Name: Cyber Risk Series: Navigating the Broken CMDB
Start: 2024-05-08T16:00:00Z
End: 2024-05-08T16:02:41.000Z
Location: BrightTALK
Rating: 4.8

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, December 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, November 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 10, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, October 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, September 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on August 15, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of July 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, July 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, August 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on July 11, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of June 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, June 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, July 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on June 13, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of May 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, May 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, June 2024

Do you underscore your Written Information Security Plan (WISP) with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)? NIST just released version 2.0, the first major upgrade in a decade, that includes several new requirements. For example, a new GOVERN function requires a better understanding of assets and true risks. How will the new requirements impact security teams to avoid security breaches, audit failures, and litigation? 
 
Join security and compliance experts from USAA and Qualys for an informative webinar on Tuesday, May 29 at 8 AM PT as they discuss details about the new NIST CSF 2.0 requirements and how to avoid serious consequences. 

Here’s what you’ll learn: 

• How do NIST CSF 2.0 requirements differ from CSF 1.0? 
• What is the new GOVERN function and how does it impact security teams? 
• How can you avoid people mistakes that lead to 99% of cloud security breaches? 
• What are the four levels of CSF maturity, and how can you attain the top level? 
• How can you implement solutions to meet all requirements and lower costs?

How Will NIST CSF 2.0 Impact Security and IT Teams?

A recent cybersecurity report predicted that the cost of cybercrime would reach $9.5 trillion in 2024 and exceed $10.5 trillion in 2025. This statistic highlights the crucial need to integrate cybersecurity into ITSM practices. This webinar, designed for I&O leaders, underscores the critical need for strategic alignment between IT and security teams to optimize resilience and minimize security risks across organizations. 
 
Key Takeaways: 

• Strategic Integration: Learn how to proactively incorporate cybersecurity practices within ITSM to bolster your organization’s defense mechanisms against emerging threats. 
• Collaboration and Communication: Discover strategies to bridge the communication and collaboration gaps between IT and security teams, ensuring a unified approach towards common goals. 
• Resource Optimization: Understand how to effectively manage and allocate resources, including manpower and technological tools, to enhance your security posture without compromising operational efficiency. 
• Risk Management: Explore continuous vulnerability risk management strategies to align IT operations with stringent security objectives, making your systems robust and less prone to attacks. 
 
Who Should Attend: IT and security leaders, I&O professionals, risk management officers, and anyone interested in learning about integrating cybersecurity practices into ITSM frameworks to achieve superior organizational resilience. 
 
Join us on May 28th to transform your ITSM practices by integrating cutting-edge cybersecurity measures, ensuring your organization stays one step ahead of cyber threats.

Craft a Unified Cybersecurity and ITSM Strategy

Unknown assets are hiding throughout the modern attack surface, and too many cybersecurity teams rely on disparate scanners and point solutions to find them. One for external scans. One that relies on API-connectors. And a CMDB that’s constantly missing asset records.

Join us for the introduction of CyberSecurity Asset Management 3.0—the ultimate consolidation of asset discovery and cyber risk assessment. Kunal Modasiya (VP of Product Management at Qualys) will demonstrate the power of versatile discovery and risk assessment beyond vulnerabilities, including:

• Consolidating internal and external discovery to include EASM attribution, built-in passive sensing for unmanaged devices on the network, and 3rd-party connectors to compliment Qualys sensors
• Isolating external attack surface risks with patent pending scanning technology to reduce false positives up to 60%
• Prioritizing risk beyond vulnerabilities to include end-of-support (EoS) software, risky open ports, and missing security controls
• Transforming the CMDB from out-of-date to up-to-date by syncing all assets (including external and IoT) to streamline IT-Security workflow and reduce MTTR by half

Eliminate the risk from unknown assets in your organization. Register today!

Eliminate the Risk of Unknown Assets with CyberSecurity Asset Management 3.0

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on May 16, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of April 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, April 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, May 2024

De-risk your IaaS and SaaS environments with one prioritised view so you can fix what matters most. 

Cybercriminals have sophisticated and targeted attack methods with ransomware, supply chain attacks, and zero-day exploits. Security teams struggle to keep up with these evolving threats and have conveyed the need for a unified Cloud Native Application Protection Platform (CNAPP), to address the challenges in converging and prioritising threat indicators from diverse sources such as Vulnerabilities, Misconfigurations, Malware detections and other prominent stages of the cyber kill chain. 

Join our cloud security specialists to learn how you can gain complete visibility to your environment, including: 

• Cloud Risk Insights: Fine-tuned approach to gain actionable insights and focus on the imminent risk, and effectively narrowing down on the most exploitable systems
• Real time threat detection and response using a well-trained Deep Learning AI 
• Cloud Workload Protection with Agent & Agentless techniques to detect vulnerabilities for OS and open-source software
• Detect and Remediate Cloud Misconfiguration from Build to Runtime 
 
Empower your security team to measure, communicate, and help eliminate risk across your multi-cloud environments through a unified platform approach.

Connecting the Dots, Correlating Security Risks for Smarter Defense

Kunal Modasiya and Mike Orosz, CISO of Vertiv, will close out the Cyber Risk Series with a discussion on how Vertiv bridges the IT-security gap and the importance of a complete asset inventory.

Fireside Chat: Bridging the IT/Security Gap

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right?

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization
Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time
Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities

Then this includes a second session called: The Step-by-Step Guide to Turbocharging Your CMDB

You know there are blind spots in the CMDB, and it keeps you awake at night.

Are you missing external assets? What about the IoT/OT devices or BYOD on our network at any given time?

Even if your SecOps team finds those assets and discovers critical risk, your IT team has no records in the CMDB. While your team wastes precious time aligning on where to focus, the window is open for attackers.

Join us to see exactly how to locate these missing cyber assets and add them to the CMDB with comprehensive, real time risk assessment. When security teams identify cyber risk, IT teams will work from the same asset inventory and set of data to take remediation action immediately.

Pablo Quiroga, Senior Director of Product Management at Qualys will demonstrate real-world scenarios of cyber risk response using a bi-directional sync between the Enterprise TruRisk Platform and the CMDB to measure, communicate, and eliminate risk across IT and Security workflows.

The Ultimate Cyber Defense Partnership Qualys and Your CMDB

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

An always-up-to-date inventory in the CMDB
Automated ticket assignment for critical remediation tickets
Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades
Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

Beatrice Sirchis

Fast Track SLAs when Cyber Risk Meets CMDB

In the modern enterprise, the CMDB is vital yet fraught with challenges. This fireside chat explores the CMDB’s pivotal role in asset management and cybersecurity. It will cover key IT and Security challenges such as:

Creating executive buy-in for addressing the impact of flawed CMDB on incident response and compliance.
Strategies for immediate assessment, data cleansing, and proactive risk mitigation.
The impact of disruptions caused by organizations neglecting CMDB data quality.
Join Shira Rubinoff, renowned cybersecurity advisor, global keynote speaker and influencer for a riveting discussion with Bindu Sundaresan, Director, AT&T Cybersecurity on the challenges of effectively managing the CMDB. Bindu brings extensive leadership and experience spanning over 20 years working with some of the world’s most innovative companies and industry frameworks, including NIST/ISO/HITRUST, regulatory requirements including PCI, NERC, and HIPAA.

Attendees will gain practical insights for CMDB optimization, including integration with IT management systems. Practitioners will learn to chart a path for effective CMDB utilization, bolstering security and operational resilience in today’s digital landscape.

Bindu Sundaresan
Director
AT&T Cybersecurity

Shira Rubinoff
President
Cybersphere

A Fireside Chat Unlocking the Power of CMDB – Enhancing Cybersecurity Posture

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

OpenEoX - Revolutionizing Product Lifecycle Transparency for Cybersecurity

Cyber Risk Series: Navigating the Broken CMDB

Unlock CMDB’s hidden potential for cybersecurity

Traditionally viewed as an IT operations tool, the CMDB has long been associated with tasks like tracking hardware and software assets, managing configuration changes, and facilitating IT service management. However, its potential as a security asset often goes overlooked.

Don’t miss this unique opportunity to learn why the CMDB deserves a prime spot in your cybersecurity strategy. You’ll hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate beyond the traditional limitations of the CMDB.

Key topics:
- Beware Your EoL/EoS Tech Debt
- De-risking Your External Attack Surface
- Bringing ITOps & Security Together
- Asset Inventory Risk

Cyber Security

CMDB

Security as a Service

Attack Surface

Cyber Attacks

Attack Surface Management

CISO

Risk Based Security

Cyber Threats

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Cyber Risk Series: Navigating the Broken CMDB

Presented by

About this talk

More from this channel