Hi [[ session.user.profile.firstName ]]

This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the webinar “This Month in Vulnerabilities and Patches” on August 12, 2021.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2021 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

The significant vulnerabilities published this month:

- Pulse Connect Secure RCE (CVE-2021-22937)
- Sequoia – Linux Filesystem Privilege Escalation Vulnerability (CVE-2021-33909)
- Microsoft Patch Tuesday, August 2021
- Windows Update Medic Service Elevation of Privilege Vulnerability (CVE-2021-36948)
- Remote Desktop Client RCE Vulnerability (CVE-2021-34535)
- Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability (CVE-2021-36942)
- Adobe Patch Tuesday, August 2021

An action plan to quickly identify and remediate vulnerabilities:
- Learn how to use Qualys Patch Management to remediate vulnerabilities
Recorded Aug 12 2021 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Eran Livne, Director, Product Mgmt and Anand Paturi, Principal Research Analyst, at Qualys.
Presentation preview: This Month in Vulnerabilities and Patches
  • Channel
  • Channel profile
  • Get PCI Compliant with Qualys Recorded: Aug 26 2021 60 mins
    Hariom Singh, Dir of Compliance at Qualys, and Mathias Hoelzli, Sr. Manager of Threat & Vulnerability Mgmt at NortonLifeLock
    With attacks on payment data increasing, organizations are looking to achieve data protection as well as streamline PCI compliance in an automated manner. But only 27.9% of organizations were fully PCI compliant during their interim validation in 2019 according to the Verizon Payment Security Report (PSR) 2020. The PSR also highlights the top control gaps, which organizations need to prioritize for better data protection and complete PCI.

    Qualys fills these gaps by expanding its PCI compliance solution beyond PCI ASV scanning to support more than 97% of PCI requirements. Qualys’ integrated platform gives you one holistic view of your PCI in-scope assets and their PCI compliance posture along with the tools and automation you need to meet PCI DSS requirements efficiently.

    Join us for a webinar on August 26, 2021 where PCI experts Hariom Singh, director of product management for compliance solutions at Qualys, and Mathias Hoelzli, senior manager threat and vulnerability management at NortonLifeLock, walk you through the challenges organizations face and how they can overcome them to protect their cardholder data.

    Get started now:

    - Sign up for the PCI Compliance webinar on August 26, 2021.
    - Learn about the complete Qualys PCI Compliance solution.
    - Start your trial of the new integrated Qualys PCI Compliance solution.
  • Securing Red Hat Enterprise Linux CoreOS in Red Hat OpenShift with Qualys Recorded: Aug 16 2021 57 mins
    Dave Meurer, Global Principal Solutions Architect, Red Hat and Jason Ell, Sr. Dir of Product Mgmt for Cloud Agent, Qualys
    In support of DevSecOps teams using Kubernetes to build modern applications, Qualys and Red Hat are collaborating to secure the complete Red Hat OpenShift stack.

    Newly introduced capabilities delivered via Qualys Cloud Agent enable vulnerability scanning directly into Red Hat Enterprise Linux CoreOS in Red Hat OpenShift.

    This new offering enhances Red Hat’s layered approach to security and complements the Qualys Container Security app, which already secures your containers from build to runtime.

    Join this webinar on August 16, 2021 for a demonstration of full-stack security of containers and the container stack in Red Hat OpenShift presented by container security experts Dave Meurer, Global Principal Solutions Architect at Red Hat, and Jason Ell, Sr. Director of Product Management for Cloud Agent at Qualys.

    Sign up now!
  • This Month in Vulnerabilities and Patches Recorded: Aug 12 2021 42 mins
    Eran Livne, Director, Product Mgmt and Anand Paturi, Principal Research Analyst, at Qualys.
    Please join the Qualys research and product teams for the webinar “This Month in Vulnerabilities and Patches” on August 12, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that are part of August 2021 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

    We will cover:

    The significant vulnerabilities published this month:

    - Pulse Connect Secure RCE (CVE-2021-22937)
    - Sequoia – Linux Filesystem Privilege Escalation Vulnerability (CVE-2021-33909)
    - Microsoft Patch Tuesday, August 2021
    - Windows Update Medic Service Elevation of Privilege Vulnerability (CVE-2021-36948)
    - Remote Desktop Client RCE Vulnerability (CVE-2021-34535)
    - Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability (CVE-2021-36942)
    - Adobe Patch Tuesday, August 2021

    An action plan to quickly identify and remediate vulnerabilities:
    - Learn how to use Qualys Patch Management to remediate vulnerabilities
  • This Month in Vulnerabilities and Patches Recorded: Jul 15 2021 50 mins
    Eran Livne, Director, Product Mgmt and Anand Paturi, Principal Research Analyst, at Qualys.
    Please join the Qualys research and product teams for the webinar “This Month in Vulnerabilities and Patches” on July 15, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that are part of July 2021 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

    Agenda:

    The significant vulnerabilities published this month:
    - Windows Print Spooler RCE Vulnerability
    - Kaseya Zero Day Vulnerabilities
    - SonicWall Buffer Overflow Vulnerability
    - Microsoft Patch Tuesday, July 2021
    - Adobe Patch Tuesday, July 2021

    Demos showing how to address this month's top vulnerabilities:
    - Identify and prioritize vulnerabilities with Qualys VMDR
    - Remediate with Qualys Patch Management
  • Qualys Technical Series – The Ins and Outs of Security Configuration Assessment Recorded: Jul 8 2021 32 mins
    Francesco Armando, Technical Account Manager at Qualys
    Vulnerability assessment alone is not enough to protect systems from compromise as misconfigurations are a major source of breaches. Weak or improper continuous security configuration assessment (SCA) settings are often exploited by hackers and have played a significant role in high-profile cyberattacks like Petya.

    Join this Technical Series webinar and learn from a Qualys Technical Account Manager why Security Configuration Assessment should not be ignored.

    This session covers:

    - Introduction to SCA
    - A brief enumeration of the differences with the Policy Compliance apps
    - A digress about the Center for Internet Security (CIS)
    - Quick start guide
  • See how IT professionals can experience Qualys for FREE with Community Edition Recorded: Jun 23 2021 26 mins
    Chris Gaither, Manager, Consultant/MSP Partner Operations and Jeff Judge, Technical Account Manager, Consultant/MSP at Qualys
    Qualys and the Channel Alliances Team invite you to learn about Qualys Community Edition, a free version of the Qualys Cloud Platform to help you discover your IT assets and their vulnerabilities and get detailed reports using the industry's most accurate and comprehensive security assessment platform.

    This educational session will cover how to use Community Edition including:

    - Vulnerability management
    - Web application scanning
    - Multiple data collection methods
    - Best practice workflow for scanning
    - Reporting options and workflows
    - Q&A
  • This Month in Patches Recorded: Jun 10 2021 40 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Please join the Qualys research and product teams for the webinar “This Month in Patches” on June 10th, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that were part of June's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys VMDR and Patch Management.

    We will cover:

    The significant vulnerabilities published this month:

    - VMware vCenter Server Multiple Vulnerabilities
    - Ubuntu XStream Vulnerabilities
    - Microsoft Patch Tuesday, June 2021

    An action plan to quickly identify and remediate vulnerabilities:

    - Learn how to use Qualys Patch Management to remediate vulnerabilities
    - A sneak peek into Linux Patch Management with Qualys
  • Qualys Tech Series – Extend Your Security & Compliance Program with Qualys WAS Recorded: Jun 3 2021 41 mins
    Joash Herbrink, Security Solution Architect at Qualys
    Qualys Web Application Scanning (WAS) adds continuous discovery of web applications and detection of vulnerabilities and misconfigurations at scale to the Qualys Cloud Platform. Qualys WAS complements your security and compliance program with scanning of the application logic of both "human-readable" WEB apps and API-based apps. Join this Technical Series webinar and learn from a Qualys Solution Architect how to up your security game by using Qualys WAS.

    This session covers:

    - What is Qualys Web Application Scanning?
    - Diagnosing a WAS scan
    - Authentication in WAS - what works, what doesn't, and "why"
    - The ‘hidden’ features of WAS
  • AssetView® Live - Reinventing Asset Management for Cybersecurity Recorded: Jun 2 2021 117 mins
    Sumedh Thakar, Qualys; Ed Rossi, Qualys; Jatinder Pal Singh, Informatica; Todd Waskelis, AT&T Cybersecurity Solutions
    Join us for AssetView Live to learn how we’ve reinvented asset management for cybersecurity professionals. CyberSecurity Asset Management (CSAM) monitors IT asset health from a security perspective, helping inventory your complete IT ecosystem, detect security gaps, and respond to the risk, all from a unified platform.

    Register today for AssetView Live to hear our vision, see a deep-dive demo, learn how customers use CSAM, and participate in a Q&A.

    Agenda:

    10:00 – 10:15 am
    Introducing CyberSecurity Asset Management (CSAM)
    Sumedh Thakar, CEO and President, Qualys

    10:15 – 11:00 am
    Live CSAM Demo
    - Identify and alert on unauthorized assets
    - Monitor critical assets for external exposure
    - Alert for EOL, unauthorized software and missing required software
    - Response actions: uninstall EOL Adobe Flash with one click
    - FedRAMP and PCI-DSS report for asset health
    Ed Rossi, VP of Product Management, Qualys

    11:00 – 11:15 am
    Customer Insights: Asset Inventory for Security Pros
    Jatinder Pal Singh, Director of Security Operations, Informatica

    11:15 – 11:30 am
    Industry Insights: Your Security Foundation Starts with Asset Visibility and Context
    Todd Waskelis, AVP, AT&T Cybersecurity Solutions

    11:30 – 11:50 am
    Live Q&A
  • Protect, Detect & Respond with Anti-Malware Features in Qualys Multi-Vector EDR Recorded: May 26 2021 65 mins
    Hiep Dang, Vice President, Product Management, EDR and Travis Smith, Dir., Malware Threat Research at Qualys
    We are bringing the ability to detect and block advanced threats in real time to the Qualys Cloud Platform. The same Qualys Cloud Agent that provides inventory, vulnerability management, patching and endpoint detection and response (EDR) now prevents malware exploitation and blocks known phishing and ransomware attacks.

    Traditional EDR/EPP solutions focus only on malicious activities, and risk mitigation solutions focus on vulnerabilities and patch management, requiring siloed agents and applications. This approach does not provide a complete picture of the environment, its attack surfaces, weaknesses that cybercriminals can exploit, or the ability to natively remediate most cyberattacks' root cause - unpatched vulnerabilities. Qualys removes these blind spots by combining risk mitigation, malware prevention, detection, and response into a single solution.

    Join Hiep Dang, Qualys VP of Endpoint Security Solutions, on Wednesday, May 26 at 10:00 am PT for a demonstration of Qualys Multi-Vector EDR's new anti-malware capabilities along with a preview of our plans to combine real-time malware protection and endpoint telemetry with cross-correlation with asset visibility, vulnerability management, patch management, and policy compliance.
  • This Month in Patches Recorded: May 13 2021 50 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Please join the Qualys research and product teams for the webinar “This Month in Patches” on May 13th, 2021.

    We will discuss this month's high-impact vulnerabilities, including those that were part of May's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys VMDR and Patch Management.

    We will cover:

    The significant vulnerabilities published this month:

    - 21Nails Exim Mail Server Multiple Vulnerabilities
    - Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)
    - Microsoft Patch Tuesday, May 2021

    An action plan to quickly identify and remediate vulnerabilities:

    - Learn how to use Qualys Patch Management to remediate vulnerabilities
    - A sneak peek into Linux Patch Management with Qualys
  • FedRAMP Vulnerability Scanning for Containers Recorded: May 12 2021 47 mins
    Samuel Aydlette, Compliance Programs; Parag Bajaria, and Alex Mandernack, Cloud and Container Security
    Are you a FedRAMP-certified cloud services provider with vulnerability scanning gaps between your traditional and containerized cloud systems? If so, join us on May 12, as we walk you through the details and challenges of compliance.

    On March 16 FedRAMP released the Vulnerability Scanning Requirements for Containers and required Cloud Service Providers serving the federal market to submit a compliance plan and demonstrate compliance in six months' time. The document is supplemental to existing FedRAMP requirements around vulnerability scanning and applies to all FedRAMP-authorized systems leveraging container technology.

    In this webinar, the Qualys compliance and container security teams will:

    - Explain each new FedRAMP requirement in detail
    - Discuss the challenges of implementation
    - Demonstrate how the FedRAMP-certified Qualys Cloud Platform and Container Security product address the challenges
  • Qualys Tech Series – Optimizing Qualys: It’s Time to Clean Up Your Subscription Recorded: May 6 2021 50 mins
    Kevin O'Keefe, Solution Architect at Qualys
    Your Qualys subscription is only as good as the data that’s in it. So how do you get the most from your data? Join this Technical Series webinar and learn from a Qualys Solution Architect how to evaluate, action and clean up the data in your Qualys subscription.

    This session covers:

    - Asset Record Duplication – Why these are happening and how to troubleshoot.
    - Data Merging – What are the options and how do they work?
    - Stale Assets - Purge Rules and Manual Purging
    - Tags/Asset Groups - How many are too many?
  • Up the Patch Game: Unified Patch Management for Windows & Linux Recorded: May 5 2021 61 mins
    Eran Livne, Director, Product Management, Endpoint Remediation at Qualys
    As attacks on infrastructure continue to increase, security teams are looking to go beyond detection and response by eliminating the root cause of the attacks -- unpatched vulnerabilities. With the majority of production systems running Linux, customers have been looking for a single, efficient patch workflow that extends their Windows patching program to Linux and third-party applications.

    Join Qualys director of product management Eran Livne on May 5 at 10:00 am Pacific as he discusses the challenges in patch management and effective best practices for faster vulnerability remediation, including:

    - Patch management challenges, especially in Linux environments
    - Why IT & security teams need integrated patch management to reduce the attack surface
    - Demo of automatic detection, prioritization and remediation of vulnerabilities
    - Demo of key Qualys Patch Management features for Linux including scheduled and on-demand patching, system reboot, tracking remediation, and auto-rescan after patching
  • Preventing Ransomware Attacks in the Age of Covid-19 Recorded: Apr 20 2021 58 mins
    Mehul Revankar, Qualys VP Product Mgmt and Eng, VMDR. Guest speaker, Brian Kime, Security & Risk Senior Analyst at Forrester
    News of ransomware attacks hits the headlines on a near-daily basis, so it is no surprise that ransomware attacks increased over the past year. They’ve also become more dangerous as attackers target and encrypt growing amounts of data, and ransom demands skyrocket. Yet, despite the visibility, risks and increasing costs, organizations aren’t taking some of the basic precautions to protect themselves from attacks, such as remediating key known vulnerabilities.

    Speakers Brian Kime, Security and Risk Senior Analyst at Forrester and Mehul Revankar, VP of Product Management and Engineering at Qualys will discuss the current state of ransomware and prevention techniques including:

    - Latest threat vectors with an emphasis on ransomware attack vectors
    - Examples of ransomware attacks that exploited specific vulnerabilities
    - How to harden systems as temporary risk mitigation where immediate patching is not possible

    Mehul will also address how to discover, assess and patch critical vulnerabilities with Qualys VMDR.
  • This Month in Patches Recorded: Apr 15 2021 50 mins
    Eran Livne, Dir, Product Mgmt, Endpoint Remediation & Anand Paturi, Principal Research Analyst, Threat Prioritization
    Join Qualys' Research and Product Team for a discussion of this month's high-impact vulnerabilities, including those that were part of April's Microsoft Patch Tuesday. We will walk you through the steps to quickly identify vulnerable assets and remediate them with Qualys Patch Management.

    We will cover:

    - The significant vulnerabilities published this month
    - Qualys Research Team's analysis of the most critical vulnerabilities
    - An action plan for quickly identifying and remediating vulnerabilities
  • Qualys Technical Series – Reaching Maximum Efficiency with VM Scans Recorded: Apr 8 2021 51 mins
    Ian Glennon, Security Architect at Qualys
    Are your scans working at maximum efficiency? Join our Senior Security Architect to learn the arts of effective scanning with Qualys VMDR. We’ll show you how it works and how to make scans more productive in your environment.

    This session with cover:

    - How to set up, use and troubleshoot authentication records and password vaults
    - Authenticated scanning – privileges, root delegation and executed commands
    - Scanning through a firewall and why it is not recommended
    - Scanning vs. Endpoint Agent – should you use both?
  • Mitigate the Risk of Microsoft Exchange ProxyLogon Vulnerabilities Recorded: Mar 12 2021 30 mins
    Qualys threat research and product experts Anand Paturi and Eran Livne
    As authorities have issued emergency directives to mitigate the ‘widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities’, Qualys invites you to join a webcast where the Qualys Vulnerability Research Team will discuss the impact of the ProxyLogon vulnerability in Microsoft Exchange servers around the globe. We will outline the steps organizations need to take immediately to assess and address these high-priority vulnerabilities.

    The webinar will cover:

    - The key elements of the ProxyLogon zero-day vulnerability in Microsoft Exchange servers and its impact
    - How to identify vulnerable Exchange environments, track them for missing patches, and remediate them with patching
    - How to harden them as temporary risk mitigation where immediate patching is not possible
    - Key indicators of compromise and how to detect and respond to them
    - Analysis of the data from the Qualys Vulnerability Research Team

    The Qualys team will also talk about the new free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.
  • Seamlessly Expand Vulnerability & Patch Management to Enterprise Mobile Devices Recorded: Mar 10 2021 40 mins
    Swapnil Ahirrao, Product Manager, Mobile Security and Shailesh Athalye, VP, Compliance Solutions at Qualys.
    With organizations rapidly adopting mobile technology in nearly all business functions, mobile devices are not only storing critical data but also connecting to corporate networks to access internal assets, data and apps.

    This adoption is increasing the risk of:

    - Data exposure and exfiltration through unauthorized access
    - Attacks that penetrate organizations' internal networks via vulnerabilities & misconfigurations on Android & iOS devices.

    Traditional vulnerability management tools fail to provide security in this environment because they lack visibility off the network, i.e. to mobile devices. While a Mobile Device Management (MDM) approach provides ‘policy-based prevention’, it does not assess the latest vulnerabilities or correlate vulnerabilities to mobile app updates.

    In this webinar, we'll show how Qualys VMDR for Mobile Devices expands the FedRAMP-authorized Qualys Cloud Platform to provide security teams a single console to secure all Android, iOS and iPadOS devices across the enterprise.

    Mobile security experts will demonstrate:

    - Comprehensive visibility of mobile devices connecting inside your network, with critical data points such as device type, OS version, installed apps, EOL status, device location, CA certificates, and more
    - Continuous assessment of device, OS, app, and network vulnerabilities using the industry's most comprehensive signature database and automated correlation of vulnerabilities to app updates
    - Expansion of your vulnerability management program with continuous monitoring of critical mobile device configurations based on NSA guidelines.
    - Remote ‘over-the-air' actions such as locking the device, changing its passcode, de-enrolling the device or uninstalling risky apps, along with seamless patch orchestration to deploy the latest app versions from Google App store.
  • Speeding SaaS Cybersecurity Policy to Implementation Recorded: Mar 3 2021 61 mins
    Adam Montville, Chief Product Architect, Center for Internet Security (CIS) & Shailesh Athalye, VP, Compliance Solutions
    As enterprises rapidly adopt SaaS applications, blind spots have developed as traditional security policies, controls guidance, and tools don't provide the benchmarks or visibility IT and security teams need to protect them. While some have looked at cloud access security broker (CASB) solutions to fill the need, these solutions only broker the access based on the perimeter and don't provide a continuous, holistic approach into risk and compliance.

    In this webinar, CIS will discuss the importance of SaaS security and the value provided by security guidelines like the CIS Benchmarks, consensus-developed secure configuration guidelines for hardening operating systems, servers, cloud environments, and more. Qualys will introduce SaaS Detection and Response (SaaSDR), which allows IT administrators to manage their critical SaaS security and validate policy against the CIS Benchmarks for Google Workspace, Microsoft Office 365, Salesforce.com, and Zoom.

    CIS experts will cover:

    - Balancing trust and risk when using SaaS applications
    - Securing critical workflows within an expanding boundary of responsibility
    - Creating policy assurance with consensus-based security best practices
    - How automated monitoring brings policy to life

    Qualys experts will demo how SaaSDR addresses:

    - User and device visibility
    - Data exposure monitoring
    - Application data insights for risk assessment
    - Continuous security posture & compliance monitoring
IT Security Best Practices and Resources
Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.

Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: This Month in Vulnerabilities and Patches
  • Live at: Aug 12 2021 5:00 pm
  • Presented by: Eran Livne, Director, Product Mgmt and Anand Paturi, Principal Research Analyst, at Qualys.
  • From:
Your email has been sent.
or close