various types of vulnerabilities contribute to risk?
Remediation Performance: How effective and efficient are current remediation efforts?
In this webinar you will:
- Learn how BitSight Security Ratings is transforming the market for Cybersecurity risk management;
- Understand the importance of the underlying Data Quality for an accurate understanding of a company’s exposure to Cybersecurity Threats;
- Find out how an organisation is using BitSight to gain better visibility, collaboration and monitoring of their cyber risk posture.
- Rui Serra, Senior Product Manager, at BitSight Technologies
- Tiago Pereira, Threat research Team Lead at Bitsight Technologies
- BitSight Technologies Customer
A single weak point in a line of code can create an open door for attackers. Threats originating from applications are now more pervasive than ever. We believe that the best defense against application vulnerabilities is a good offense.
In this webinar, we will share results from our recent primary research study that reveals:
• The top five application security risks
• Where these risks originate
• How to remediate these risks
• Best practices to protect your business, protect your customers
With an average of 40 new vulnerabilities emerging every single day, to say that staying ahead of the latest threats is a challenge is an understatement.
Today, organizations are generating an unprecedented amount of data, and with that data, comes thousands, if not millions, of vulnerabilities. Unfortunately, it’s simply impossible for any organization to remediate every single one and ensure 100% coverage of its attack surface.
But that’s where the capability to predict exploits comes into play..
Join us and the Cyentia Institute for our next webinar: From Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies. Fueled by the first-of-its kind research findings from Kenna Security and the Cyentia Institute, we’ll cover:
- The quantitative effectiveness between common remediation strategies and a cutting-edge predictive model
- A detailed review of the data sources available for building or improving decision models for vulnerability remediation
- A discussion of the vulnerability lifecycle and examination of the timelines and triggers surrounding key milestones
- Identification of the attributes of vulnerabilities that correlate with exploitation
Deliver efficiency in your people, tools, time, and dollars to address the threats that pose the greatest risk. Register now.
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
The key to effectively reducing the attack surface is remediating exactly the right vulnerability or weakness that will be used by the adversary. While the idea is simple enough, executing on it has proven to be one of the largest challenges facing enterprises.
The impact of this lack of visibility into the attacker journey is that vulnerability remediation strategies are likely unaligned, and therefore ineffective.
There’s no data that supports the hypothesis to align early weaponization to breaches, which makes it hard to know when it is the ideal time to fix the vulnerability or weakness.
Vulnerability prioritization and weaponization prediction must be fueled with data and domain expertise. Fixing thousands of vulnerabilities is not enough. We need to make sure we are fixing the right vulnerabilities, at the right time. In this talk we will cover:
• Quantitative and Qualitative: details on RiskSense threat dataset and data sources that allows us to uniquely separate “signal” from “noise”.
• Unprecedented visibility into attack validation data: from over 10+ years, this enables us to reconstruct the complete attacker journey and understand time-based patterns.
• Insights into Vulnerability life cycle: weaponization and breach latency. This will allow us to determine no engagement vs. engagement from a remediation standpoint.
• Attributes and variables: used for Machine Learning to predict Weaponization and Breach Susceptibility
This presentation will be given by Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense. RiskSense’s team was the first to predict WannaCry and has since released Koadic Post Exploitation Command & Control.
Vulnerabilities are an inevitable part of software development and management. Whether it’s open source or custom code, new vulnerabilities will be discovered as a code base ages. A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe. As the number of disclosures, patches, and updates grows, security professionals must decide which items are critical and must be addressed immediately and which items can be deferred.
Join Black Duck’s VP of Security Strategy, Mike Pittenger, for a 30-minute discussion of best practices in open source security and vulnerability management. You’ll learn:
- Methods for determining which applications are most attractive to attackers, and which pose the greatest risk
- Ways to assess the risk associated with a disclosed open source vulnerability
- Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made
Vulnerability scan data can only provide insight into the existence of vulnerabilities in your infrastructure. To prioritize remediation efforts, it’s essential to have additional information about the impacted assets and the environment in which they exist. Building “queryable infrastructure” allows you to have a real-time snapshot of which vulnerable assets are exposed or are adequately protected by compensating controls. The addition of threat intelligence feeds further helps to narrow focus, as knowing how a vulnerability can be exploited will reveal which systems are most likely to be attacked.
In this webinar you will learn:
What blind spots can be left by scanning and how to fill in the holes
Why it’s important for vulnerability management solutions to be vendor agnostic and able to merge and centralize data
How to use queryable infrastructures in vulnerability management processes
How automation simplifies the maintenance of a queryable infrastructure and risk-based vulnerability analysis
Join Skybox Security Global Director of Technical Product Marketing Sean Keef and featured speaker Josh Zelonis, Forrester senior analyst, in a webinar that considers why “queryable infrastructure” is crucial to effective, informed vulnerability management.
Cyber risk management is no easy task. Why? Because while security teams may know about these vulnerabilities, they often lack the right amount of context to determine which vulnerabilities pose the greatest risk to the organization. Without this, the security team can’t appropriately prioritize which vulnerabilities should be remediated first.
Join Kenna Security for our next webinar - “Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprise Organizations,” with Jon Oltsik, senior principal analyst at ESG and Karim Toubba, CEO of Kenna Security.
In this webinar, we’ll cover:
- Findings from the July 2017 ESG Research Report, Cybersecurity Analytics and Operations in Transition
- The challenges facing leadership teams in traditional methods of vulnerability management
- Why more security data doesn’t always lead to better decisions
- How the Kenna Security Platform can enable you take a risk-based approach to vulnerability management and help teams work cross-functionally to prioritize and mitigate cyber risk
Discover the next wave of risk-based reporting and gain operational efficiency to maximize return on your risk mitigation efforts.
Our fourth White-Hat File is once again from Anton Abaya, CISA, PCI QSA, Senior Consultant in Accudata’s Risk and Compliance practice.
In the July edition, Anton talked about his expertise with physical social engineering. In this 15-minute webinar, he’ll describe the most effective ways he uses online phishing techniques to break into corporate networks—and how you can ensure these remote attacks don’t work on your employees.
To register for the September edition of the White-Hat Files, copy and paste this link: https://www.brighttalk.com/webcast/16347/333750?utm_source=Accudata+Systems&utm_medium=brighttalk&utm_campaign=333750
DevOps allows organizations to bring web and mobile applications to life faster than traditional SDLC. However with more frequent application updates, there is increased risk of introducing exploitable vulnerabilities to the production stream that won't get detected.
Traditional penetration testing can't keep up with the frequency and such short deployment cycles and due to its compliance based nature is not comprehensive enough to mimic increasingly sophisticated cyberattack behavior. The result is many high-profile breaches and an increase of serious, exploitable vulnerabilities in live applications.
Leading organizations are moving towards a security testing model that combines continuous vulnerability scanning tools with continuous manual testing. The manual security testing is performed by international top class Security Researchers who perform offensive and adversarial-based testing that more closely resembles real attack traffic and better aligns with DevOps SDLC.
Join this webinar led by Ron Peeters, Managing Director of Synack, to learn more about how continuous application security testing lowers the risk of dynamic deployments with DevOps SDLC Synack’s continuous, offensive security testing model better supports DevOps SDLC and lowers the risk of being breached.
Our third White-Hat File comes from Anton Abaya, CISA, PCI QSA, Senior Consultant in Accudata’s Risk and Compliance practice.
In this 15-minute webinar, he’ll describe the most effective ways he’s used social engineering and phishing techniques to crack into companies, as well as the best practices you can implement to ensure these attacks don’t work on your business.
Register for the August edition of the White-Hat Files here: https://www.brighttalk.com/webcast/16347/330367
How do you handle risk assessment and vulnerability management for IoT when multiple security patterns need assessment? There is a new frontier for security that requires breaking conventional control and mitigation assumptions before a Frankenmonster rises from your IoT project.
In this webinar, RiskSense CEO and Co-Founder Dr. Srinivas Mukkamala will discuss:
- The assessment of chaining together multiple vulnerabilities and the potential exploit path through flexible and fractured design components for IoT.
- Consideration for dynamically changing devices and utilization models that break traditional security and risk assessments.
- IoT risk and the growing need to incorporate threat data, unintentional device use-cases, and the mechanisms to keep constant control of the devices themselves.
Too many vulnerability management programs operate on incomplete or out-of-date scan data. What’s more, this data is rarely if ever correlated to their host’s place in the network, meaning efforts can be wasted on remediating already protected vulnerabilities while ignoring those left exposed to attack.
To have a real impact on lowering your risk of cyberattack, organizations need to centralize and analyze data from their entire attack surface to narrow focus on the vulnerabilities most likely to be used in a cyberattack.
In this webinar, you will learn:
-What scanners miss in discovery, prioritization, remediation and oversight processes and how to fill in the gaps
-How the intersection of your assets, networks, business and the threat landscape impact vulnerability risk
-Why context-based approaches target remediation at your riskiest vulnerabilities and help identify patching alternatives
-Insights from Skybox’s 2018 Vulnerability and Threat Trends Report mid-year update
Join Alastair Williams, EMEA technical director for Skybox Security, as he explores how to get more value out of your data, visualize your attack surface and centralize vulnerability management to systematically reduce your risk of cyberattack.
As a security professional, information sharing with other organizations is big part of your job. However, when it comes to information about attacks and vulnerabilities, there are limited accepted resources—leaving knowledge sharing to an informal process with only a few select contacts.
Now you can get better information about the top vulnerabilities that need your attention and what to do about them. Learn more about the US-CERT Top 30, a publication that provides guidance in the vulnerability field.
Join this webcast for a closer look, so you can:
> Learn about the top 30 vulnerabilities — that comprise most of targeted attacks against critical infrastructure
> Understand how the US-CERT condenses — security data into a single report
> Apply and implement recommendations — against your infrastructure
> Share this new data point with your colleagues — at other companies
Increase security effectiveness and maintain dev agility
Three certainties in 2017: organizations worldwide will continue to increase their use of open source software; new open source security vulnerabilities will be discovered; exploits of open source vulnerabilities will occur.
With dev teams under constant pressure to accelerate application delivery and with security resources often scarce, organizations need more effective ways to determine which open source vulnerabilities to fix first and the options available to reduce risk during remediation.
Join Black Duck VP of Security Strategy Mike Pittenger as he discusses strategies and emerging best practices for risk-ranking open source vulnerabilities. He will cover:
- the most important considerations in prioritizing open source security issues
- ways to determine the risk associated with a discovered open source vulnerability
- options for dealing with open source security vulnerabilities beyond simply replacing the component
To effectively prioritize and remediate the most critical vulnerabilities threatening your organization, you need to combine internal asset risk evaluation with external real-time exploit and threat intelligence to create the most accurate picture of incidence and impact.
Join this webcast to learn how Qualys and Brinqa provide all the tools you need to dramatically improve the effectiveness and performance of your vulnerability management program, including :
* Leveraging asset risk and context during vulnerability prioritization
* Effective remediation through automated, risk-centric remediation policies
* Business risk and exposure reporting for primary stakeholders