Name: Unpacking the CVEs in the FireEye Breach
Start: 2021-02-04T18:00:00Z
End: 2021-02-04T18:00:55.000Z
Location: BrightTALK
Rating: 4.5

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, December 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, November 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 10, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, October 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, September 2024

Many requirements for PCI DSS 4.0 went into effect in March 2024, with the balance going into effect by March 2025. Are you audit ready? There are 64 new requirements, including internal scanning verification, the ability to discover assets such as databases and middleware, and File Access Monitoring and Agentless Network Support as part of a File Integrity Monitoring (FIM) solution. These and many other critical capabilities are now required to prevent security breaches, audit failures, and litigation.

Join guest speaker Elie Abouzeid, AVP Information Security at DentaQuest and PCI Internal Security Assessor (ISA), along with technical experts from Qualys, for an informative webinar event on Tuesday, July 23, 9 AM PT as they discuss industry trends and new attack vectors, as well as why customers are switching to Qualys from other solutions. 

Here’s what you’ll learn:

• What the latest PCI changes are and how they impact security teams
• Why policy compliance is needed to discover misconfigurations and middleware
• What the new requirements are for internal versus external vulnerability scanning
• Why File Access Monitoring and agentless network support are required for PCI
• Why noise cancellation is needed to reduce false alerts and IT costs by 90%+
• Why file reputation and trust status are critical for FIM effectiveness
• Why web application scanning is required for several PCI requirements

PCI DSS 4.0: Are You Ready for the New Requirements?

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on August 15, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of July 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, July 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, August 2024

Patch management is a continually shifting target that requires IT and Security teams to align their priorities—a task easier said than done. Merely conducting scans and passing the information to another department, expecting them to take action, is untenable. Therefore, CISOs and CIOs need an actionable, risk-based approach to reduce the risk of exploitable vulnerabilities and prioritize their most critical assets within their digital environments.

Don't miss this unique opportunity to hear industry experts share their best advice on what IT and security leaders need to know to protect their entire IT environment from growing threats through effective patch management.

Key topics:
• Enhancing Federal Browser Security
• The ROI of Patch Management
• Aligning ITOps & Security Priorities
• When Patching Isn’t Enough

Join us at the next Cyber Risk Series to learn how to protect your entire IT environment from growing threats with effective patch management.

Cyber Risk Series: To Be, or Not To Be? Patch is the Question

83% of all web traffic today is API traffic due to growing cloud workloads supporting everything from process automation to app development. Furthermore, regulatory and compliance pressures are mounting, with GDPR violations leading to fines of up to 4% of annual global turnover as of 2023. Simply put, AppSec technology has not kept pace with the demands of business today. Not anymore.

On July 25th, Kunal Modasiya, Vice President of Product Management, joins us to unveil how Qualys WAS is modernizing web app and API security with AI-powered scanning, comprehensive asset discovery & inventory, targeted risk-based remediation actions, deep learning-based web malware detection, LLM security and much more. Join this must-see event to learn how we’re doing this with WAS and API security. 

Join this live event to come away with:
1. What advances have been made to Qualys WAS for modern web app & API security 
2. How we’re leveraging AI-powered scanning and deep learning-based web malware detection 
3. New and improved integrations across popular CI/CD tools like Bamboo, Jenkins, Azure 

Register Now!

Breaking the mold: Modern, AI-powered web app & API security with Qualys TruRisk

Qualys proudly announces Container Runtime Security 2.0, an advanced security solution for containerized environments. This release enhances visibility, real-time threat detection, and automated response, ensuring robust protection for dynamic container infrastructures. Key features include:

• Enhanced Visibility: Comprehensive insights into container behavior, including file, process, and network monitoring to detect malware download, malware launch, and malware spread, ensuring proactive threat detection and response.
• Real-Time Threat Detection: Machine learning-based threat identification and response, encompassing EDR-like capabilities customized for cloud-native workloads, with features for malware detection, secret detection, and cloud-native IDS capabilities.
• Automated Response: Immediate actions to mitigate threats, including isolating or shutting down compromised containers, removing malware, blocking malicious traffic, initiating forensic analysis, redeploying clean instances, live patching, and blocking harmful system calls.
• Compliance Assurance: Tools for adherence to industry standards such as GDPR, PCI DSS, HIPAA, NIST, FedRAMP, and SOC 2, ensuring simplified audits.
• Seamless Integration: Smooth integration with DevOps workflows and CI/CD pipelines, including Container Vulnerability Response integration with ServiceNow and Jira for streamlined incident management and issue tracking.

Container Runtime Security 2.0 empowers organizations to innovate securely, safeguarding their digital assets against evolving threats.

Join us July 18th to experience a significant advancement in container security, equipping businesses with essential tools for real-time protection and compliance.

AI-Powered Container Runtime Security: Strategies & Solutions for Modern Threats

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on July 11, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of June 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, June 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, July 2024

On July 1, 2024, the <a href="https://www.qualys.com/tru/" target="_blank">Qualys Threat Research Unit (TRU)</a> announced the discovery of a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems (CVE-2024-6387). This vulnerability enables remote code execution on OpenSSH's default configuration without authentication or user interaction, granting full root privileges and posing a significant security risk.

If exploited, it could lead to full system compromise where an attacker can take over systems, install malware, manipulate data, and create backdoors for persistent access. It could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

Given the risk presented by this vulnerability, our team is putting on a special presentation to unpack everything you need to know to combat it. Join Himanshu Kathpal and Saeed Abbasi on Wednesday, July 3, 2024, at 9:00 A.M PST to find out: 
- The full details of the vulnerability 
- The potential impact of regreSSHion 
- Step-by-step guidance to mitigate the risk
- Details on how Qualys can help

regreSSHion Vulnerability: Key Insights & Strategies to De-risk Your Environment

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on June 13, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of May 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, May 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, June 2024

The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with the complexities of compliance, Qualys offers a suite of powerful cybersecurity solutions that can help streamline the process and ensure adherence to NIS2 requirements.

Join Simona Selmer, Governance, Risk & Compliance expert at NTT Data, and a compliance expert from Qualys for an informative webinar on Tuesday, June 11 at 9 AM GMT as they discuss the new NIS2 directive requirements. 

Here’s what you’ll learn:

• Overview of NIS2, what’s required, and which entities are affected
• Timing for implementation and consequences for compliance failures
• NIS2 reporting processes, timely submissions, and reporting guidelines
• Which compliance and security solutions are required to ensure compliance
• How Qualys solutions can help ensure you’re audit-ready

Achieving NIS2 Compliance with Qualys

With the news of yet another Chrome vulnerability—the third within one week—and potentially more to come, IT and security teams face the prospect of a very busy year. However, by utilizing Qualys Patch Management and its Zero-Touch Patching feature, these teams can transform the challenge of managing endless vulnerabilities into a seamless, automated process. 

Join Dan Gislason, SME Patch Management & Remediation, Saeed Abassi, Product Manager Vulnerability Research, and Eran Livne, Sr. Director of Product Management as they discuss: 

1. State-of-the-Art Research Overview: Detailed breakdowns of CVE-2024-5274, CVE-2024-4947, CVE-2024-4671, and CVE-2024-4761 plus how they impact your security posture.
2. Proactive Patching Strategies: What happens with these vulnerabilities, why they are zero-days, plus tips and tricks for mitigating the risks of future Chrome vulnerabilities. 
3. Zero-Touch Patching: Discover how to utilize Qualys Patch Management and its Zero-Touch Patching feature to automate and streamline your patching processes, ensuring vulnerabilities are addressed in under 3 hours. 
4. Enhanced Security Measures: Explore continuous vulnerability management strategies to align your IT operations with stringent security objectives. 

Don't miss this opportunity to transform your vulnerability management practices and ensure your organization stays one step ahead of cyber threats. 

Register now to secure your spot.

Google Chrome's Three Strikes: Fix Chrome Vulnerabilities in Under 3 Hours

Do you underscore your Written Information Security Plan (WISP) with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)? NIST just released version 2.0, the first major upgrade in a decade, that includes several new requirements. For example, a new GOVERN function requires a better understanding of assets and true risks. How will the new requirements impact security teams to avoid security breaches, audit failures, and litigation? 
 
Join security and compliance experts from USAA and Qualys for an informative webinar on Tuesday, May 29 at 8 AM PT as they discuss details about the new NIST CSF 2.0 requirements and how to avoid serious consequences. 

Here’s what you’ll learn: 

• How do NIST CSF 2.0 requirements differ from CSF 1.0? 
• What is the new GOVERN function and how does it impact security teams? 
• How can you avoid people mistakes that lead to 99% of cloud security breaches? 
• What are the four levels of CSF maturity, and how can you attain the top level? 
• How can you implement solutions to meet all requirements and lower costs?

How Will NIST CSF 2.0 Impact Security and IT Teams?

A recent cybersecurity report predicted that the cost of cybercrime would reach $9.5 trillion in 2024 and exceed $10.5 trillion in 2025. This statistic highlights the crucial need to integrate cybersecurity into ITSM practices. This webinar, designed for I&O leaders, underscores the critical need for strategic alignment between IT and security teams to optimize resilience and minimize security risks across organizations. 
 
Key Takeaways: 

• Strategic Integration: Learn how to proactively incorporate cybersecurity practices within ITSM to bolster your organization’s defense mechanisms against emerging threats. 
• Collaboration and Communication: Discover strategies to bridge the communication and collaboration gaps between IT and security teams, ensuring a unified approach towards common goals. 
• Resource Optimization: Understand how to effectively manage and allocate resources, including manpower and technological tools, to enhance your security posture without compromising operational efficiency. 
• Risk Management: Explore continuous vulnerability risk management strategies to align IT operations with stringent security objectives, making your systems robust and less prone to attacks. 
 
Who Should Attend: IT and security leaders, I&O professionals, risk management officers, and anyone interested in learning about integrating cybersecurity practices into ITSM frameworks to achieve superior organizational resilience. 
 
Join us on May 28th to transform your ITSM practices by integrating cutting-edge cybersecurity measures, ensuring your organization stays one step ahead of cyber threats.

Craft a Unified Cybersecurity and ITSM Strategy

Unknown assets are hiding throughout the modern attack surface, and too many cybersecurity teams rely on disparate scanners and point solutions to find them. One for external scans. One that relies on API-connectors. And a CMDB that’s constantly missing asset records.

Join us for the introduction of CyberSecurity Asset Management 3.0—the ultimate consolidation of asset discovery and cyber risk assessment. Kunal Modasiya (VP of Product Management at Qualys) will demonstrate the power of versatile discovery and risk assessment beyond vulnerabilities, including:

• Consolidating internal and external discovery to include EASM attribution, built-in passive sensing for unmanaged devices on the network, and 3rd-party connectors to compliment Qualys sensors
• Isolating external attack surface risks with patent pending scanning technology to reduce false positives up to 60%
• Prioritizing risk beyond vulnerabilities to include end-of-support (EoS) software, risky open ports, and missing security controls
• Transforming the CMDB from out-of-date to up-to-date by syncing all assets (including external and IoT) to streamline IT-Security workflow and reduce MTTR by half

Eliminate the risk from unknown assets in your organization. Register today!

Eliminate the Risk of Unknown Assets with CyberSecurity Asset Management 3.0

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on May 16, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of April 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, April 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, May 2024

Understanding the behaviors and attributes of the CVEs leveraged by stolen FireEye Red Team assessment tools is key to both attack prevention and response. In this webinar, Qualys research and product experts will analyze the riskiest CVEs. We will share insights into the CVE behaviors to help operational security teams build defensive actions against the complex attack vectors involved, and we will walk through the threat attributes to help threat hunting teams take defensive actions against adversaries.

Finally, we will show how Qualys solutions can help you develop a plan to reduce exposure from these CVEs.

In this workshop, we will discuss :

- Key CVEs used by the FireEye Red Team assessment tools
- How Qualys VMDR and EDR help organizations identify vulnerable assets
- The Qualys patch management solution to remediate vulnerabilities
- How to isolate compromised systems based on indicators of compromise

Unpacking the CVEs in the FireEye Breach

Qualys

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Unpacking the CVEs in the FireEye Breach

Presented by

About this talk

More from this channel