Hi [[ session.user.profile.firstName ]]

How a Cybersecurity Executive Deals with Application Risk

Join Kenna Security for a discussion on how cybersecurity executives can benefit from taking a risk-based approach to application security – from aligning your teams around common goals to reduce the most risk, to metrics-based reporting to the board. Joe Silva, Vice President of Cybersecurity for TransUnion will provide real-world examples to explain how to overcome the unique challenges to application security to help you gain control over your application risk posture.

Joe encounters the same challenges that plague you – application security testing data with limited coverage of the application attack surface or riddled with false positives; manual application analysis that simply can’t scale; and security teams that know there is risk, but simply don’t have the time, expertise, or context to find and remediate the relatively small percentage that are high-risk. He also understands what it’s like to have a security team that must convince developers to deviate from their primary responsibility to remediate the vulnerabilities.
Recorded May 16 2018 33 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Joe Silva, Vice President of Cybersecurity for TransUnion
Presentation preview: How a Cybersecurity Executive Deals with Application Risk

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Distinguishing Common Practices from Best Practices in Vulnerability Management Aug 13 2019 5:00 pm UTC 60 mins
    Ed Bellis, CTO and Co-Founder of Kenna Security; Wade Baker, Partner and Co-Founder of the Cyentia Institute
    Ask ten different security professionals how to do vulnerability management, and you’ll likely get ten different answers. But if you ask several hundred, you start to see a trend: some organizations stand out from all the others. They’re not just closing vulns, they’re lowering risk. These are the top performers in vulnerability management. So what is it, exactly, that they do differently?

    In the fourth volume of our “Prioritization to Prediction” research, Kenna Security and our research partner, the Cyentia Institute, provide the answers. Join Cyentia’s Wade Baker and Kenna’s Ed Bellis for this insightful webinar where they’ll share the key contributing factors of top performing vulnerability management teams drawn from analyzing real-world data from hundreds of organizations.
  • Exploring the Most Exploited Vulnerabilities of 2019 (So Far) Jul 16 2019 6:00 pm UTC 60 mins
    Jonathan Cran, Kenna Security Head of Research
    Using a data-first approach, we'll reveal which vulnerabilities are being exploited in the wild in 2019—digging into the trends behind them and providing insight for security practitioners.

    In this webinar, Kenna Security Head of Research Jonathan Cran will:
    • Dig into the current threat landscape with a focus on exploited vulnerabilities
    • Explore why these vulnerabilities are useful to attackers and look for trends
    • Showcase how Kenna's risk and prediction model helps you get ahead of these threats
  • Take a Risk-Based Approach to Vulnerability Management Recorded: Jun 11 2019 44 mins
    Jeff Aboud, Kenna Security Director of Product Marketing
    The average enterprise has millions of vulnerabilities, with dozens of new ones discovered each day. With so much data coming in so fast, how can you gain an upper hand? Since only a relatively small number of vulnerabilities will ever be exploited, you need to understand how to prioritize which ones to fix first based on the level of risk they pose to your enterprise. Learn how in this webinar, where we’ll cover:

    ·How prioritizing vulnerabilities based on risk saves time and improves results
    ·The requirements for effective risk-based vulnerability management
    ·Insights and approaches to help you take control of your risk posture
    ·How using a predictive model for vulnerability management can help you maximize your efficiency
    ·And much more!

    By taking a risk-based approach to vulnerability management, you can focus your limited resources on the vulnerabilities that matter most, to reduce the most risk throughout your enterprise.
  • Successful Application Security Strategies Recorded: May 8 2019 56 mins
    Jonathan Cran, Head of Research at Kenna Security; Tyler Shields, VP of Strategy and Business Development, Sonatype
    As enterprises deepen their investment in public cloud and digital transformation, the rate of sensitive data flowing through their organizations continues to accelerate. This has left application security teams with many visibility and process challenges.

    Join industry veterans and application security experts Jonathan Cran, Head of Research at Kenna Security, and Tyler Shields, Vice President of Strategy and Business Development at Sonatype—as they provide insight into successful application security strategies, and tips that the best programs can use to get ahead.

    This lively discussion will cover:

    - The role of open source in modern product development
    - Novel threats to enterprises involving open source
    - How SecOps and DevOps differ when it comes to security visibility needs
    - How Software Composition Analysis (SCA) fits into modern AppSec programs
    - Novel techniques and tools that can be used to get ahead of the challenge
    - And much more!
  • Understanding Why Vulnerabilities Are Exploited Recorded: Apr 11 2019 54 mins
    Jay Jacobs, Data Scientist, Cyentia Institute; Michael Roytman, Chief Data Scientist, Kenna Security
    Why are some vulnerabilities exploited when so many aren’t? What are the characteristics of a vulnerability that make it more likely to be exploited than another?

    Join Michael Roytman, Chief Data Scientist at Kenna Security, and Jay Jacobs, Data Scientist from the Cyentia Institute, as they uncover the causes of vulnerability exploits.

    Listen in as they continue their discussion from RSA on vulnerabilities, and their conclusions from an in-depth review of many different data sources including tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, and mailing lists and data feeds.
  • RSA Follow-Up: Applied Prediction to Get Proactive About Security Recorded: Mar 7 2019 35 mins
    Ed Bellis, CTO and Co-Founder of Kenna Security; Wade Baker, Partner and Co-Founder of the Cyentia Institute
    We can predict the weather, but we still lack the necessary foresight into the cyber-attacks heading our way. And that can often put us in a place where we’re reacting to a threat after it has occurred.

    So, how do you know if your company is a target? What data do you need to understand to help keep your company secure? And how can your company data, threat models and industry data help evaluate risk?

    Join Ed Bellis, CTO and Co-Founder of Kenna Security, and and Wade Baker, Partner and Co-Founder of the Cyentia Institute as they continue their discussion from RSA on:
    - key findings from their research on vulnerability management strategies
    - improvement practitioners can implement into their own security programs
    - the practical applications of new predictive models

    Presented by
    Ed Bellis, CTO and Co-Founder of Kenna Security
    Wade Baker, Partner and Co-Founder of the Cyentia Institute
  • Why All These Vulnerabilities Rarely Matter Recorded: Feb 5 2019 58 mins
    Jeremiah Grossman, CEO of application security firm Bit Discovery; Jonathan Cran, Head of Research at Kenna Security
    Application security is an increasingly important, yet commonly misunderstood, IT topic.

    While security professionals agree that remediating application vulnerabilities is essential to maximizing the organization’s security posture, there is little agreement on how to effectively prioritize which vulnerabilities to remediate first. With a wide range of application security tools such as SAST, DAST, and RASP, which provide the most useful data? 

    Join Jeremiah Grossman, CEO of application security firm Bit Discovery, and Jonathan Cran, Head of Research at Kenna Security, as they draw on their 35+ years of combined experience to discuss:

    - The relative value of the various application security tools in the market
    - Their insights on how best to built a modern application security program
    - How to focus on the relatively few application vulnerabilities that pose the most risk
    - How to avoid the 'noise' from the majority that don't require the attention of your limited resources

    Register now.
  • Cybersecurity Trends for 2019 Recorded: Dec 12 2018 49 mins
    Jonathan Cran, Head of Research and Jeff Aboud, Director of Product Marketing, Kenna Security
    Every year the cyber threat landscape is different than the year before as new technologies replace the old and new means of digital disruption replace those that came before.

    2018 was anything but quiet with an uptick in cyber activity from major geopolitical actors, and vulnerabilities and techniques weaponized faster than ever. Despite fewer reported breaches in 2018, the cyber landscape continued to evolve rapidly.

    Join us for our next webinar: A Retrospective on Cybersecurity in 2018 and Trends to Watch in 2019; Kenna Security’s Jonathan Cran, Head of Research, and Jeff Aboud, Director of Product Marketing will dissect key data points to chart a path for how we must approach security challenges in 2019, as well as:

    - Major threat trends in 2018
    - Cybersecurity hype and lessons learned
    - Predictions for the next wave of cybersecurity challenges in 2019

    Take control of cyberthreats in 2019. Register now.
  • 3 Ways to Make Better Decisions When Managing Cyber Risk Recorded: Nov 14 2018 44 mins
    Jerry Gamblin, Principal Security Engineer, Kenna Security; Jeff Aboud, Director of Product Marketing, Kenna Security
    Security teams need to make better, faster, data-driven decisions. They are in a constant struggle to outpace their adversaries who are sophisticated and often well-funded.

    Jerry Gamblin has spent almost 20 years fighting cyberthreats at corporations and government agencies, and he’ll be joining us to discuss how to make the best possible decisions in managing cyber risk.

    Join our next webinar: 3 Ways to Make Better Decisions When Managing Cyber Risk on Wednesday, November 14th at 10am PT. Jerry Gamblin, Principal Security Engineer at Kenna Security, and Jeff Aboud, Director of Product Marketing at Kenna Security, will have an informal discussion on:

    · Peer Benchmarking and how security leaders can use industry benchmarks to make more informed, data-driven decisions
    · Application Risk Scoring and its role in delivering more precise application risk metrics throughout the development lifecycle
    · At-a-Glance Visibility and how a centralized dashboard can enable security teams to quickly assess, prioritize, and close vulnerabilities
  • Proactive Security Management: Stop Treating the Symptoms Recorded: Oct 23 2018 49 mins
    Jeff Aboud, Director of Product Marketing at Kenna Security
    Does your security team spend most of their time and energy reacting to attacks already in progress?

    If you’re like many security teams, the answer to that question is, sadly, yes. It’s time to approach security in a whole new way. Rather than treating the symptoms, learn to proactively remediate the root of the problem—and even get ahead by automating ahead of the threat.

    Join us for our next webinar, “Proactive Security Management: Stop Treating the Symptoms,” on Tuesday, October 23, 2018 at 8:00am PT. Kenna Security’s Director of Product Marketing Jeff Aboud will walk us through why and how to go beyond just reacting to cyberthreats.

    In this webinar you’ll learn how to:
    Understand the Problem
    Shift Your Focus
    Work Smarter Not Harder
    Predict the Future

    Get ahead of cyberthreats. Register now.
  • Kenna Platform Demo: A Better Way to Report on Risk Recorded: Sep 27 2018 33 mins
    Ed Bellis, CTO of Kenna Security
    Kenna Security Platform Demo
  • Welcome to Next-Gen Vulnerability Management Webinar | Kenna Security Recorded: Sep 13 2018 55 mins
    Jonathan Cran, Head of Research at Kenna Security, and Rik Turner, Principal Analyst at Ovum
    To say that technology advances quickly is an understatement. With that growth has come a rapid increase in the sheer number of vulnerabilities threatening the security and well-being of organizations of every size and industry.

    No one is immune to cyber threats, but when you lack the context required to prioritize what to remediate first, and it's impossible to remediate every single vulnerability, how do you even know where to start?

    It’s time to get ahead of the cyber curve.

    Join Jonathan Cran, Head of Research at Kenna Security, and Rik Turner, Principal Analyst at Ovum, for our next webinar: Welcome to Next-Gen Vulnerability Management on Thursday, September 13 at 8:00am PT. We’ll cover:

    - The pitfalls of traditional remediation approaches in an ever-evolving digital world
    - A comparison of those approaches against a cutting-edge predictive model
    - The role of AI and machine learning in reducing risk
    - How prioritization and prediction can increase your security team’s efficiency and effectiveness

    Welcome to the next generation of vulnerability management. Register now.
  • Stop Playing Catch-Up on Risk: How To Prioritize and Address App Vulnerabilities Recorded: Aug 21 2018 35 mins
    Ed Bellis, CTO of Kenna Security
    Finding and prioritizing application vulnerabilities is an extremely time-consuming, manual process, and it’s one that is rarely undertaken comprehensively. It’s not that application security teams don’t know where risk lies—they do. Many simply lack the time, resources, or context to address those which pose the greatest risk.

    The result? Oftentimes, the wrong vulnerabilities are fixed while the more dangerous ones are left unaddressed, forcing your team into reaction mode after the damage is already done.

    Join us for our next webinar: “Stop Playing Catch-Up on Risk: How To Prioritize Application Vulnerabilities,” powered by the Kenna Application Risk Module.

    In this webinar, you’ll learn:

    - The challenges in identifying vulnerabilities at the application layer
    - The requirements to better manage application risk
    - What application security teams can do to improve their risk posture
    - How the Kenna Application Risk Module can help you proactively manage your application risk

    Enable security and DevOps teams, developers, and executives to team up to proactively remediate application risk. Join us and see the Kenna Security Application Risk Module in action to learn how you can take a risk-based approach to application security.
  • From Prioritization to Prediction-Analyzing Vulnerability Remediation Strategies Recorded: Aug 14 2018 51 mins
    Wade Baker & Jay Jacobs Co-Founders & Partners, Cyentia Institute & Jonathan Cran, Head of Research, Kenna Security
    With an average of 40 new vulnerabilities emerging every single day, to say that staying ahead of the latest threats is a challenge is an understatement.

    Today, organizations are generating an unprecedented amount of data, and with that data, comes thousands, if not millions, of vulnerabilities. Unfortunately, it’s simply impossible for any organization to remediate every single one and ensure 100% coverage of its attack surface.

    But that’s where the capability to predict exploits comes into play..

    Join us and the Cyentia Institute for our next webinar: From Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies. Fueled by the first-of-its kind research findings from Kenna Security and the Cyentia Institute, we’ll cover:

    - The quantitative effectiveness between common remediation strategies and a cutting-edge predictive model
    - A detailed review of the data sources available for building or improving decision models for vulnerability remediation
    - A discussion of the vulnerability lifecycle and examination of the timelines and triggers surrounding key milestones
    - Identification of the attributes of vulnerabilities that correlate with exploitation

    Deliver efficiency in your people, tools, time, and dollars to address the threats that pose the greatest risk. Register now.
  • Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprises Recorded: Jul 31 2018 47 mins
    Jon Oltsik, Sr Principal Analyst at ESG & Karim Toubba, CEO of Kenna Security
    Cyber risk management is no easy task. Why? Because while security teams may know about these vulnerabilities, they often lack the right amount of context to determine which vulnerabilities pose the greatest risk to the organization. Without this, the security team can’t appropriately prioritize which vulnerabilities should be remediated first.

    Join Kenna Security for our next webinar - “Close the Gaps: Managing, Prioritizing, and Addressing Cyber Risk in Enterprise Organizations,” with Jon Oltsik, senior principal analyst at ESG and Karim Toubba, CEO of Kenna Security.

    In this webinar, we’ll cover:

    - Findings from the July 2017 ESG Research Report, Cybersecurity Analytics and Operations in Transition
    - The challenges facing leadership teams in traditional methods of vulnerability management
    - Why more security data doesn’t always lead to better decisions
    - How the Kenna Security Platform can enable you take a risk-based approach to vulnerability management and help teams work cross-functionally to prioritize and mitigate cyber risk

    Discover the next wave of risk-based reporting and gain operational efficiency to maximize return on your risk mitigation efforts.
  • Applying Data Science to Measure Your True Risk Recorded: Jul 19 2018 47 mins
    Michael Roytman, Chief Data Scientist at Kenna Security
    There’s a difference between threat data and threat intelligence, and while the former may give you a better understanding of malicious data sources, IPs, websites, and domains, what it fails to do is give you and your security team the context to remediate a threat. When CVEs are responsible for tens of millions of attacks, simply having threat data won’t cut it.

    When it comes to cybersecurity, knowledge is power. And as cyber criminals gain more sophisticated tactics, protecting yourself requires a more intelligent approach.
  • How a Cybersecurity Executive Deals with Application Risk Recorded: May 16 2018 33 mins
    Joe Silva, Vice President of Cybersecurity for TransUnion
    Join Kenna Security for a discussion on how cybersecurity executives can benefit from taking a risk-based approach to application security – from aligning your teams around common goals to reduce the most risk, to metrics-based reporting to the board. Joe Silva, Vice President of Cybersecurity for TransUnion will provide real-world examples to explain how to overcome the unique challenges to application security to help you gain control over your application risk posture.

    Joe encounters the same challenges that plague you – application security testing data with limited coverage of the application attack surface or riddled with false positives; manual application analysis that simply can’t scale; and security teams that know there is risk, but simply don’t have the time, expertise, or context to find and remediate the relatively small percentage that are high-risk. He also understands what it’s like to have a security team that must convince developers to deviate from their primary responsibility to remediate the vulnerabilities.
  • Reporting Risk Posture to the Board: Increase Confidence with Exploit Prediction Recorded: Apr 24 2018 45 mins
    Jonathan Cran, Head of Research & Jerry Gamblin, Principal Security Engineer, at Kenna Security
    Reporting your organization's risk posture to the board shouldn't be a scary annual or quarterly monologue, where you're on the hot seat; instead, it should be an ongoing opportunity for bilateral communication that helps drive your security strategy. Fully understanding their perspectives, priorities, and biases paves the way for valuable partnership between security executives and members of the board.

    Join Kenna Security's Jonathan Cran, Head of Research, Jerry Gamblin, Principal Security Engineer, and Jeff Aboud, Director of Product Marketing for a live webinar as they discuss:

    1. Define what "just enough security" means to your business
    - Understand the resources and roadmap for the business
    - Ensure team members understand and buy into the priorities
    - Understand how to partner with your business executives

    2. Prioritize based on bottom line impact
    - Know which systems drive business value
    - Partner with the business and the board to drive prioritization
    - Build a risk burndown or "time to green" plan

    3. Report risk and manage incidents with the C-level and board
    - Define regular communication with your board
    - Partner cross-functionally with legal teams
    - Manage crisis communication and how to avoid going "end-of-the-world"
  • Kenna Platform Demo - A Better Way to Report on Risk Recorded: Mar 28 2018 31 mins
    Security Engineer, Brian Orr, Security Consultant, Gabe Howden
    Are you implementing Qualys, Rapid7, Nessus, or another network scanner and still struggling to prioritize your most critical vulnerabilities? Are you searching for a simple, single view of your organization's exposure to risk that you can share across security and IT ops teams and up to the CISO and the Board of Directors?

    Join Security Engineer, Brian Orr and Security Consultant, Gabe Howden as they take you through the Kenna Security Platform and our risk-based approach so you can learn how to take control and reduce your risk.

    The demo will cover:

    - How Kenna Security's algorithm works to correlate scan data with real-world exploit intelligence
    - The Kenna Security Risk Meter and tips for customizing dashboards and reporting for any IT environment
    - Best practices for viewing, tracking, and reporting on your risk posture across all levels of your organization
  • A New Way of Predicting Exploitability - Kenna Security with Exploit Prediction Recorded: Mar 21 2018 41 mins
    Ed Bellis, CTO, Co-Founder, Michael Roytman, Chief Data Scientist
    Do you think security is overdue for actionable forecasts rather than security dogma? Are you a security leader tired of worrying about the next vulnerability with a logo and a web site? If we can forecast the weather, we can use similar models to foresee which vulnerabilities attackers are likely to weaponize.

    Join Kenna Security's Michael Roytman, Chief Data Scientist and Ed Bellis, CTO, Co-Founder and ex-CISO at Orbitz for a live webinar where they will debut Kenna Security's new Exploit Prediction, the industry's first vulnerability exploit prediction capability, a significant breakthrough for security professionals looking to develop a more mature proactive approach to vulnerability management.

    In this webinar cover:

    "How Kenna Exploit Prediction has delivered 94 percent predictive accuracy
    "How to adopt a proactive approach to contextualize, prioritize and remediate vulnerabilities, based on risk
    "How the Kenna Security Platform with Exploit Predictions can help align security, IT operations, and executive management with a single view of risk
    "A demonstration of the Kenna Security platform with the new Exploit Prediction capabilities
Know Your Risk
Kenna is a pioneer and leader of a new category of IT security solutions that allows security and IT teams to efficiently focus on the vulnerabilities posing the greatest risk to their IT environments. We’ve experienced firsthand just how frustrating and challenging security can be – the struggles with being unable to keep up with the volume of scan data, having to settle for inadequate security due to budget constraints, picking a remediation list at random (and hoping for the best), and being unable to measure and report on your team's efforts to reduce your exposure to risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How a Cybersecurity Executive Deals with Application Risk
  • Live at: May 16 2018 3:00 pm
  • Presented by: Joe Silva, Vice President of Cybersecurity for TransUnion
  • From:
Your email has been sent.
or close