Detecting and Addressing Unsafe SSL Configurations
As a security professional, you are on constant alert for external threats. But many breaches are caused internally by incorrect configuration of IT resources, including SSL. To help improve how encryption is used, Qualys created a research project called SSL Labs to address two major problems of the ecosystem: lack of tools and documentation.
RecordedMar 26 201564 mins
Your place is confirmed, we'll send you email reminders
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast, SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), will discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation will encompass:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
This webcast will include a demo and Q&A session with the speakers.
Mark Butler Chief Information Security Officer, Qualys and Hari Srinivasan Director, Product Management, Cloud and Virtualiza
Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure. To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.
In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security will detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.
The presentation will cover:
> Challenges surrounding increased migration to public clouds
> Using automation for secure DevOps
> How to ensure effective and efficient operations
This webcast will include a Q&A session, as well as a live demonstration of how to deploy Qualys seamlessly and deeply into public cloud environments with new features.
Jonathan Osmolski, Enterprise Records & Information Governance, Pekin Insurance & Hariom Singh, Product Management Qualys
Security assessments drastically reduce your organization’s risk of suffering a data breach by identifying poor InfoSec and privacy practices among vendors, partners, contractors, and other third parties.
For most businesses, these assessments are a slow, unscalable, manual process that strains InfoSec teams and creates a backlog of security evaluations.
During this webcast, Jonathan Osmolski, Manager of Enterprise Records and Information Governance at Pekin Insurance, and Hariom Singh, Director of Product Management for Qualys Security Assessment Questionnaire (SAQ) will show you how you can free your organization from unreliable and labor-intensive manual processes, and optimize the accuracy of audit results.
You will learn how Pekin Insurance:
> Replicated its manual 76-question assessment process within SAQ’s web-based UI in just two hours
> Simplified the design, distribution, tracking, and analysis of multiple vendor risk assessment campaigns
> Gained improved visibility into its compliance performance metrics
Increased the overall productivity and efficiency of its InfoSec team
This webcast will include a live demo and Q&A session.
Jimmy Graham, Director of Product Management, Qualys
The WannaCry ransomware virus has wreaked havoc on hundreds of thousands of computers around the world since the outbreak began on May 12. This virus exploits vulnerabilities in Microsoft Windows XP and 2003, encrypting files and demanding that users pay a ransom to regain access. Determining whether the vulnerability exists within your global IT environment can be a daunting task, and existing enterprise security solutions are slow to deploy.
Jimmy Graham, Director of Product Management for ThreatPROTECT at Qualys, will demonstrate how you can:
• Identify, track, and remediate assets susceptible to critical vulnerabilities, including WannaCry and the recent Samba exploit
• Create dashboards and reports to visualize the impact of assets in real time and track your remediation efforts
• Institute threat-prioritized remediation processes to mitigate current and future risks
This webcast will include a Q&A session with the speaker.
Darron Gibbard, Managing Director, EMEA North at Qualys & Jonathan Armstrong, Partner at Cordery
This is a must-attend webcast for anyone working for an organisation within Europe and responsible for the security of personal data.
You are probably already thinking about the EU General Data Protection Regulation (GDPR) and the huge potential fines of €20m or 4% of annual worldwide turnover.
For organisations headquartered across EMEA, GDPR is a key focus for the next 12 months as the 25 May 2018 deadline approaches. Qualys solutions can help your organisation prepare and comply with GDPR.
During this webcast, Jonathan Armstrong, Compliance and Technology Lawyer, Partner at Cordery, will answer any compliance questions and highlight the key areas to consider. Darron Gibbard, Managing Director, EMEA North at Qualys, will show you how to know and control your data, assets and suppliers.
You will get practical advice on:
- What you need to focus on: data, assets, suppliers
- Who you should involve: key stakeholders and departments
- How you can automate processes with Qualys Security Assessment Questionnaire
Vikas Phonsa, Product Management, Qualys WAF and Frank Catucci, Product Management, Qualys WAS
Web application security is becoming increasingly complex due to the continuously evolving threat landscape, the diverse nature of web applications, and the broad range of systems needed to manage security.
Qualys simplifies web app security with an end-to-end solution.
During this webcast, presenters Vikas Phonsa and Frank Catucci will show you how you can:
* Scan your apps using Qualys Web Application Scanning (WAS)
* Deploy one-click virtual patches for detected vulnerabilities in Qualys Web Application Firewall (WAF)
* Manage it all from a centralized, cloud-based portal
Jimmy Graham, Director of Product Management, Qualys and Mark Butler, Chief Information Security Officer, Qualys
A major ransomware attack using a leaked NSA exploit known as “WannaCry” has hit more than 150 countries since May 12. More than 200,000 infections globally have been detected and the attack, which uses the WannaCry (WanaCrypt0r 2.0) ransomware, continues to spread.
WannaCry utilizes the ETERNALBLUE exploit targeting newly disclosed vulnerabilities (MS17-010). Once leaked, it took only 28 days for this exploit to be used in a full-scale cyber attack. Organizations that scan for vulnerabilities only monthly or less frequently can still be at risk.
During this webcast Jimmy Graham, Director of Product Management at Qualys, and Mark Butler, Chief Information Security Officer at Qualys, will discuss how to:
• Patch and implement other mitigations for WannaCry
• Detect and get full visibility on impacted assets for prompt remediation
• Institute threat-prioritized remediation processes to mitigate current and future risks
Jimmy Graham, Director, Product Management, AssetView and Darron Gibbard, Chief Technical Security Officer EMEA, Qualys
In today’s perimeterless world, enterprise security teams are challenged with maintaining visibility and control over the exploding number of assets on their networks.
The IT assets that pose the greatest risk to your organization’s security are the ones you don’t know are there. Lack of visibility into your IT environment undermines the foundations of your enterprise security and compliance infrastructure and puts your organization at serious risk of a breach. Without knowledge of which software and devices exist in your network — whether on-premises, on endpoints, or in elastic clouds — InfoSec professionals are unable to enact proper security and protection.
During this webcast, Jimmy Graham, Director of Product Management for Qualys AssetView and Darron Gibbard, Chief Technical Security Officer for Qualys EMEA will cover the six key elements of an ideal cloud-based IT asset inventory system:
1. Complete visibility of your IT environment
2. Deep visibility into assets
3. Continuous and automatic updates
4. Asset criticality ranking
5. Interactive, customizable dashboarding and reporting
6. Integration with your CMDB
Those of you in the EU will also be interested to learn about asset inventory for GDPR compliance.
Shailesh Athalye, Senior Manager, Compliance Research & Analysis, Qualys
Perimeterless IT infrastructure and its security is now an integral part of the operational strategies of India’s financial institutions. But the number, frequency, and impact of cyber attacks on Indian financial institutions have increased substantially, underlining the urgent need for banks to develop robust cyber security measures, and assess their security posture on a continuous basis.
The RBI Guidelines for Cyber Security assist financial institutions to achieve this through a new-era preventative security baseline.
During this webcast, Shailesh Athalye, Qualys Senior Manager, Compliance Research and Analysis, will discuss how financial institutions can easily address both the technical & procedural elements of the RBI Guidelines for Cyber Security in an automated manner using the highly scalable Qualys Cloud Platform.
Vikas Phonsa Director Product Management Web App Firewall and Frank Catucci Director Product Management Web App Scanning
A critical vulnerability has been found in Apache Struts 2, and it is being actively attacked in the wild, as hackers jump at the chance to hit high-profile targets by exploiting this critical bug.
Apache has issued an emergency security alert, classifying this as a high-risk vulnerability. If left unaddressed, organizations are at risk of remote code execution attacks, which could lead to complete system compromise.
During this webcast, Qualys Product Management Directors Vikas Phonsa (Web Application Firewall) and Frank Catucci (Web Application Scanning) will show you how Qualys' complete, end-to-end security solutions can detect and patch the vulnerability so that you can keep your business-critical information safe from attackers.
With Qualys Vulnerability Management, Web Application Scanning, and Web Application Firewall, you can find Struts in your environment quickly, comprehensively, and at scale, as well as shield your organization from Struts attacks while you identify and patch vulnerable systems.
This webcast will include a live demo and Q&A session.
Amy DeMartine, Principal Analyst, Forrester. Jason Kent, VP Web App Security, Qualys
For organizations around the world, attacks on web applications are quickly becoming the main source of data loss. As the proliferation of IoT devices complicates the web app security landscape, security teams must engage with key app development counterparts to better secure apps across new types of devices, without slowing rapid DevOps methods or adding InfoSec strain.
During this webcast, guest speakers Amy DeMartine, Principal Analyst at Forrester, and Jason Kent, VP of Web Application Security at Qualys will cover how you can:
- Secure apps at the speed of DevOps
- Utilize web security and infrastructure security assessment practices in the age of IoT
- Mitigate the risk presented by the new IoT attack surface with the help of automated testing tools and DevSecOps collaboration
This webcast will include a Q&A session with our speakers.
Alex Jones, Security Engineer, Gainsight & Dave Ferguson, Solution Architect, Qualys
During this webcast Alex Jones from Gainsight and Dave Ferguson from Qualys will discuss how Qualys has helped Gainsight to:
- Scan, discover, catalog applications on multiple cloud environments for vulnerabilities and website misconfigurations.
- Adapt to increasingly complex and new web application technologies.
- Build an easy-to-use, accurate and scalable scanning program across web application and network infrastructure.
Nick Hayes, Analyst at Forrester, Josh Hankins, Information Security Solutions Manager at 84.51°
Companies across a wide gamut of industries and regions all strive to effectively manage risk and compliance, but too few actually achieve it. As IT, business, and regulatory environments grow increasingly complex, risk and compliance pros must move past outdated processes and legacy systems to innovate and find ways to achieve higher degrees of efficiency and oversight.
During this webcast, guest speakers Nick Hayes, Analyst at Forrester, and Josh Hankins, Information Security Solutions Manager at 84.51° will cover how you can:
· Move up the maturity curve through better program coordination and technology integration.
· Establish the right metrics to build the business case and showcase continual progress.
· Bolster future success by prioritizing business agility and data mastery as top strategic objectives.
Tim White, Director of Product Management, Qualys and Hariom Singh, Subject Matter Expert, Qualys
Third-parties, partners and vendors with access to your networks and data make your organization vulnerable to breaches. Clearly, your business needs to work with third parties, but you don’t want your company to fall victim to data theft, brand damage, and possible government fines as a result, so you have to take third-party and vendor assessment very seriously.
With Qualys Security Assessment Questionnaire (SAQ) you can expand the scope of risk and compliance data beyond technical vulnerabilities to verify that third-party vendors are in compliance with emerging regulatory requirements. By automating a traditionally manual process, Qualys SAQ frees you from unreliable and labor-intensive approaches such as email and spreadsheets.
Join our complimentary webcast to learn how Qualys SAQ can help with:
* Third-Party risk assessment
* Internal Audit Management
* Security Training and Awareness
* End-to-End security compliance
Joseph Blankenship Senior Analyst, Forrester & Jimmy Graham Director, Product Management, Qualys
The need to prioritize vulnerability management (VM) is greater than ever as IT security teams become overwhelmed with trying to protect against every threat that pops up. Organizations that understand the varying risks across vulnerabilities can focus on resolving dangerous exploitation, and avoid wasting crucial time addressing insignificant ones.
We invite you to attend the “Improving on 'Whack-a-Mole' Vulnerability Management” webcast featuring guest speaker Joseph Blankenship, Senior Analyst at Forrester, and Jimmy Graham, Director of Product Management at Qualys.
The following topics will be discussed during the webcast:
* Forrester data trends and insights from real-world client scenarios
* Why vulnerability management needs to be prioritized and elevated
* How Qualys ThreatPROTECT shows you what to remediate first (led by Qualys)
Wolfgang Kandek, CTO, Qualys and Tim White Director, Product Management, Qualys
Dealing with a large number of IT vulnerabilities is an issue for most organizations. Only 10 Common Vulnerabilities and Exposures (CVEs) account for 97% of the exploits*. Clearly, it is vital for you to identify which of your vulnerabilities are the most critical to address first with fast, effective remediation.
Qualys’ newest solution ThreatPROTECT correlates vulnerability data with a Live Threat Intelligence Feed from multiple industry sources, providing customers with an easy-to-understand dashboard that provides clear insight into which vulnerabilities to fix first.
During this webcast presenters Wolfgang Kandek, and Tim White, will show you how you can use ThreatPROTECT to:
* Quickly identify your most important assets and critical vulnerabilities
* Prioritize remediation efforts so you know which vulnerabilities to tackle first
* Eliminate the guesswork with real-time correlation of active threats
Corey Reed, Sr. Information Security Analyst, Synovus Bank and Wolfgang Kandek, CTO, Qualys
As a security professional, getting to know your current vulnerability data from your mobile workforce is a difficult task. If the mobile devices are not on the network at the time of your scan, or if you do not schedule a scan for the devices specifically, your data could become out of date by weeks or even months.
During this webcast, Corey Reed from Synovus Bank and Wolfgang Kandek from Qualys will discuss how Qualys Cloud Agent has helped Synovus Bank to:
* Perform frequent vulnerability scans for all internal and external assets.
* Receive faster notification and remediation for zero day and critical threats.
* Improve their vulnerability analysis and security patching programs by providing data that can be used to prioritize patch distribution.
The foundation of security is control. But how do you control what you can't search?
A huge hurdle to protecting your network is knowing exactly what devices are connected. It’s increasingly difficult for organizations to know what IT assets exist in their environment, where they’re located, who manages them and their associated security risks.
Learn how Qualys AssetView quickly gives your IT and security teams a complete, accurate view of all IT assets in your environment via your favorite web browser.
Reserve your seat for this webcast so you can discover how to:
* Run instant queries that return results in seconds
* Search for OS and App configuration information on all your assets for fast, accurate and actionable data
* Get a unified view of your IT and Security data
Wolfgang Kandek, CTO, Qualys and Tim White, Director of Product Management, Qualys
Knowing what IT assets you have and how to protect them is increasingly a challenge as globalization, virtualization and mobile assets create new endpoints and new opportunities for hackers to infiltrate. Now you can move beyond traditional scanner-based approaches to strengthen endpoint security with a free solution from Qualys.
Discover how the Qualys AssetView gives you a fast, actionable view of all IT assets while helping to:
> Gain comprehensive, scalable and always up-to-date view of endpoints — with continuously updated inventory of asset details, scaling to millions of assets
> Deliver fast, accurate and actionable data — with a new layer of intelligence into the current state of endpoints, including details about services, file systems and registries as well as information to manage and secure systems
> Minimize impact on systems and networks — by keeping itself lightweight and up-to-date to eliminate the need to reboot
> Handle virtualized environments with ease — by keeping track of the constant proliferation of images inside and outside of the environment
John Haberland Dir. Strategic Alliances, Qualys and Syed Abdur Rahman Sr. Product Manager, Brinqa
To effectively prioritize and remediate the most critical vulnerabilities threatening your organization, you need to combine internal asset risk evaluation with external real-time exploit and threat intelligence to create the most accurate picture of incidence and impact.
Join this webcast to learn how Qualys and Brinqa provide all the tools you need to dramatically improve the effectiveness and performance of your vulnerability management program, including :
* Leveraging asset risk and context during vulnerability prioritization
* Effective remediation through automated, risk-centric remediation policies
* Business risk and exposure reporting for primary stakeholders
Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.