Hi [[ session.user.profile.firstName ]]

Qualys Advisory Webcast: Mitigate Solorigate/SUNBURST and FireEye compromises

Qualys invites you to join a webcast where the Qualys' Vulnerability and Malware Research Team will discuss the recent Solorigate/SUNBURST attack and outline steps organizations can take to identify vulnerable assets, isolate compromised systems, and remediate them with patching and mitigation actions.

The webcast will cover:

- The key elements of the Solorigate/SUNBURST attack chain and its impact
- Key indicators of compromise
- Analysis of the data from the Qualys Research Team
- Steps organizations can take to immediately mitigate the risk
- A live demo of best practices response using Qualys solutions
- Free 60-day access to Qualys service to detect, prioritize, and remediate vulnerable and compromised assets
Recorded Dec 24 2020 52 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mehul Revankar, VP PM & Engg. for VMDR and Travis Smith, Dir., Malware Threat Research at Qualys
Presentation preview: Qualys Advisory Webcast: Mitigate Solorigate/SUNBURST and FireEye compromises
  • Channel
  • Channel profile
  • Qualys Technical Series – The Ins and Outs of Security Configuration Assessment Jul 8 2021 12:00 pm UTC 60 mins
    Francesco Armando, Technical Account Manager at Qualys
    Vulnerability assessment alone is not enough to protect systems from compromise as misconfigurations are a major source of breaches. Weak or improper continuous security configuration assessment (SCA) settings are often exploited by hackers and have played a significant role in high-profile cyberattacks like Petya.

    Join this Technical Series webinar and learn from a Qualys Technical Account Manager why Security Configuration Assessment should not be ignored.

    This session covers:

    - Introduction to SCA
    - A brief enumeration of the differences with the Policy Compliance apps
    - A digress about the Center for Internet Security (CIS)
    - Quick start guide
  • See how IT professionals can experience Qualys for FREE with Community Edition Recorded: Jun 23 2021 26 mins
    Chris Gaither, Manager, Consultant/MSP Partner Operations and Jeff Judge, Technical Account Manager, Consultant/MSP at Qualys
    Qualys and the Channel Alliances Team invite you to learn about Qualys Community Edition, a free version of the Qualys Cloud Platform to help you discover your IT assets and their vulnerabilities and get detailed reports using the industry's most accurate and comprehensive security assessment platform.

    This educational session will cover how to use Community Edition including:

    - Vulnerability management
    - Web application scanning
    - Multiple data collection methods
    - Best practice workflow for scanning
    - Reporting options and workflows
    - Q&A
  • This Month in Patches Recorded: Jun 10 2021 40 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Please join the Qualys research and product teams for the webinar “This Month in Patches” on June 10th, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that were part of June's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys VMDR and Patch Management.

    We will cover:

    The significant vulnerabilities published this month:

    - VMware vCenter Server Multiple Vulnerabilities
    - Ubuntu XStream Vulnerabilities
    - Microsoft Patch Tuesday, June 2021

    An action plan to quickly identify and remediate vulnerabilities:

    - Learn how to use Qualys Patch Management to remediate vulnerabilities
    - A sneak peek into Linux Patch Management with Qualys
  • Qualys Tech Series – Extend Your Security & Compliance Program with Qualys WAS Recorded: Jun 3 2021 41 mins
    Joash Herbrink, Security Solution Architect at Qualys
    Qualys Web Application Scanning (WAS) adds continuous discovery of web applications and detection of vulnerabilities and misconfigurations at scale to the Qualys Cloud Platform. Qualys WAS complements your security and compliance program with scanning of the application logic of both "human-readable" WEB apps and API-based apps. Join this Technical Series webinar and learn from a Qualys Solution Architect how to up your security game by using Qualys WAS.

    This session covers:

    - What is Qualys Web Application Scanning?
    - Diagnosing a WAS scan
    - Authentication in WAS - what works, what doesn't, and "why"
    - The ‘hidden’ features of WAS
  • AssetView® Live - Reinventing Asset Management for Cybersecurity Recorded: Jun 2 2021 117 mins
    Sumedh Thakar, Qualys; Ed Rossi, Qualys; Jatinder Pal Singh, Informatica; Todd Waskelis, AT&T Cybersecurity Solutions
    Join us for AssetView Live to learn how we’ve reinvented asset management for cybersecurity professionals. CyberSecurity Asset Management (CSAM) monitors IT asset health from a security perspective, helping inventory your complete IT ecosystem, detect security gaps, and respond to the risk, all from a unified platform.

    Register today for AssetView Live to hear our vision, see a deep-dive demo, learn how customers use CSAM, and participate in a Q&A.

    Agenda:

    10:00 – 10:15 am
    Introducing CyberSecurity Asset Management (CSAM)
    Sumedh Thakar, CEO and President, Qualys

    10:15 – 11:00 am
    Live CSAM Demo
    - Identify and alert on unauthorized assets
    - Monitor critical assets for external exposure
    - Alert for EOL, unauthorized software and missing required software
    - Response actions: uninstall EOL Adobe Flash with one click
    - FedRAMP and PCI-DSS report for asset health
    Ed Rossi, VP of Product Management, Qualys

    11:00 – 11:15 am
    Customer Insights: Asset Inventory for Security Pros
    Jatinder Pal Singh, Director of Security Operations, Informatica

    11:15 – 11:30 am
    Industry Insights: Your Security Foundation Starts with Asset Visibility and Context
    Todd Waskelis, AVP, AT&T Cybersecurity Solutions

    11:30 – 11:50 am
    Live Q&A
  • Protect, Detect & Respond with Anti-Malware Features in Qualys Multi-Vector EDR Recorded: May 26 2021 65 mins
    Hiep Dang, Vice President, Product Management, EDR and Travis Smith, Dir., Malware Threat Research at Qualys
    We are bringing the ability to detect and block advanced threats in real time to the Qualys Cloud Platform. The same Qualys Cloud Agent that provides inventory, vulnerability management, patching and endpoint detection and response (EDR) now prevents malware exploitation and blocks known phishing and ransomware attacks.

    Traditional EDR/EPP solutions focus only on malicious activities, and risk mitigation solutions focus on vulnerabilities and patch management, requiring siloed agents and applications. This approach does not provide a complete picture of the environment, its attack surfaces, weaknesses that cybercriminals can exploit, or the ability to natively remediate most cyberattacks' root cause - unpatched vulnerabilities. Qualys removes these blind spots by combining risk mitigation, malware prevention, detection, and response into a single solution.

    Join Hiep Dang, Qualys VP of Endpoint Security Solutions, on Wednesday, May 26 at 10:00 am PT for a demonstration of Qualys Multi-Vector EDR's new anti-malware capabilities along with a preview of our plans to combine real-time malware protection and endpoint telemetry with cross-correlation with asset visibility, vulnerability management, patch management, and policy compliance.
  • This Month in Patches Recorded: May 13 2021 50 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Please join the Qualys research and product teams for the webinar “This Month in Patches” on May 13th, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that were part of May's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys VMDR and Patch Management.

    We will cover:

    The significant vulnerabilities published this month:

    - 21Nails Exim Mail Server Multiple Vulnerabilities
    - Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)
    - Microsoft Patch Tuesday, May 2021

    An action plan to quickly identify and remediate vulnerabilities:

    - Learn how to use Qualys Patch Management to remediate vulnerabilities
    - A sneak peek into Linux Patch Management with Qualys
  • FedRAMP Vulnerability Scanning for Containers Recorded: May 12 2021 47 mins
    Samuel Aydlette, Compliance Programs; Parag Bajaria, and Alex Mandernack, Cloud and Container Security
    Are you a FedRAMP-certified cloud services provider with vulnerability scanning gaps between your traditional and containerized cloud systems? If so, join us on May 12, as we walk you through the details and challenges of compliance.

    On March 16 FedRAMP released the Vulnerability Scanning Requirements for Containers and required Cloud Service Providers serving the federal market to submit a compliance plan and demonstrate compliance in six months' time. The document is supplemental to existing FedRAMP requirements around vulnerability scanning and applies to all FedRAMP-authorized systems leveraging container technology.

    In this webinar, the Qualys compliance and container security teams will:

    - Explain each new FedRAMP requirement in detail
    - Discuss the challenges of implementation
    - Demonstrate how the FedRAMP-certified Qualys Cloud Platform and Container Security product address the challenges
  • Qualys Tech Series – Optimizing Qualys: It’s Time to Clean Up Your Subscription Recorded: May 6 2021 50 mins
    Kevin O'Keefe, Solution Architect at Qualys
    Your Qualys subscription is only as good as the data that’s in it. So how do you get the most from your data? Join this Technical Series webinar and learn from a Qualys Solution Architect how to evaluate, action and clean up the data in your Qualys subscription.

    This session covers:

    - Asset Record Duplication – Why these are happening and how to troubleshoot.
    - Data Merging – What are the options and how do they work?
    - Stale Assets - Purge Rules and Manual Purging
    - Tags/Asset Groups - How many are too many?
  • Up the Patch Game: Unified Patch Management for Windows & Linux Recorded: May 5 2021 61 mins
    Eran Livne, Director, Product Management, Endpoint Remediation at Qualys
    As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, customers have been looking for a single, efficient patch workflow that extends their Windows patching program to Linux and third-party applications.

    Join Qualys director of product management Eran Livne on May 5 at 10:00 am Pacific as he discusses the challenges in patch management and effective best practices for faster vulnerability remediation, including:

    - Patch management challenges, especially in Linux environments
    - Why IT & security teams need integrated patch management to reduce the attack surface
    - Demo of automatic detection, prioritization and remediation of vulnerabilities
    - Demo of key Qualys Patch Management features for Linux including scheduled and on-demand patching, system reboot, tracking remediation, and auto-rescan after patching
  • Preventing Ransomware Attacks in the Age of Covid-19 Recorded: Apr 20 2021 58 mins
    Mehul Revankar, Qualys VP Product Mgmt and Eng, VMDR. Guest speaker, Brian Kime, Security & Risk Senior Analyst at Forrester
    News of ransomware attacks hits the headlines on a near-daily basis, so it is no surprise that ransomware attacks increased over the past year. They’ve also become more dangerous as attackers target and encrypt growing amounts of data, and ransom demands skyrocket. Yet, despite the visibility, risks and increasing costs, organizations aren’t taking some of the basic precautions to protect themselves from attacks, such as remediating key known vulnerabilities.

    Speakers Brian Kime, Security and Risk Senior Analyst at Forrester and Mehul Revankar, VP of Product Management and Engineering at Qualys will discuss the current state of ransomware and prevention techniques including:

    - Latest threat vectors with an emphasis on ransomware attack vectors
    - Examples of ransomware attacks that exploited specific vulnerabilities
    - How to harden systems as temporary risk mitigation where immediate patching is not possible

    Mehul will also address how to discover, assess and patch critical vulnerabilities with Qualys VMDR.
  • This Month in Patches Recorded: Apr 15 2021 50 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Join Qualys' Research and Product Team for a discussion of this month's high-impact vulnerabilities, including those that were part of April's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys Patch Management.

    We will cover:

    - The significant vulnerabilities published this month
    - Qualys Research Team's analysis of the most critical vulnerabilities
    - An action plan for quickly identifying and remediating vulnerabilities
  • Qualys Technical Series – Reaching Maximum Efficiency with VM Scans Recorded: Apr 8 2021 51 mins
    Ian Glennon, Security Architect at Qualys
    Are your scans working at maximum efficiency? Join our Senior Security Architect to learn the arts of effective scanning with Qualys VMDR. We’ll show you how it works and how to make scans more productive in your environment.

    This session with cover:

    - How to set up, use and troubleshoot authentication records and password vaults
    - Authenticated scanning – privileges, root delegation and executed commands
    - Scanning through a firewall and why it is not recommended
    - Scanning vs. Endpoint Agent – should you use both?
  • Mitigate the Risk of Microsoft Exchange ProxyLogon Vulnerabilities Recorded: Mar 12 2021 30 mins
    Qualys threat research and product experts Anand Paturi and Eran Livne
    As authorities have issued emergency directives to mitigate the ‘widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities’, Qualys invites you to join a webcast where the Qualys Vulnerability Research Team will discuss the impact of the ProxyLogon vulnerability in Microsoft Exchange servers around the globe. We will outline the steps organizations need to take immediately to assess and address these high-priority vulnerabilities.

    The webinar will cover:

    - The key elements of the ProxyLogon zero-day vulnerability in Microsoft Exchange servers and its impact
    - How to identify vulnerable Exchange environments, track them for missing patches, and remediate them with patching
    - How to harden them as temporary risk mitigation where immediate patching is not possible
    - Key indicators of compromise and how to detect and respond to them
    - Analysis of the data from the Qualys Vulnerability Research Team

    The Qualys team will also talk about the new free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.
  • Seamlessly Expand Vulnerability & Patch Management to Enterprise Mobile Devices Recorded: Mar 10 2021 40 mins
    Swapnil Ahirrao, Product Manager, Mobile Security and Shailesh Athalye, VP, Compliance Solutions at Qualys.
    With organizations rapidly adopting mobile technology in nearly all business functions, mobile devices are not only storing critical data but also connecting to corporate networks to access internal assets, data and apps.

    This adoption is increasing the risk of:

    - Data exposure and exfiltration through unauthorized access
    - Attacks that penetrate organizations' internal networks via vulnerabilities & misconfigurations on Android & iOS devices.

    Traditional vulnerability management tools fail to provide security in this environment because they lack visibility off the network, i.e. to mobile devices. While a Mobile Device Management (MDM) approach provides ‘policy-based prevention’, it does not assess the latest vulnerabilities or correlate vulnerabilities to mobile app updates.

    In this webinar, we'll show how Qualys VMDR for Mobile Devices expands the FedRAMP-authorized Qualys Cloud Platform to provide security teams a single console to secure all Android, iOS and iPadOS devices across the enterprise.

    Mobile security experts will demonstrate:

    - Comprehensive visibility of mobile devices connecting inside your network, with critical data points such as device type, OS version, installed apps, EOL status, device location, CA certificates, and more
    - Continuous assessment of device, OS, app, and network vulnerabilities using the industry's most comprehensive signature database and automated correlation of vulnerabilities to app updates
    - Expansion of your vulnerability management program with continuous monitoring of critical mobile device configurations based on NSA guidelines.
    - Remote ‘over-the-air' actions such as locking the device, changing its passcode, de-enrolling the device or uninstalling risky apps, along with seamless patch orchestration to deploy the latest app versions from Google App store.
  • Speeding SaaS Cybersecurity Policy to Implementation Recorded: Mar 3 2021 61 mins
    Adam Montville, Chief Product Architect, Center for Internet Security (CIS) & Shailesh Athalye, VP, Compliance Solutions
    As enterprises rapidly adopt SaaS applications, blind spots have developed as traditional security policies, controls guidance, and tools don't provide the benchmarks or visibility IT and security teams need to protect them. While some have looked at cloud access security broker (CASB) solutions to fill the need, these solutions only broker the access based on the perimeter and don't provide a continuous, holistic approach into risk and compliance.

    In this webinar, CIS will discuss the importance of SaaS security and the value provided by security guidelines like the CIS Benchmarks, consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. Qualys will introduce SaaS Detection and Response (SaaSDR), which allows IT administrators to manage their critical SaaS security and validate policy against the CIS Benchmarks for Google Workspace, Microsoft Office 365, Salesforce.com, and Zoom.

    CIS experts will cover:

    - Balancing trust and risk when using SaaS applications
    - Securing critical workflows within an expanding boundary of responsibility
    - Creating policy assurance with consensus-based security best practices
    - How automated monitoring brings policy to life

    Qualys experts will demo how SaaSDR addresses:

    - User and device visibility
    - Data exposure monitoring
    - Application data insights for risk assessment
    - Continuous security posture & compliance monitoring
  • New Unauthenticated and Agent-Based Scan Merging Capabilities in Qualys VMDR Recorded: Feb 17 2021 49 mins
    Spencer Brown, Security Solutions Architect at Qualys
    While vulnerability scanning has evolved significantly over the past few decades, the fundamental goal remains the same: to identify vulnerabilities accurately, assess the risk, and prioritize and remediate them before they get exploited by an attacker.

    It is easier said than done. There are multiple ways to scan an asset, for example authenticated vs. unauthenticated scans or agent-based vs. agentless, each with its own advantages. With multiple approaches, it can be difficult to link the vulnerability detections back to the asset, even more so when the key identifiers for the asset, like IP address, network card, and so on, have changed over its lifecycle.

    To address this challenge, Qualys is introducing exciting new platform technology to provide customers with a single unified view of vulnerabilities prioritized by risk.

    Join us on this webcast as we cover:

    - Vulnerability Scanning Challenges
    - Asset Identification Challenges
    - Vulnerability Prioritization with VMDR
    - New Qualys Platform Solution
    - Demo
  • Getting a Handle on Your EOL Software; the Overlooked Aspect of Cybersecurity Recorded: Feb 9 2021 55 mins
    Edward Rossi, VP Product Management, Asset Inventory and Discovery at Qualys.
    In this world of cybersecurity challenges, End of Life (EOL) software running in your environment creates concerns around unpatched vulnerabilities. It also introduces compatibility issues and increases support costs and the potential for downtime of crucial business apps. In this session, we'll examine how to identify, prioritize and manage your software lifecycles, including EOL, to maintain a healthy and secure software ecosystem. Most importantly, we'll hear from Newburyport Bank about how they gained visibility to and reduced the risk of EOL software.


    Specifically, we'll cover:

    - Challenges and concerns related to EOL software
    - Importance of establishing and maintaining a comprehensive software and hardware inventory
    - Benefits of actively managing software through the EOL lens
    - Tips to identify, prioritize and mitigate EOL software in your environment
    - Newburyport Bank’s case study on managing their EOL software
  • Unpacking the CVEs in the FireEye Breach Recorded: Feb 4 2021 56 mins
    Qualys threat research and product experts Anand Paturi, Eran Livne and Travis Smith.
    Understanding the behaviors and attributes of the CVEs leveraged by stolen FireEye Red Team assessment tools is key to both attack prevention and response. In this webinar, Qualys research and product experts will analyze the riskiest CVEs. We will share insights into the CVE behaviors to help operational security teams build defensive actions against the complex attack vectors involved, and we will walk through the threat attributes to help threat hunting teams take defensive actions against adversaries.

    Finally, we will show how Qualys solutions can help you develop a plan to reduce exposure from these CVEs.

    In this workshop, we will discuss :

    - Key CVEs used by the FireEye Red Team assessment tools
    - How Qualys VMDR and EDR help organizations identify vulnerable assets
    - The Qualys patch management solution to remediate vulnerabilities
    - How to isolate compromised systems based on indicators of compromise
  • CISO perspective: How IT asset inventory can reduce security and compliance risk Recorded: Jan 29 2021 63 mins
    Bill Kleyman, Contributing Editor, ITPro Today, Edward Rossi, VP, Product Mgmt, Qualys and Ben Carr, CISO at Qualys
    From an executive perspective, security design and risk tolerance have taken on new meaning. Distributed IT, remote workforces, and emerging digital requirements have all forced CISOs to look at security and compliance in a new light—one that heavily focuses on visibility into both IT and business functions. In this webinar, we'll examine today's IT landscape from a CISO perspective, exploring topics such as corporate-wide configuration management, how CISOs view security, and best practices for risk and compliance.

    Specific topics include:

    - Top IT challenges CISOs face today
    - Understanding risk, compliance, and IT visibility
    - The business impacts of IT asset inventory
    - Key points around visibility, configuration management, and integration
    - Best practices and advice from the field
IT Security Best Practices and Resources
Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.

Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Qualys Advisory Webcast: Mitigate Solorigate/SUNBURST and FireEye compromises
  • Live at: Dec 24 2020 5:00 pm
  • Presented by: Mehul Revankar, VP PM & Engg. for VMDR and Travis Smith, Dir., Malware Threat Research at Qualys
  • From:
Your email has been sent.
or close