How to Achieve 80% Reduction in Risk With Efficient Vulnerability Management

Jörgen Mellberg, Senior Technical Solution Specialist, Secunia
Are you facing problems with patching your business critical systems and fighting vulnerabilities? Cybercriminals are increasingly targeting corporate businesses and their entry points and exploiting these as a gateway to compromise critical business systems. It is therefore very challenging for Information Security departments to keep up-to-date with the latest software vulnerabilities.

Join Secunia’s Senior Technical Solution Specialist, Jörgen Mellberg to learn how Secunia’s powerful Vulnerability Intelligence and Patch Management solutions have helped corporate customers worldwide to keep up-to-date with the latest software vulnerabilities and optimise vulnerability and risk management frameworks.

Learn how you and your company can benefit from unique research and insights. For example, Secunia’s recent research revealed that non-Microsoft programs accounted for 78% of vulnerabilities in 2011. During the webinar you will also learn how Secunia can help you address the complex regulatory requirements and compliance which directly affect your daily business.

Jörgen Mellberg has over 15 years of experience within IT security and holds the (ISC)2 CISSP certification. Jörgen has broad experience of implementing Patch Management, Vulnerability Management and Compliance & Audit Strategies on Fortune 500 companies.
Jul 19 2012
34 mins
How to Achieve 80% Reduction in Risk With Efficient Vulnerability Management
Join us for this summit:
More from this community:

IT Security

Webinars and videos

  • Live 1 and recorded (4550)
  • Upcoming (139)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
Up Down
  • Understanding Software Vulnerabilities Recorded: Apr 8 2014 33 mins
    Thousands of vulnerabilities are disclosed every year, by vendors/researchers discovering software vulnerabilities for remediation and security, as well as by cybercriminals seeking vulnerabilities to sell or exploit.

    Relaying the right threat intelligence to the right stakeholders and initiating the right threat response is a challenging task for security professionals, more so now because enterprise environments have become complex hotbeds of new technologies, business models and ways of storing/sharing information.

    This webinar deconstructs software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.

    Key takeaways:

    - The impact of software vulnerabilities on organizations
    - The importance of vulnerability research for the overall security of individuals and organizations
    - The importance of trusted sources for vulnerability information
  • Dissecting the 2013 Vulnerability Landscape Recorded: Mar 20 2014 39 mins
    Every year Secunia releases a review of the vulnerability landscape, based on its vulnerability research and data from its Personal Software Inspector (PSI) user base.
    The data in this research helps security professionals around the globe make sense of the evolution of the threat landscape and the trends throughout the year.
    In this webinar, Secunia’s CTO, Morten Stengaard and Head of Research, Kasper Lindgaard, will interpret the data presented in the Secunia Vulnerability Review 2014 and answer questions. The review will be released on 26th February at 20:00 CET.
    Before 26th February, you can pre-register to receive a copy of the review as soon as it is released, at:

    Key takeaways:
    -The number of vulnerabilities and zero-days detected in 2013
    -The security state of browsers and PDF readers
    -How quick vendors are to respond to vulnerabilities
    -Which programs are more vulnerable
  • Neglecting the security aspect of patch management is just asking for trouble! Recorded: Mar 4 2014 47 mins
    In this webinar, we will look at how to integrate patch management into the vulnerability management lifecycle, to support organizations in developing processes that allow targeted remediation and mitigation of threats.
    In a previous presentation (see attachments), we examined how a well-known vulnerability in an application led to a security breach in the U.S. Department of Energy, with significant financial impacts.
    Many factors contributed to the extensive damage caused by the attack. But the bottom line spelled it out: If a patch management process properly integrated with a vulnerability management lifecycle approach had been in place in the Department of Energy, mitigation actions could have been implemented and, ultimately, the breach would not have occurred.
    It is precisely because we continue to disregard the fact that patch management is an important security control that we continue to see attacks exploiting well-known vulnerabilities.
    There are many reasons why patch management is neglected as a security tool:
    •Manually applying all patches to all applications on all machines and servers is not feasible.
    •Patch management is often perceived as the mechanics of packaging and deploying software updates.
    •The abundance of devices and the interconnectivity between organizations, partners and customers has increased the attack surface significantly. And not all devices can be managed centrally.
    •Most of the solutions for patch management that are available in the market only focus on delivering patch content and deployment capabilities.
    Sign up for this webinar on why and how to integrate patch management into the vulnerability management lifecycle.
    Key takeaways:
    -The reasons for improving your patch management process
    -Key considerations of a security approach to patch management
    -How to integrate patch management within the vulnerability management lifecycle
    -Examples of how to justify the investment in patch management technology
  • Custom Data Gathering and Use with ConfigMgr, Part 2 Recorded: Feb 18 2014 50 mins
    This Webinar is a follow-on session from part 1 presented at System Center Universe and will focus on advanced ways to gather use data within System Center Configuration Manager (ConfigMgr); it will build on the part 1 material including some advanced inventory techniques including the use and creation of data discovery records (DDRs). It will also tackles some of the common challenges and how to overcome them when gathering data from managed systems.
  • Icelandair on how to implement a complete patch management strategy Recorded: Feb 12 2014 39 mins
    Join this webinar to hear directly from Icelandair how the international airline took a more proactive approach to preventing cyber attacks.
    In this session, Icelandair will describe the IT security challenges the company faced and how security issues led to investigating solutions that addressed these issues.
    Learn about the security strategy and measures Icelandir have implemented to ensure a robust security platform – specifically in the area of vulnerability intelligence, patch management and patch deployment integration in a Microsoft environment, using System Center Configuration Manager and WSUS.

    Key take aways:

    - Learn from a real-life experience and related insights
    - Understand why it’s important to be proactive instead of reactive
    - 15 minute Q&A with Icelandair and Secunia security specialists
  • Autopsy of a Data Breach – Common Mistakes that Lead to Breaches Recorded: Feb 4 2014 47 mins
    In July 2013 the US Department of Energy suffered a breach caused by a known vulnerability in one of the applications used to store personal data from employees and their family members. A total of 104,000 records were exposed. Following the incident, the department investigated the chain of events that led to the breach.

    The case illustrates some of the common challenges that organizations face when attempting to maintain the security of their technology environments.

    The challenges include: fragmented infrastructures and heterogeneous environments; competing priorities between business units; unclear lines of responsibility and undocumented processes; lack of urgency and awareness over cyber security issues and the skills to assess risk; inadequate authority; and ineffective internal communication and coordination.

    The in-depth scrutiny of the causes and consequences of this breach gives us the opportunity to reflect upon the challenges we face within our own organization. A case such as this shows that, while basic security principles seem obvious and easy to implement – and many of us assume they are in place – reality can sometimes prove to be very different to theory and best practice recommendations.

    Join us, when we analyze the case and the data showing the importance of maintaining an overview and control over IT environments.

    Key takeaways:
    -Insights into the common challenges that organizations face when implementing an IT security strategy
    -Data on the cost and consequences of data breaches
    -Best practices for implementing a security baseline
    -The importance of vulnerability intelligence to support risk assessment
    -The importance of mitigating actions to avoid security breaches
    - Q&A session
  • Application Management with ConfigMgr in the Enterprise Recorded: Dec 17 2013 54 mins
    Intelligence is power. As part of our "We Speak Geek" Webinar series, Secunia partners with some of the most recognized System Center experts to present on topics that are informational and important to you.

    Join us on Tuesday, Dec 17th at 1:00pm CST for our next We Speak Geek Webinar. During this 45 minute presentation, systems management expert, Nash Pherson, will walk through application management best practices for Microsoft’s Configuration Manager (ConfigMgr) in the enterprise. He will discuss methods for making silent, supportable, clean, and complete application deployments for the Java Run Environment, and demonstrate how Secunia’s Corporate Software Inspector (CSI) simplifies this process and enables enterprises to keep applications up-to-date with ConfigMgr Software Update Management.
  • Is Your Organisation Aligned and Prepared for Today’s Cyber-Attacks? Recorded: Dec 3 2013 31 mins
    Join this webinar to learn about the latest trends in hacker prevention and emerging threats facing medium to large companies in the private and government sectors.

    We’re becoming more efficient, faster and better connected. This is great, but unfortunately, this also means that hackers are becoming more sophisticated.

    Cyber-attacks are increasing at an exceptional rate, the threat landscape has never been so fierce, and it is highly important to understand the attack surface. By moving more and more to the cloud, and BYOD becoming very common, do you have a constant and clear picture of what your own IT landscape looks like – and the vulnerabilities across your environment? Do you know what the attack vector is? Is your organization aligned and prepared for the emerging modern day threats?

    Key take-aways:

    - Learn about Advanced Threat Protection
    - Understand why it is important to be proactive instead of reactive
    - Learn how to reduce security risks by a proactive defence: Defend yourself pre-emptively before an attack happens
    - 15 minutes Q & A with a Secunia Solution Specialist!
  • The Cyber Threat Facing the Financial Sector Recorded: Nov 14 2013 23 mins
    Cybercrime is the second most commonly reported economic crime in the Financial Services sector, and vulnerabilities in software have been primarily responsible for some large-scale security breaches.

    Your financial institution is only one vulnerability away from being compromised. Corporate board members are also vulnerable to cyber-attacks, storing personal information on their home computers and personal mobile devices. This Webinar will address where the threats are coming from and outline an action plan for identifying, managing and remediating them.
  • Enterprise Application Security - What is Your Status? Recorded: Nov 12 2013 37 mins
    Join this webinar to learn about the latest trends in vulnerability threats facing large companies in the private and government sectors.

    Understanding the landscape and the attack surface of the most widely used applications and operating systems is a key component of a robust Application Security effort. Are you addressing this critical area of your security strategy? Do you have a constant and clear picture of what your own IT landscape looks like, and what the attack vector is, for example in regards to BYOD?

    Ask yourself: What is your status right now?

    We will also discuss a few highlights from a recent report written by NIST (National Institute of Standards and Technology), and look at select Secunia Country Reports on vulnerability exposure, based on data extracted from millions of users, across Europe and North America.

    Key take-aways:
    -Learn more about Software Inventory Management and Patch Implementation Verification
    -Understand why traditional anti-virus and a firewall alone is not enough
    -Learn how to reduce security risks by being proactive instead of reactive
    -How to explain to the Board why Application Security is a worthwhile investment
    -15 minutes Q & A with a Secunia Solution Specialist!
  • Unique 3rd party Patch Management plugin for Microsoft System Center 2012 Recorded: Nov 8 2013 49 mins
    This webinar is targeted towards System Integrators, Microsoft System Center Partners or other resellers with a System center focus.

    Secunia is Microsoft's first vulnerability Security Alliance partner and the Secunia Corporate Software Inspector (CSI) is the only approved patch management plugin to Microsoft System Center 2012.

    During this webinar we will demonstrate how our unique vulnerability and patch management software solution will enable you to implement a complete patch management solution for your customers covering both Microsoft and third-party programs.


    • Introduction to Secunia and software vulnerabilities
    • Why partner with Secunia?
    • Secunia CSI product overview
    • Integration between Microsoft System Center 2012 & Secunia CSI
    • Secunia's partnership with Microsoft
    • The Secunia Partner Program
  • Role Based Administration: Tips and Tricks Recorded: Oct 17 2013 52 mins
    Intelligence is power. As part of our "We Speak Geek" series, Secunia partners with some of the most recognized System Center experts to present on topics that are informational and important to you.

    Join us on Thursday, Oct 17th at 1:00pm CST. During this 45 minute Webinar, Microsoft MVP, Chris Nackers, will take you through the ins and outs of Role Based Administration in System Center Configuration Manager 2012. For example, do server administrators want to set up their own ConfigMgr environment? Attend this webinar to learn how to separate the server and desktops teams and keep the peace. We'll also cover some tips and tricks you won't want to miss!

    About Chris Nackers
    Chris Nackers is a Microsoft MVP for System Center Configuration Manager and owner of Nackers Consulting. He is an avid blogger and participates regularly in the deployment communities through forums and email distribution lists. Chris has spoken several times at MMS and frequently speaks at user groups around the country on anything related to MDT/ConfigMgr.
  • Vulnerability Intelligence: Bulletproof Your IT Security Infrastucture Recorded: Sep 11 2013 43 mins
    The consequences of a security breach can be wide-reaching and potentially devastating. Organizations of all sizes struggle to maintain patch levels, and are challenged with the lack of visibility of environments.

    In the context of vulnerability and patch management, big data comprises information on all disclosed vulnerabilities, the number of end users and applications, operating systems, network architecture, business processes and compliance requirements. The challenge is to analyse this data and achieve an accurate assessment of risk.
    We propose a vision that integrates vulnerability assessment and patch management to address the challenges of analysing big data and address the issues organizstions face when implementing a patch management process. We call this vision “Complete Patch Management”.

    This Secunia webinar presents and invites you to discuss this vision.
    Key take-aways:

    - Insight on the challenges of implementing a patch management strategy with focus on security

    - Best practices following the vision of “Complete Patch Management”

    - An insight on the application vulnerability landscape.

    - How to build the foundation to prevent the loss of intellectual property, productivity decline and lost revenue as a consequence of a cyber attack.
  • Sign up for the CSI 7.0 Global Launch Event on September 5th Recorded: Sep 5 2013 50 mins
    In September 2013 we launch the Secunia CSI 7.0! This launch event is a great occasion for us to share the news about our new solution with you. During the event you will hear the latest news from Secunia and learn about the CSI 7.0. You are also invited to ask questions to our key company stakeholders and solution specialists.

    Key take-aways:

    - Secunia CSI 7.0 gives you the when, the where, the what and the how…to patch!

    - CSI 7.0 Live product demo

    - Analyst View: Insight on Secunia’s position on the market.

    - Q&A session
  • The Antidote to the Patch Management Nightmare: Visibility and Prioritisation Recorded: Aug 14 2013 44 mins
    Within most organisations, patch management is commonly understood as patch deployment. However, deployment is only one area of a Patch Management Process. While most security specialists agree that patching is the foundation for a secure environment, the misunderstanding of the term builds a gap between security and operations, preventing a complete Patch Management approach.

    To close the gap, organisations need to understand their environment, the criticality of the data on their endpoints, correlate that information with reliable vulnerability intelligence and having the proper tools to support remediation.

    Join Secunia’s webinar and learn more about completing your Patch Management strategy by tomorrow’s standards!

    Key take-aways:
    • Learn why it is important to patch, what to patch and how to prioritise
    • Learn how to prevent the gap between security and operations
    • Get valuable insight from recent research and statistics on 3rd party applications
    • Understanding how to reduce risks by applying the optimal and complete patching strategy
  • Een Secunia webinar over de huidige grootste bedreiging: 3e partijen software Recorded: Jun 26 2013 28 mins
    Bent u zich ervan bewust dat de grootste bedreiging voor uw netwerk zich in 3de partijen software bevindt?

    Uw medewerkers brengen steeds vaker hun eigen apparaten mee om te werken binnen het bedrijf (het zogenaamde BYOD), met inbegrip van alle 3de partijen software (non-Microsoft). Beschermt u al uw IT-systemen voor de risico's die deze trend met zich meebrengt?

    Momenteel bevinden 87 % van alle kwetsbaarheden zich in 3de partijen software en bij de meeste inbreuken wordt gebruik gemaakt van bekende kwetsbaarheden als aanvalsvector. Aangezien softwarepatches beschikbaar zijn binnen 24 uur na bekendmaking, maakt het patchen van kwetsbaarheden in software een groot verschil. Het belangrijkste punt is te weten wat te patchen.

    Op 2 mei a.s. (14:00u) kunt u de kans grijpen om te zien hoe u zelf meer weerstand kan bieden aan de grootste bedreigingen van vandaag en waarom het van cruciaal belang is om verder te gaan dan alleen het patchen van Microsoft producten.

    U krijgt tevens toegang tot het Secunia Yearly Report 2013 dat een duidelijk inzicht geeft betreffende veiligheidstrends van het afgelopen jaar.

    Belangrijkste punten en ontdekkingen :

    •dat onderzoek aantoont dat 3de partijen software de belangrijkste bedreiging vormt in huidige netwerken.
    •hoe BYOD (Bring Your Own Device) de bedreiging kan verhogen
    •waarom de integratie van patch management met patch implementering de beveiliging verbetert
    •op welke manier u de 3de partijen applicatie veiligheidsrisico's kunt verminderen door middel van een optimale patching strategie
  • Secunia Webinar über die derzeit größte Bedrohung: Drittanbieter Software Recorded: May 14 2013 25 mins
    Ihre Angestellten bringen immer öfter ihre eigenen Geräte zur Arbeit und mit ihnen Drittanbieter Software (nicht Microsoft). Schützen Sie Ihre IT Systeme vor den Risiken dieses Trends?

    Heutzutage werden 87% aller Schwachstellen in Drittanbieter Software gefunden. Ein Großteil dieser Schwachstellen besteht aus bereits bekannten Sicherheitslücken, wie zum Beispiel dem Angriffsvektor. In 80% der Fälle stehen Patches bereits innerhalb von 24 Stunden nach der Entdeckung zur Verfügung, daher macht Patchen einen großen Unterschied. Die Kunst ist, zu wissen, was man patchen muß!

    Verpassen Sie nicht die Gelegenheit mehr über die derzeit größte Bedrohung - Drittanbieter Software - zu erfahren und warum es extrem wichtig ist mehr als nur Microsoft zu patchen. Erfahren Sie mehr über Statistiken und Sicherheitstrends aus dem Secunia Vulnerability Review 2013.

    Die wichtigsten Punkte im Überblick:

    * Erfahren Sie, dass Nachforschungen zeigen, warum Drittanbieter Software die größte Bedrohung für heutige Netzwerke sind.
    * Sehen Sie, wie BYOD (Bring Your Own Device = Bring Dein Eigenes Gerät) die Bedrohung vergrößern kann.
    * Finden Sie heraus, warum das Integrieren von Patch Management mit Patch Verteilung die Sicherheit erhöht.
    * Reduzieren Sie, das Sicherheitsrisiko von Drittanbieter Software durch den Einsatz der optimalen Patch Strategie.
  • Managing 3rd Party Updates with Microsoft's System Center Configuration Manager Recorded: May 13 2013 47 mins
    Whether you attended MMS 2013 or not, this is a must attend webinar! Get the chance to gain some of the knowledge from MMS 2013, as well as get your questions answered by Kent Agerlund from Coretech, a Microsoft Configuration Manager MVP.

    During this 45 minute webinar, Kent Agerlund will provide you with tips and tricks to solve the daily challenges around patching your environment with Microsoft and non-Microsoft updates. You will learn how to design and configure a software update solution that will be easy to manage, yet powerful enough to maintain your server and desktop environment. Lastly, he will go through how you can patch 3rd party applications in SCCM and his key learning's on how to manage common challenges in this area.

    About Kent Agerlund, Coretech
    Configuration Manager MVP. Microsoft Certified Trainer and Senior Consultant. Kent has been working with SMS since 1997 and as a trainer / consultant since 1992. In addition, he is Co-founder of System Center User Group Denmark in 2009.

    Certified MCITP: Enterprise Administrator, MCSA + Messaging, MCT and Technology Specialist in Configuration Manager, MDOP and Windows 2008 R2 and much more.

    Member of:
    Microsoft Denmark System Center Partner Expert Team , The Danish Technet Influencers program , System Center Influencers Program.
  • Vulnerability Management - Are You in a Blind Spot? Recorded: Apr 17 2013 48 mins
    Join this webinar to learn about the latest trends in vulnerability threats facing private and government organizations of all sizes.

    Understanding the attack surface and prevalence of the most widely used applications (and operating systems) is a key component of a robust vulnerability management effort. Are you addressing this critical area of your security strategy - or are you in a blind spot?

    Based on data extracted from millions of users, find out more about the vulnerability exposure from sample countries across Europe and North America.

    Key take-aways:
    - Country vulnerability findings you can use in your daily work and security practice
    - Gain insight into best practices on patch management and patch deployment
    - Understand why anti-virus and a firewall alone is not enough to protect endpoints
    - Obtain a copy of the latest Vulnerability Review - a global report
    - Learn how to reduce security risks by being more proactive instead of reactive
  • Covering the Largest Threat Today: 3rd Party Applications Recorded: Mar 13 2013 31 mins
    Your employees are bringing their own device, including all the 3rd party applications (non-Microsoft) on to work. Are you protecting your IT systems from the risks this trend represents?
    Today, 78% of all vulnerabilities are found in 3rd party apps, and most breaches use already known vulnerabilities as the attack vector. Because patches are available within 24 hours of disclosure, patching does make a difference. The trick is knowing what to patch!

    Join Secunia’s webinar on 13th March and learn more about covering the largest threat today: 3rd party applications by going beyond patching Microsoft only and why they are the largest threat to your network.

    Key take-aways:

    • Learn why research shows that 3rd party applications are the major threat in today’s networks

    • Understand how BYOD (Bring Your Own Device) can increase the threat even more

    • Find out why integrating patch management with patch deployment improves security

    • How to reduce 3rd application security risks by applying the optimal patching strategy
Take pre-emptive action against vulnerabilities and security breaches
Secunia is recognised industry-wide as a pioneer and global player within the IT security ecosystem, in the niche of Vulnerability Management. Our award-winning portfolio equips corporate and private customers worldwide with Vulnerability Intelligence, Vulnerability Assessment, and automated Patch Management tools to manage and control vulnerabilities across their networks and endpoints.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: How to Achieve 80% Reduction in Risk With Efficient Vulnerability Management
  • Live at: Jul 19 2012 9:00 am
  • Presented by: Jörgen Mellberg, Senior Technical Solution Specialist, Secunia
  • From:
Your email has been sent.
or close
You must be logged in to email this