Up the Patch Game: Unified Patch Management for Windows & Linux

As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, customers have been looking for a single, efficient patch workflow that extends their Windows patching program to Linux and third-party applications.

Join Qualys director of product management Eran Livne on May 5 at 10:00 am Pacific as he discusses the challenges in patch management and effective best practices for faster vulnerability remediation, including:

- Patch management challenges, especially in Linux environments
- Why IT & security teams need integrated patch management to reduce the attack surface
- Demo of automatic detection, prioritization and remediation of vulnerabilities
- Demo of key Qualys Patch Management features for Linux including scheduled and on-demand patching, system reboot, tracking remediation, and auto-rescan after patching

News of ransomware attacks hits the headlines on a near-daily basis, so it is no surprise that ransomware attacks increased over the past year. They’ve also become more dangerous as attackers target and encrypt growing amounts of data, and ransom demands skyrocket. Yet, despite the visibility, risks and increasing costs, organizations aren’t taking some of the basic precautions to protect themselves from attacks, such as remediating key known vulnerabilities.

Speakers Brian Kime, Security and Risk Senior Analyst at Forrester and Mehul Revankar, VP of Product Management and Engineering at Qualys will discuss the current state of ransomware and prevention techniques including:

- Latest threat vectors with an emphasis on ransomware attack vectors
- Examples of ransomware attacks that exploited specific vulnerabilities
- How to harden systems as temporary risk mitigation where immediate patching is not possible

Mehul will also address how to discover, assess and patch critical vulnerabilities with Qualys VMDR.

Join Qualys' Research and Product Team for a discussion of this month's high-impact vulnerabilities, including those that were part of April's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys Patch Management.

We will cover:

- The significant vulnerabilities published this month
- Qualys Research Team's analysis of the most critical vulnerabilities
- An action plan for quickly identifying and remediating vulnerabilities

Are your scans working at maximum efficiency? Join our Senior Security Architect to learn the arts of effective scanning with Qualys VMDR. We’ll show you how it works and how to make scans more productive in your environment.

This session with cover:

- How to set up, use and troubleshoot authentication records and password vaults
- Authenticated scanning – privileges, root delegation and executed commands
- Scanning through a firewall and why it is not recommended
- Scanning vs. Endpoint Agent – should you use both?

As authorities have issued emergency directives to mitigate the ‘widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities’, Qualys invites you to join a webcast where the Qualys Vulnerability Research Team will discuss the impact of the ProxyLogon vulnerability in Microsoft Exchange servers around the globe. We will outline the steps organizations need to take immediately to assess and address these high-priority vulnerabilities.

The webinar will cover:

- The key elements of the ProxyLogon zero-day vulnerability in Microsoft Exchange servers and its impact
- How to identify vulnerable Exchange environments, track them for missing patches, and remediate them with patching
- How to harden them as temporary risk mitigation where immediate patching is not possible
- Key indicators of compromise and how to detect and respond to them
- Analysis of the data from the Qualys Vulnerability Research Team

The Qualys team will also talk about the new free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.

With organizations rapidly adopting mobile technology in nearly all business functions, mobile devices are not only storing critical data but also connecting to corporate networks to access internal assets, data and apps.

This adoption is increasing the risk of:

- Data exposure and exfiltration through unauthorized access
- Attacks that penetrate organizations' internal networks via vulnerabilities & misconfigurations on Android & iOS devices.

Traditional vulnerability management tools fail to provide security in this environment because they lack visibility off the network, i.e. to mobile devices. While a Mobile Device Management (MDM) approach provides ‘policy-based prevention’, it does not assess the latest vulnerabilities or correlate vulnerabilities to mobile app updates.

In this webinar, we'll show how Qualys VMDR for Mobile Devices expands the FedRAMP-authorized Qualys Cloud Platform to provide security teams a single console to secure all Android, iOS and iPadOS devices across the enterprise.

Mobile security experts will demonstrate:

- Comprehensive visibility of mobile devices connecting inside your network, with critical data points such as device type, OS version, installed apps, EOL status, device location, CA certificates, and more
- Continuous assessment of device, OS, app, and network vulnerabilities using the industry's most comprehensive signature database and automated correlation of vulnerabilities to app updates
- Expansion of your vulnerability management program with continuous monitoring of critical mobile device configurations based on NSA guidelines.
- Remote ‘over-the-air' actions such as locking the device, changing its passcode, de-enrolling the device or uninstalling risky apps, along with seamless patch orchestration to deploy the latest app versions from Google App store.

As enterprises rapidly adopt SaaS applications, blind spots have developed as traditional security policies, controls guidance, and tools don't provide the benchmarks or visibility IT and security teams need to protect them. While some have looked at cloud access security broker (CASB) solutions to fill the need, these solutions only broker the access based on the perimeter and don't provide a continuous, holistic approach into risk and compliance.

In this webinar, CIS will discuss the importance of SaaS security and the value provided by security guidelines like the CIS Benchmarks, consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. Qualys will introduce SaaS Detection and Response (SaaSDR), which allows IT administrators to manage their critical SaaS security and validate policy against the CIS Benchmarks for Google Workspace, Microsoft Office 365, Salesforce.com, and Zoom.

CIS experts will cover:

- Balancing trust and risk when using SaaS applications
- Securing critical workflows within an expanding boundary of responsibility
- Creating policy assurance with consensus-based security best practices
- How automated monitoring brings policy to life

Qualys experts will demo how SaaSDR addresses:

- User and device visibility
- Data exposure monitoring
- Application data insights for risk assessment
- Continuous security posture & compliance monitoring

While vulnerability scanning has evolved significantly over the past few decades, the fundamental goal remains the same: to identify vulnerabilities accurately, assess the risk, and prioritize and remediate them before they get exploited by an attacker.

It is easier said than done. There are multiple ways to scan an asset, for example authenticated vs. unauthenticated scans or agent-based vs. agentless, each with its own advantages. With multiple approaches, it can be difficult to link the vulnerability detections back to the asset, even more so when the key identifiers for the asset, like IP address, network card, and so on, have changed over its lifecycle.

To address this challenge, Qualys is introducing exciting new platform technology to provide customers with a single unified view of vulnerabilities prioritized by risk.

Join us on this webcast as we cover:

- Vulnerability Scanning Challenges
- Asset Identification Challenges
- Vulnerability Prioritization with VMDR
- New Qualys Platform Solution
- Demo

In this world of cybersecurity challenges, End of Life (EOL) software running in your environment creates concerns around unpatched vulnerabilities. It also introduces compatibility issues and increases support costs and the potential for downtime of crucial business apps. In this session, we'll examine how to identify, prioritize and manage your software lifecycles, including EOL, to maintain a healthy and secure software ecosystem. Most importantly, we'll hear from Newburyport Bank about how they gained visibility to and reduced the risk of EOL software.


Specifically, we'll cover:

- Challenges and concerns related to EOL software
- Importance of establishing and maintaining a comprehensive software and hardware inventory
- Benefits of actively managing software through the EOL lens
- Tips to identify, prioritize and mitigate EOL software in your environment
- Newburyport Bank’s case study on managing their EOL software

Understanding the behaviors and attributes of the CVEs leveraged by stolen FireEye Red Team assessment tools is key to both attack prevention and response. In this webinar, Qualys research and product experts will analyze the riskiest CVEs. We will share insights into the CVE behaviors to help operational security teams build defensive actions against the complex attack vectors involved, and we will walk through the threat attributes to help threat hunting teams take defensive actions against adversaries.

Finally, we will show how Qualys solutions can help you develop a plan to reduce exposure from these CVEs.

In this workshop, we will discuss :

- Key CVEs used by the FireEye Red Team assessment tools
- How Qualys VMDR and EDR help organizations identify vulnerable assets
- The Qualys patch management solution to remediate vulnerabilities
- How to isolate compromised systems based on indicators of compromise

From an executive perspective, security design and risk tolerance have taken on new meaning. Distributed IT, remote workforces, and emerging digital requirements have all forced CISOs to look at security and compliance in a new light—one that heavily focuses on visibility into both IT and business functions. In this webinar, we'll examine today's IT landscape from a CISO perspective, exploring topics such as corporate-wide configuration management, how CISOs view security, and best practices for risk and compliance.

Specific topics include:

- Top IT challenges CISOs face today
- Understanding risk, compliance, and IT visibility
- The business impacts of IT asset inventory
- Key points around visibility, configuration management, and integration
- Best practices and advice from the field

Rapid digitalization has forced companies to rethink how to best manage their IT assets. Especially when those assets now include software, licensing, certificates, and even SaaS applications. Aside from better visibility, knowing what’s in your global IT environment is fundamental to security. With more people working remotely, questions arise such as how do you manage cloud instances? How do you control physical and logical asset inventory? And will you lose sight of IT management as your company grows?

In this webinar, we'll dive into how IT visibility has shifted amid the pandemic, emerging challenges for both IT administrators and technology leaders, and how IT inventory can help. Specific topics include:

- The changing IT asset landscape
- Understanding the speed of change: SaaS, virtualization, IoT, and more
- How to reduce pressure on IT with automation and better security
- Final thoughts and best practices

Qualys invites you to join a webcast where the Qualys' Vulnerability and Malware Research Team will discuss the recent Solorigate/SUNBURST attack and outline steps organizations can take to identify vulnerable assets, isolate compromised systems, and remediate them with patching and mitigation actions.

The webcast will cover:

- The key elements of the Solorigate/SUNBURST attack chain and its impact
- Key indicators of compromise
- Analysis of the data from the Qualys Research Team
- Steps organizations can take to immediately mitigate the risk
- A live demo of best practices response using Qualys solutions
- Free 60-day access to Qualys service to detect, prioritize, and remediate vulnerable and compromised assets

IT infrastructure is becoming increasingly hybrid, organizations not only have on-premises datacenter hosts and applications, but they also have cloud-based workloads and instances. IT DevOps teams are leveraging containerized environments and emerging technologies. To stay ahead of the changing threat landscape, security teams need to adapt their cybersecurity practices to shift left and build security in, and not bolt it on.

In this webinar, CIS Chief Product Architect, Adam Montville, and CIS Benchmarks Product Owner, Michelle Peterson, from the Center for Internet Security, will focus on how CIS Benchmarks help organizations improve cybersecurity by implementing security controls and recommendations that are a foundation of security hygiene. Hariom Singh, Director, Product Management, Compliance Solutions for Qualys, will discuss how organizations can implement proactive best practices at scale for real-time inventory, security hygiene, and contextual prioritization of threats to ultimately reduce time to remediation.

Thank you for being a valued Qualys customer. We are extending your subscription by two weeks to give you time to learn about our latest solutions, including Qualys VMDR and Multi-Vector EDR.

We'd like to invite you to a live session highlighting these latest solutions on Thursday, Nov 12 at 9 am PST. The speakers – Karun Malik, Qualys VP of Strategic Alliances and Channel Development, and Dragos Josanu, Qualys Director of Channel Sales – will explain how:

- Qualys VMDR helps you discover, assess, prioritize, and patch critical vulnerabilities in real time across your global hybrid-IT landscape — all from a single solution.
- Qualys Multi-Vector EDR, our newest app, goes beyond traditional EDR solutions by providing prevention, detection and response across the entire attack lifecycle via a single agent.

The November 2020 Qualys Technical Series walks you through best practices for managing asset tags and dashboards in Global IT Asset Inventory. We will also cover the migration from AssetView to Asset Inventory and how to ensure a smooth transition.

This session will cover:

- AssetView to Asset Inventory migration
- Tagging vs. Asset Groups - best practices
- Dynamic tagging - what are the possibilities?
- Creating and editing dashboards for various use cases

The Qualys Tech Series is a monthly technical discussion focusing on useful topics and best practices with Qualys. Each session includes a live Q&A – please post your questions during the session and we will do our best to answer them all.

Securing IT requires a complete remediation cycle that goes beyond vulnerability management to include patch deployment as well. Qualys patch management functionality automatically proposes the appropriate patches and deploys them in one click.

Qualys invites you to join a webcast with Predashen Nair, Group Manager, Infrastructure Services at SPAR Group, the world’s largest food retail chain to discuss Qualys’ effective patch management solution, available stand-alone or as part of Qualys VMDR.

Predashen will discuss how the integrated patch management functionality in Qualys simplifies operations, reduces cost, and enhances overall IT security.

The webcast will cover:

- How the integrated patch management functionality streamlines and accelerates vulnerability remediation
- How Qualys proactive patch management, covering security and non-security patches, seamlessly fits into the SPAR environment
- SPAR’s journey from selection of Qualys to implementation and results