Name: RSA Follow-Up: Applied Prediction to Get Proactive About Security
Start: 2019-03-07T21:30:00Z
End: 2019-03-07T22:04:38.000Z
Location: BrightTALK
Rating: 3.67

Kenna is a pioneer and leader of a new category of IT security solutions that allows security and IT teams to efficiently focus on the vulnerabilities posing the greatest risk to their IT environments. We’ve experienced firsthand just how frustrating and challenging security can be – the struggles with being unable to keep up with the volume of scan data, having to settle for inadequate security due to budget constraints, picking a remediation list at random (and hoping for the best), and being unable to measure and report on your team's efforts to reduce your exposure to risk.

It’s that time of year, the time to reflect on the biggest surprises of 2019 and look forward to the new year. It's been a banner year for security professionals, CISOs and researchers— with important new technology, vulnerability, and threat trends emerging. Join Jonathan Cran and the Kenna research team for an hour to discuss what surprised us this year, what we expect to drive our efforts in 2020 and what you can do to prepare and get ahead of threats.

A 2019 Cybersecurity Retrospective and Trends to Watch in 2020

The increasing importance of AppSec in the Software Development Life Cycle (SDLC) has led to the emergence of a variety of application vulnerability detection methodologies like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), as well as bug bounty and penetration testing programs. But with this abundance of different tools, each with their own unique set of pros and cons comes the challenge of bringing all of this disparate information together so that effective and efficient risk prioritization decisions can be made.

This problem did not go unnoticed by the security industry, a market segment that Gartner calls Application Vulnerability Correlation (AVC) rapidly emerged and security vendors rushed to fill in the gap.

On their own AVC products and software, as a consolidated source of vulnerability data, provide tremendous value due to their central position in AppSec. Vendors have quickly realized this and this webinar will explain what AVC is, detail AVC best practices and explore the additional value that can be harnessed by AVC due to its unique position as a centralized repository of AppSec vulnerability information, features like: vulnerability prioritization, remediation system support, reporting, and flexible APIs.

Get More From Application Vulnerability Correlation

“It is with our deepest sorrow that we inform you of the death of our beloved budget line and one of our favorite buzzwords, DevSecOps. A small community memorial service will be held at RiRi’s Irish Pub following this talk. DevSecOps is survived by a strong and independent development shop closely aligned with business goals that DevSecOps attempted but never managed to fully understand.”

While the above is obviously hyperbole it is not far from what is actually happening in many development shops. 

Security groups were invited late to the DevOps movement, and more and more security teams are once again being excluded from these groups. In this webinar, Kenna Principal Security Engineer Jerry Gamblin will discuss why this is happening and what can be done to stop this trend moving forward by better aligning security goals with the business goals. 

Join Jerry to discover:
- Why DevSecOps dies when security is a constant foil, fails to understand the business, and doesn’t have traction within the rest of the organization 
- How to save DevSecOps by knowing and aligning security with the organization’s goals and concerns, such as profit generation and risk tolerance
- Whether DevSecOps is worth saving and what a world without DevSecOps might look like

The Death Of DevSecOps

The workforce shortage in cybersecurity is forcing organizations to find new ways to get more out of their limited resources. In this webinar, we posit that automating operations with machine learning is the only way to get more efficiency and output from your existing team, giving them time back for more strategic work. What questions machine learning can solve, how to measure the effects, and how to make sure your most precious resources (people) are working on what matters is essential. The webinar will cover:
 
- Why automation and machine learning are the solution to the workforce shortage
- Pointers on those places where you really shouldn’t automate 
- How you can make every member of your team more efficient 
- Which metrics matter most when designing machine learning systems 

Give your team back their time. Automating with machine learning is the solution.

Solving the Cybersecurity Workforce Shortage With Machine Learning

Ask ten different security professionals how to do vulnerability management, and you’ll likely get ten different answers. But if you ask several hundred, you start to see a trend: some organizations stand out from all the others. They’re not just closing vulns, they’re lowering risk. These are the top performers in vulnerability management. So what is it, exactly, that they do differently?

In the fourth volume of our “Prioritization to Prediction” research, Kenna Security and our research partner, the Cyentia Institute, provide the answers. Join Cyentia’s Ben Edwards Ph.D.,  and Kenna’s Ed Bellis for this insightful webinar where they’ll share the key contributing factors of top performing vulnerability management teams drawn from analyzing real-world data from hundreds of organizations.

Distinguishing Common Practices from Best Practices in Vulnerability Management

Using a data-first approach, we'll reveal which vulnerabilities are being exploited in the wild in 2019—digging into the trends behind them and providing insight for security practitioners. 

In this webinar, Kenna Security Head of Research Jonathan Cran will:
•    Dig into the current threat landscape with a focus on exploited vulnerabilities
•    Explore why these vulnerabilities are useful to attackers and look for trends
•    Showcase how Kenna's risk and prediction model helps you get ahead of these threats

Exploring the Most Exploited Vulnerabilities of 2019 (So Far)

The average enterprise has millions of vulnerabilities, with dozens of new ones discovered each day. With so much data coming in so fast, how can you gain an upper hand? Since only a relatively small number of vulnerabilities will ever be exploited, you need to understand how to prioritize which ones to fix first based on the level of risk they pose to your enterprise. Learn how in this webinar, where we’ll cover:
 
·How prioritizing vulnerabilities based on risk saves time and improves results
·The requirements for effective risk-based vulnerability management
·Insights and approaches to help you take control of your risk posture
·How using a predictive model for vulnerability management can help you maximize your efficiency
·And much more!
 
By taking a risk-based approach to vulnerability management, you can focus your limited resources on the vulnerabilities that matter most, to reduce the most risk throughout your enterprise.

Take a Risk-Based Approach to Vulnerability Management

As enterprises deepen their investment in public cloud and digital transformation, the rate of sensitive data flowing through their organizations continues to accelerate. This has left application security teams with many visibility and process challenges. 

Join industry veterans and application security experts Jonathan Cran, Head of Research at Kenna Security, and Tyler Shields, Vice President of Strategy and Business Development at Sonatype—as they provide insight into successful application security strategies, and tips that the best programs can use to get ahead.

This lively discussion will cover:

- The role of open source in modern product development
- Novel threats to enterprises involving open source
- How SecOps and DevOps differ when it comes to security visibility needs 
- How Software Composition Analysis (SCA) fits into modern AppSec programs 
- Novel techniques and tools that can be used to get ahead of the challenge
- And much more!

Successful Application Security Strategies

Why are some vulnerabilities exploited when so many aren’t? What are the characteristics of a vulnerability that make it more likely to be exploited than another? 

Join Michael Roytman, Chief Data Scientist at Kenna Security, and Jay Jacobs, Data Scientist from the Cyentia Institute, as they uncover the causes of vulnerability exploits.

Listen in as they continue their discussion from RSA on vulnerabilities, and their conclusions from an in-depth review of many different data sources including tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, and mailing lists and data feeds.

Understanding Why Vulnerabilities Are Exploited

Application security is an increasingly important, yet commonly misunderstood, IT topic. 

While security professionals agree that remediating application vulnerabilities is essential to maximizing the organization’s security posture, there is little agreement on how to effectively prioritize which vulnerabilities to remediate first. With a wide range of application security tools such as SAST, DAST, and RASP, which provide the most useful data? 

Join Jeremiah Grossman, CEO of application security firm Bit Discovery, and Jonathan Cran, Head of Research at Kenna Security, as they draw on their 35+ years of combined experience to discuss:

- The relative value of the various application security tools in the market
- Their insights on how best to built a modern application security program
- How to focus on the relatively few application vulnerabilities that pose the most risk
- How to avoid the 'noise' from the majority that don't require the attention of your limited resources

Register now.

Why All These Vulnerabilities Rarely Matter

Every year the cyber threat landscape is different than the year before as new technologies replace the old and new means of digital disruption replace those that came before.

2018 was anything but quiet with an uptick in cyber activity from major geopolitical actors, and vulnerabilities and techniques weaponized faster than ever. Despite fewer reported breaches in 2018, the cyber landscape continued to evolve rapidly. 

Join us for our next webinar: A Retrospective on Cybersecurity in 2018 and Trends to Watch in 2019; Kenna Security’s Jonathan Cran, Head of Research, and Jeff Aboud, Director of Product Marketing will dissect key data points to chart a path for how we must approach security challenges in 2019, as well as:

- Major threat trends in 2018
- Cybersecurity hype and lessons learned
- Predictions for the next wave of cybersecurity challenges in 2019

Take control of cyberthreats in 2019. Register now.

Cybersecurity Trends for 2019

Security teams need to make better, faster, data-driven decisions. They are in a constant struggle to outpace their adversaries who are sophisticated and often well-funded.

Jerry Gamblin has spent almost 20 years fighting cyberthreats at corporations and government agencies, and he’ll be joining us to discuss how to make the best possible decisions in managing cyber risk.

Join our next webinar: 3 Ways to Make Better Decisions When Managing Cyber Risk on Wednesday, November 14th at 10am PT. Jerry Gamblin, Principal Security Engineer at Kenna Security, and Jeff Aboud, Director of Product Marketing at Kenna Security, will have an informal discussion on:

·  Peer Benchmarking and how security leaders can use industry benchmarks to make more informed, data-driven decisions
·  Application Risk Scoring and its role in delivering more precise application risk metrics throughout the development lifecycle
·  At-a-Glance Visibility and how a centralized dashboard can enable security teams to quickly assess, prioritize, and close vulnerabilities

3 Ways to Make Better Decisions When Managing Cyber Risk

Does your security team spend most of their time and energy reacting to attacks already in progress? 

If you’re like many security teams, the answer to that question is, sadly, yes. It’s time to approach security in a whole new way. Rather than treating the symptoms, learn to proactively remediate the root of the problem—and even get ahead by automating ahead of the threat. 

Join us for our next webinar, “Proactive Security Management: Stop Treating the Symptoms,” on Tuesday, October 23, 2018 at 8:00am PT. Kenna Security’s Director of Product Marketing Jeff Aboud will walk us through why and how to go beyond just reacting to cyberthreats. 

In this webinar you’ll learn how to: 
Understand the Problem
Shift Your Focus
Work Smarter Not Harder
Predict the Future
 
Get ahead of cyberthreats. Register now.

Proactive Security Management: Stop Treating the Symptoms

Kenna Platform Demo: A Better Way to Report on Risk

To say that technology advances quickly is an understatement. With that growth has come a rapid increase in the sheer number of vulnerabilities threatening the security and well-being of organizations of every size and industry.

No one is immune to cyber threats, but when you lack the context required to prioritize what to remediate first, and it's impossible to remediate every single vulnerability, how do you even know where to start?

It’s time to get ahead of the cyber curve. 

Join Jonathan Cran, Head of Research at Kenna Security, and Rik Turner, Principal Analyst at Ovum, for our next webinar: Welcome to Next-Gen Vulnerability Management on Thursday, September 13 at 8:00am PT. We’ll cover:

- The pitfalls of traditional remediation approaches in an ever-evolving digital world
- A comparison of those approaches against a cutting-edge predictive model
- The role of AI and machine learning in reducing risk
- How prioritization and prediction can increase your security team’s efficiency and effectiveness

Welcome to the next generation of vulnerability management. Register now.

Welcome to Next-Gen Vulnerability Management Webinar | Kenna Security

Finding and prioritizing application vulnerabilities is an extremely time-consuming, manual process, and it’s one that is rarely undertaken comprehensively. It’s not that application security teams don’t know where risk lies—they do. Many simply lack the time, resources, or context to address those which pose the greatest risk.

The result? Oftentimes, the wrong vulnerabilities are fixed while the more dangerous ones are left unaddressed, forcing your team into reaction mode after the damage is already done.

Join us for our next webinar: “Stop Playing Catch-Up on Risk: How To Prioritize Application Vulnerabilities,” powered by the Kenna Application Risk Module.

In this webinar, you’ll learn:

- The challenges in identifying vulnerabilities at the application layer
- The requirements to better manage application risk
- What application security teams can do to improve their risk posture
- How the Kenna Application Risk Module can help you proactively manage your application risk

Enable security and DevOps teams, developers, and executives to team up to proactively remediate application risk. Join us and see the Kenna Security Application Risk Module in action to learn how you can take a risk-based approach to application security.

Stop Playing Catch-Up on Risk: How To Prioritize and Address App Vulnerabilities

With an average of 40 new vulnerabilities emerging every single day, to say that staying ahead of the latest threats is a challenge is an understatement.

Today, organizations are generating an unprecedented amount of data, and with that data, comes thousands, if not millions, of vulnerabilities. Unfortunately, it’s simply impossible for any organization to remediate every single one and ensure 100% coverage of its attack surface.

But that’s where the capability to predict exploits comes into play..

Join us and the Cyentia Institute for our next webinar: From Prioritization to Prediction: Analyzing Vulnerability Remediation Strategies. Fueled by the first-of-its kind research findings from Kenna Security and the Cyentia Institute, we’ll cover:

- The quantitative effectiveness between common remediation strategies and a cutting-edge predictive model
- A detailed review of the data sources available for building or improving decision models for vulnerability remediation
- A discussion of the vulnerability lifecycle and examination of the timelines and triggers surrounding key milestones
- Identification of the attributes of vulnerabilities that correlate with exploitation

Deliver efficiency in your people, tools, time, and dollars to address the threats that pose the greatest risk.  Register now.

From Prioritization to Prediction-Analyzing Vulnerability Remediation Strategies

We can predict the weather, but we still lack the necessary foresight into the cyber-attacks heading our way. And that can often put us in a place where we’re reacting to a threat after it has occurred.

So, how do you know if your company is a target? What data do you need to understand to help keep your company secure? And how can your company data, threat models and industry data help evaluate risk?

Join Ed Bellis, CTO and Co-Founder of Kenna Security, and and Wade Baker, Partner and Co-Founder of the Cyentia Institute as they continue their discussion from RSA on:
- key findings from their research on vulnerability management strategies
- improvement practitioners can implement into their own security programs
- the practical applications of new predictive models

Presented by
Ed Bellis, CTO and Co-Founder of Kenna Security
Wade Baker, Partner and Co-Founder of the Cyentia Institute

RSA Follow-Up: Applied Prediction to Get Proactive About Security

Cyber Attacks

Cyber Threats

Remediation

Risk Assessment

Risk Based Security

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

RSA Follow-Up: Applied Prediction to Get Proactive About Security

Presented by

About this talk

More from this channel