As a security professional, information sharing with other organizations is big part of your job. However, when it comes to information about attacks and vulnerabilities, there are limited accepted resources—leaving knowledge sharing to an informal process with only a few select contacts.
Now you can get better information about the top vulnerabilities that need your attention and what to do about them. Learn more about the US-CERT Top 30, a publication that provides guidance in the vulnerability field.
Join this webcast for a closer look, so you can:
> Learn about the top 30 vulnerabilities — that comprise most of targeted attacks against critical infrastructure
> Understand how the US-CERT condenses — security data into a single report
> Apply and implement recommendations — against your infrastructure
> Share this new data point with your colleagues — at other companies
As we enter 2017, there is one certainty we all can have: we will continue to see costly breaches driven by the exploitation of well-known vulnerabilities. In this webinar, Marcelo Pereira will talk about the challenges that stop organizations implementing effective best practices for vulnerability and patch management and suggest New Year’s resolutions related to Software Vulnerability Management that can help prioritize activities to effectively keep hackers away from your systems.Read more >
In this webinar, Carlos Krause, Modulo’s lead technical consultant, will identify key challenges and pitfalls most vulnerability management programs face, including how to:
*Understand the main components and steps of an efficient vulnerability management program
*Define requirements and criteria for scoping, collecting, analyzing, evaluating, accepting, and treating vulnerabilities
*Identify the pitfalls of a typical vulnerability management implementation
To learn more about best practices and action items to improve your vulnerability management process and reduce enterprise risk, join us for Part II on Thursday December 18 at 11:30am ET.
Is your vulnerability management program vulnerable? If you are unsure or answered “yes," sign up to join Carlos Krause, Modulo’s lead technical consultant for Part 2 of this two-part webinar series.
In Part 1, Carlos identified key challenges and pitfalls most vulnerability management programs face. In Part 2, he will outline best practices and action items to improve your vulnerability management process, including how to:
*Integrate your vulnerability management program with the risk and compliance actions in the organization
*Harmonize vulnerability metrics with other programs and assessments
*Represent risks in a business language
*Plan and deploy a successful implementation
Carlos Krause presented this topic at ISACA ISRM 2014 at a record-setting Megatrend Session. Due to its popularity, we wanted to bring it to you in a webinar series. Don’t miss out!
Vulnerability management is a necessary instrument for threat and risk reduction in enterprise environments. Yet, many organizations struggle to put a program in place that provides value to the enterprise beyond baseline compliance requirements. This is often due to challenges in three key areas of vulnerability management: discovery, prioritization, and remediation.
In this webinar, guest speaker, Forrester Research’s Kelley Mak, will provide insight on how enterprises can activate the full potential of their vulnerability management programs. Together with Flexera Software’s Marcelo Pereira, he will discuss how to combine principles of vulnerability management to other areas of operations management to efficiently improve security baseline.
Every year, Secunia Research at Flexera Software releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Personal Software Inspector user base.
The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.
In this webinar, Director of Secunia Research at Flexera Software, Kasper Lindgaard will discuss the data presented in the Vulnerability Review 2016 and answer questions. The review itself is released on March 16.
-The number of vulnerabilities and zero-days detected in 2015
-How quick vendors are to respond to vulnerabilities
-Which programs have the most vulnerabilities
If you think pentesting is sexy, think again. Pentesting is mostly pointless if you have don't have the foundational backing of vulnerability information. Amar makes a bold claim and that is that Vulnerability scanning can be as important and sometimes more fun than running a pentest with some free tools. Yes, hacking maybe fun but if you really want to lower your risk exposure you need to get on top of vulnerabilities. Come and listen to Amar Singh as he shares the secrets of how to make your security assessments delivery maximum value within the shortest period of time.Read more >
Flexera Software just released Vulnerability Intelligence Manager 2016 - the first of the former Secunia products to be released under the Flexera Software brand.
Join us for an introduction and demo of Vulnerability Intelligence Manager 2016 and learn how the intelligence from Secunia Research and the functionality of the product can help your organization effectively reduce the attack surface for cybercriminals and hackers!
This webinar is focused on a strategic view of risk mitigation:
Vulnerabilities in commercial software remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or the enabler of privileges escalation inside networks.
Despite awareness of the risk, and the fact that most software vulnerabilities have a fix the day they are made public, organizations continue to fail to execute mitigation actions. The consequence is that we continue to see costly breaches affecting businesses around the globe.
In this webinar, Marcelo will talk about how the use of vulnerability intelligence can be a game changer to help organizations become better at mitigating the risk of software vulnerabilities.
-Fresh data related to software vulnerabilities
-The challenge of prioritizing mitigation
-How the use of vulnerability intelligence can help support consistent risk reduction
This webinar is for business leaders who wish to understand vulnerabilities on commercial software and how they can impact organizations:
Software vulnerabilities remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or as the enabler of privileges escalation inside networks.
This webinar demystifies software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.
-What is a software vulnerability
-How a software vulnerability becomes a threat
-A glimpse of how threats multiply
-How closing vulnerabilities impacts risk reduction
Vulnerability Management is one of the first chapters in security, yet something that most of us still struggle with.
Our favorite is this one liner from the Verizon 2016 Data Breach Investigations Report. "Vulnerability management has been a Sisyphean endeavor for decades" (as per Greek mythology - Sisyphean was a king who was cursed to roll a large boulder up a hill, only to watch it come back to hit him, repeating this action for eternity.)
Unlike in the Greek times, today there is lot of data that can help. In-fact there is an overwhelming quantity of vulnerability and threat information available. The challenge is what to do with it in order to help mitigate risk better.
How do you pick the ones that are relevant to your specific case, How you action upon it and How you manage your remediation cycle before the next one hits you.
It is a game where the odds are always stacked up against you and you are always running to catch-up, to be repeated again in the next cycle.
How to change this ?
In this webinar we talk about Vulnerability Intelligence, and why and how it can help make Analytics really work in managing your vulnerability management cycles better.
In simple cybersecurity language - Vulnerability Management is all about identifying and fixing critical security vulnerabilities in your IT infrastructure. But it is easier said than done due to the following 2 main challenges:
1. WHAT are the right vulnerabilities to fix?
There is a deluge of information regarding vulnerabilities, threats and exploits out there, and it is a struggle to know what is relevant to my context. My organization. CVSS scores don't necessarily reflect the criticality to my assets.
2. HOW to fix them quickly?
Once you manage to identify the right vulnerabilities to fix, the challenge is to get it done quickly, given the large set of assets and dependencies on multiple distributed teams to fix things.
It is like we are always running to catch-up - the typical hamster wheel of Vulnerability Management - you are continuously working hard, but never get there, no matter how hard you try. And before you complete one cycle, the next one hits you!
In this webinar we will talk about the challenges in more detail and how using a combination of vulnerability intelligence, analytics, AI and smart workflows, you can make it work for you, so that you can get off that hamster wheel once and forever.
Increase security effectiveness and maintain dev agility
Three certainties in 2017: organizations worldwide will continue to increase their use of open source software; new open source security vulnerabilities will be discovered; exploits of open source vulnerabilities will occur.
With dev teams under constant pressure to accelerate application delivery and with security resources often scarce, organizations need more effective ways to determine which open source vulnerabilities to fix first and the options available to reduce risk during remediation.
Join Black Duck VP of Security Strategy Mike Pittenger as he discusses strategies and emerging best practices for risk-ranking open source vulnerabilities. He will cover:
- the most important considerations in prioritizing open source security issues
- ways to determine the risk associated with a discovered open source vulnerability
- options for dealing with open source security vulnerabilities beyond simply replacing the component
Wishful thinking or a cursory security assessment may have worked in the past but dealing with persistent and advanced threats requires an equally sophisticated and mature approach.
While APT’s are on the rise and the use of zero-day vulnerabilities can be one of the weapons for such attacks, reality is that the large majority of incidents – advanced or not – occur using known vulnerabilities. Resolving these is, therefore, paramount to reducing the attack surface for cyber criminals.
Join Amar as he shares his tips on adopting a mature and continuing vulnerability management process that can help organizations reduce risk and be better prepared to respond to APT’s.
Cybersecurity incident disclosures and vulnerability warnings continue to be released at an alarming and fatiguing rate, and there aren’t any signs of breach activity slowing down. Vulnerability management is more important than ever, yet staying on top of vulnerabilities poses a major challenge for security and risk (S&R) professionals.
In this webinar, guest speaker, Forrester Research’s Kelley Mak, will provide insight on how S&R pros can repair their strained or broken vulnerability management processes and move past low impact checkbox scanning to proactive, risk-based assessments.
Following Kelley Mak’s presentation on the changes in vulnerability management, Secunia’s CTO Santeri Kangas will present Secunia’s take on the challenges of vulnerability management and how the Secunia VIM, our Vulnerability Intelligence Manager, helps organizations address those challenges.
The need to prioritize vulnerability management (VM) is greater than ever as IT security teams become overwhelmed with trying to protect against every threat that pops up. Organizations that understand the varying risks across vulnerabilities can focus on resolving dangerous exploitation, and avoid wasting crucial time addressing insignificant ones.
We invite you to attend the “Improving on 'Whack-a-Mole' Vulnerability Management” webcast featuring guest speaker Joseph Blankenship, Senior Analyst at Forrester, and Jimmy Graham, Director of Product Management at Qualys.
The following topics will be discussed during the webcast:
* Forrester data trends and insights from real-world client scenarios
* Why vulnerability management needs to be prioritized and elevated
* How Qualys ThreatPROTECT shows you what to remediate first (led by Qualys)
This webcast includes a live Q&A.
Every year, Secunia Research releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Secunia Personal Software Inspector (PSI) user base.
The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.
In this webinar, Secunia’s Director of Research and Security Kasper Lindgaard will discuss the data presented in the Secunia Vulnerability Review 2015 and answer questions.
The review itself was released on March 25.
You can download a copy of the review on our website:
- The number of vulnerabilities and zero-days detected in 2014
- How quick vendors are to respond to vulnerabilities
- Which programs are more vulnerable
- How products bundled with open source applications and libraries affect security
Dealing with a large number of IT vulnerabilities is an issue for most organizations. Only 10 Common Vulnerabilities and Exposures (CVEs) account for 97% of the exploits*. Clearly, it is vital for you to identify which of your vulnerabilities are the most critical to address first with fast, effective remediation.
Qualys’ newest solution ThreatPROTECT correlates vulnerability data with a Live Threat Intelligence Feed from multiple industry sources, providing customers with an easy-to-understand dashboard that provides clear insight into which vulnerabilities to fix first.
During this webcast presenters Wolfgang Kandek, and Tim White, will show you how you can use ThreatPROTECT to:
* Quickly identify your most important assets and critical vulnerabilities
* Prioritize remediation efforts so you know which vulnerabilities to tackle first
* Eliminate the guesswork with real-time correlation of active threats
This webcast includes a live demo and a Q&A.
It’s that time of year again: RSA Conference 2017 is upon us. The trends in the security industry are moving more quickly than ever, and the newest methods of preventing cyberattacks have quickly shifted away from solely building walls of defense and into analytics of the data gathered about your network and the way users and attackers use it.
But what about the tried and true methods for thwarting hackers like traditional Vulnerability Management programs? Many organizations have allowed their VM programs to languish and become ineffective because it’s often seen as too old of a technology and too difficult to make successful.
But that’s only because they’ve really never done it right.
Join Nathan Wenzler, Principal Security Architect at AsTech Consulting, to learn why Vulnerability Management is still a critically key component to a successful security program.
This discussion will highlight:
- The issues that lead companies to ignore their VM programs
- Real-world examples and case studies of solutions you can use to resurrect one of the best tools in your security arsenal
About the Presenter:
Nathan Wenzler is the Principal Security Architect at AsTech Consulting, a leading information security consulting firm. Wenzler has nearly two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations.
All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself.Read more >
As a security professional, getting to know your current vulnerability data from your mobile workforce is a difficult task. If the mobile devices are not on the network at the time of your scan, or if you do not schedule a scan for the devices specifically, your data could become out of date by weeks or even months.
During this webcast, Corey Reed from Synovus Bank and Wolfgang Kandek from Qualys will discuss how Qualys Cloud Agent has helped Synovus Bank to:
* Perform frequent vulnerability scans for all internal and external assets.
* Receive faster notification and remediation for zero day and critical threats.
* Improve their vulnerability analysis and security patching programs by providing data that can be used to prioritize patch distribution.
Build an Active Application Defense System
Web applications accounted for an astounding 40% of last year’s security breaches. The challenges of securing legacy systems, third-party apps, and the extensive shadow IT landscape can be challenging, to put it mildly.
But here’s the good news: The combined F5 and WhiteHat Security approach to web application security represents a powerful new way for organizations to defend against application-level attacks.
Companies are constantly developing new applications, and it’s expensive to stop and patch as soon as a new vulnerability is found. Additionally, it may not be practical to remediate every finding due to issues with legacy code, third-party integrations, or other inherited limitations.
But the integration of F5 Networks and WhiteHat Security technology helps you more quickly identify and remediate vulnerabilities in your web applications. By automating updates to the web application firewall, you can ease the burden of management and reduce costs, while ensuring that your security posture remains strong.
Managing risk must start with reducing the cracks and holes through which unwelcome visitors can gain access to any valuables you want to protect.
Software vulnerabilities are often the entry points used by cybercriminals to get into organizations and escalate attacks. For that reason, having a comprehensive overview and accurate information on software vulnerabilities is one of the critical factors to assess risk and prioritize the actions that will have a strong and consistent impact on reducing the attack surface.
The immediate result of managing software vulnerabilities is the proactive reduction of risk, but there is another, often overlooked, benefit for organizations. Less cracks and holes means less noise for those who monitor environments for incidents and are responsible for responding to them. The outcome is improved accuracy, faster responses and lower cost.
In this webinar we explain the intelligence that goes into managing software vulnerabilities, how it differs from basic information about vulnerabilities and how organizations can benefit from intelligence to become more secure.
To effectively prioritize and remediate the most critical vulnerabilities threatening your organization, you need to combine internal asset risk evaluation with external real-time exploit and threat intelligence to create the most accurate picture of incidence and impact.
Join this webcast to learn how Qualys and Brinqa provide all the tools you need to dramatically improve the effectiveness and performance of your vulnerability management program, including :
* Leveraging asset risk and context during vulnerability prioritization
* Effective remediation through automated, risk-centric remediation policies
* Business risk and exposure reporting for primary stakeholders