Name: Leveraging a Risk-Based Approach to Vulnerability Management
Start: 2019-02-27T21:30:00Z
End: 2019-02-27T22:12:30.000Z
Location: BrightTALK
Rating: 0

RiskSense®, Inc. provides full-spectrum vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness.
The company delivers a fully-informed picture of group, department, and organizational cybersecurity risk with our credit-like RiskSense Security Score (RS3). The RiskSense platform continuously correlates customer infrastructure with comprehensive internal and external vulnerability data, threat intelligence, human pen test findings, and business asset criticality to measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities to achieve security risk goals. For more information, visit www.risksense.com or follow us on Twitter at @RiskSense.

Learn how validated vulnerability information to prioritized remediation and validation can be accelerated to close the loop faster on security risk. We'll look at the complexities that stand in the way and how to address them through high-fidelity risk-based vulnerability management.

Closing the Loop Faster for Security Risk

Dry-Run2 Closing the Loop in Security Risk

A discussion on Risk-Based Application Security with RiskSense CEO & Co-Founder Srinivas Mukkamala. We’ll discuss how web applications have become a leading attack vector, the state of software security today and how application security tools are converging, and of course, how a risk-based approach to dealing with application security is the best and most cost-effective approach going forward.

Risk-Based Application Security – Getting It Right

Understanding the threat impact of your application vulnerabilities means you know what’s really important and what should be prioritized. Knowing what actions to take for both the applications and their infrastructure makes for a more compelling value proposition for organizations. Security postures improve, security debt reduced, and the entire process is transparently more cost-effective.

Taking the Lead with Cost-Effective Application Security

Stay informed on how your framework development of choice can elevate your threat exposure. We discuss:
- Compounding layers of vulnerabilities within common frameworks
- Vendors with the most weaponized vulnerabilities and the predictability over-time 
- Input validation rise to the top weaponized type of vulnerability

Internet-facing assets and applications are more important than ever to keep up to date.  RiskSense continues to deliver threat and vulnerability research to help enterprise organizations know their next move against cyber risk.

RiskSense Today: Understanding the Impact of Web and App Framework Vulnerability

The RiskSense Ransomware Assessment Program evaluates ransomware susceptibility to show you exactly where you have exposure. This webinar will give you a view of the RiskSense Ransomware Dashboard a key aspect of our new service. RiskSense performs expert ransomware-focused penetration testing and regular authenticated vulnerability scans, and correlates that data with rich threat intelligence to identify and prioritize the vulnerabilities that most need remediation. You’ll not only understand your current exposure to the vulnerabilities that enable ransomware attacks, but you’ll understand which preemptive actions are needed to block them.

Ransomware Ambush – Fighting Back

Time is a critical element in cybersecurity, listen to RiskSense CEO Srinivas Mukkamala talk about achieving 10x the capability within threat and vulnerability management:  

- Speed up the prep work, prioritization, and assignment with automation
- Focus analysts on cognitive work and reasoning to take action in a timely manner
- It’s the last-mile activities of patch and risk management that really make a difference

Take 15 minutes and listen to RiskSense Today: Elevating Vulnerability Management with Automation and Orchestration.

RiskSense Today: Elevating Vulnerability Management with Automation

Curious about Ransomware? Listen to this podcast featuring RiskSense CEO Srinivas Mukkamala as he talks about this epidemic. 
- Find out easy things you can do today to take action
- How the risk of business disruption is getting more attention than data breach risk
- Future prediction of legislative changes regarding ransomware disclosure.

Enjoy RiskSense Today: Ransomware in the Spotlight

RiskSense Today: Ransomware in the Spotlight

In this webinar, we’re joined by Morgan Reed, Chief Information Officer for the State of Arizona. Morgan’s extensive experience in both private enterprise and the public sector puts him in a unique position to help us understand and benefit from how cybersecurity risk is being measured and controlled at the State of Arizona. We’ll discuss relevant cybersecurity risk topics, including his environment, how he views and communicates cybersecurity risk, some frameworks, and how you can go about applying his experience to your own environment, regardless of sector or vertical industry.

Balancing Cybersecurity Risk for the State of Arizona

In most cases fraud, risk, and information security functions often only interact in the aftermath of a breach, and security and fraud point solutions typically remain isolated. With maturity in data pipelines, availability of shared data sets across risk, fraud, and information security, AI can be effectively used to detect anomalies and be predictive.

In this webinar, Dr. Srinivas Mukkamala, a recognized expert on AI and neural networks, will discuss how a risk-based approach can facilitate the convergence of cybersecurity and fraud.

Convergence of Cybersecurity and Fraud

Dr. Srinivas Mukkamala will share his views on the most dramatic security threats that will draw more attention in 2019. He will identify why new technologies will begin creating an even more porous and vulnerable IT infrastructure. Consider:

- AI might be your friend but it also powers your foes 
- Robotic Process Automation (RPA) another crack in your attack surface
- DevOps Automation tools as targets for administrative controls and chaos 
- API Keys becoming the keys to the kingdom

There is hope and Dr. Mukkamala will illustrate how organizations can have improved visibility, detection, remediation, and response when dealing with growing reliance on these technologies in 2019 and beyond.

Continuous & Adaptable Security Models will Prevail

You’ve gotten what you wished for. Cybersecurity and cyber risk are now board-level issues. Whatever barriers that once existed between business and security have disappeared, and your board is expecting a meaningful conversation on the topic. After all, board members can be held personally liable for business disruptions caused by security issues. Depending on how often these conversations occur, it’s probably safe to assume that the board has a) forgotten what you told them in the last meeting, and, b) wishes you framed your reporting in more of a business context, especially if they don’t have an IT or security background.

In this webinar, we’ll be chatting with Ed Amoroso, former CISO for AT&T and founder and CEO of TAG Cyber. Ed’s extensive experience interacting with board members and recent publications on the topic will serve as the backdrop for walking through a few of his favorite questions that board members should be asking you about cybersecurity risk, and how you can go about providing answers that matter.

Risk is a Board Game - Navigating Board Conversations on Cybersecurity Risk

Organizations “know” what they need to do. They scan, find piles of vulnerabilities, then rush to patch. But low and behold, they aren't sure that their patching efforts are improving their security posture, and with patch tickets accumulating at an alarming rate, they fall further and further behind. Why? What’s wrong?

Unfortunately, Security and IT teams often find themselves in this unenviable position. The good news is that there’s a movement afoot that can rescue them. In this session you will learn how a risk-based approach to vulnerability management reduces vulnerability fatigue while improving workflow efficiency and personnel productivity in a truly measurable way.

Getting Off the Threat & Vulnerability Management Treadmill

Today's security and IT teams are suffocating under an avalanche of security data. The sheer volume of the data, along with its multiple origins in siloed systems all but guarantee that it lacks context, meaning, and is difficult to make actionable.

Learn how RiskSense harnesses the vulnerability data you have, adds context with threat intel, and incorporates business asset criticality as well as pen test findings to tame your security data tsunami.

Taming the Security Data Tsunami

The key to effectively reducing the attack surface is remediating exactly the right vulnerability or weakness that will be used by the adversary. While the idea is simple enough, executing on it has proven to be one of the largest challenges facing enterprises.
 
The impact of this lack of visibility into the attacker journey is that vulnerability remediation strategies are likely unaligned, and therefore ineffective.
 
There’s no data that supports the hypothesis to align early weaponization to breaches, which makes it hard to know when it is the ideal time to fix the vulnerability or weakness.
 
Vulnerability prioritization and weaponization prediction must be fueled with data and domain expertise. Fixing thousands of vulnerabilities is not enough. We need to make sure we are fixing the right vulnerabilities, at the right time. In this talk we will cover:

• Quantitative and Qualitative: details on RiskSense threat dataset and data sources that allows us to uniquely separate “signal” from “noise”.
• Unprecedented visibility into attack validation data: from over 10+ years, this enables us to reconstruct the complete attacker journey and understand time-based patterns.
• Insights into Vulnerability life cycle: weaponization and breach latency. This will allow us to determine no engagement vs. engagement from a remediation standpoint.
• Attributes and variables: used for Machine Learning to predict Weaponization and Breach Susceptibility

This presentation will be given by Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense. RiskSense’s team was the first to predict WannaCry and has since released Koadic Post Exploitation Command & Control.

Predictive Intelligence: Vulnerability Weaponization and Exploitation

With all the news about cyberattacks, it’s easy to feel like there aren’t enough people to cover all of the security bases. This means proper identification and management of threats and vulnerabilities is an absolute necessity to keep risk at its lowest levels.

Join David Monahan, managing research director at leading IT analyst firm Enterprise Management Associates (EMA), and John Dasher of RiskSense, to learn why a threat and vulnerability management solution is a must have for your security portfolio.

During this webinar you will learn:
- How threat and vulnerability management solutions with prioritization improve security operations efficiency
- How to use a threat and vulnerability management and prioritization solution to garner greater support for security and improve security operations and business management alignment
- The top 10 criteria you need to consider when selecting a solution
- How to maintain a risk-based security management program

Top 10 Tips for Selecting a Threat and Vulnerability Management Solution

How do you handle risk assessment and vulnerability management for IoT when multiple security patterns need assessment? There is a new frontier for security that requires breaking conventional control and mitigation assumptions before a Frankenmonster rises from your IoT project.

In this webinar, RiskSense CEO and Co-Founder Dr. Srinivas Mukkamala will discuss:

- The assessment of chaining together multiple vulnerabilities and the potential exploit path through flexible and fractured design components for IoT.
- Consideration for dynamically changing devices and utilization models that break traditional security and risk assessments.
- IoT risk and the growing need to incorporate threat data, unintentional device use-cases, and the mechanisms to keep constant control of the devices themselves.

Piecing Together IoT Risk from Flexible & Fractured Design Components

Hear from security industry expert from Ovum on moving from silos to collaboration across security and IT teams. For years organizations have leveraged traditional Key Performance Indicators (KPIs) to define success in their Vulnerability Management programs. Unfortunately, this often pitts the security team, who drives the assignment of work, against the overloaded operations team, who performs the work, against one another. The transition to a risk-based approach offers many benefits including more effective communications, a shared understanding of priorities, and a unified sense of purpose. These benefits enable security and operations teams to truly work together to improve the effectiveness of your Vulnerability Management program.

Leveraging a Risk-Based Approach to Vulnerability Management

Vulnerability Management

Security

Operations

RiskSense

KPIs

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Leveraging a Risk-Based Approach to Vulnerability Management

Presented by

About this talk

More from this channel