Name: Discover & Assess the Risk of Open-Source Software (OSS) Vulnerabilities
Start: 2023-11-29T17:00:00Z
End: 2023-11-29T17:00:33.000Z
Location: BrightTALK
Rating: 1

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, December 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, November 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 10, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, October 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, September 2024

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on August 15, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of July 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, July 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, August 2024

Patch management is a continually shifting target that requires IT and Security teams to align their priorities—a task easier said than done. Merely conducting scans and passing the information to another department, expecting them to take action, is untenable. Therefore, CISOs and CIOs need an actionable, risk-based approach to reduce the risk of exploitable vulnerabilities and prioritize their most critical assets within their digital environments.

Don't miss this unique opportunity to hear industry experts share their best advice on what IT and security leaders need to know to protect their entire IT environment from growing threats through effective patch management.

Key topics:
• Enhancing Federal Browser Security
• The ROI of Patch Management
• Aligning ITOps & Security Priorities
• When Patching Isn’t Enough

Join us at the next Cyber Risk Series to learn how to protect your entire IT environment from growing threats with effective patch management.

Cyber Risk Series: To Be, or Not To Be? Patch is the Question

83% of all web traffic today is API traffic due to growing cloud workloads supporting everything from process automation to app development. Furthermore, regulatory and compliance pressures are mounting, with GDPR violations leading to fines of up to 4% of annual global turnover as of 2023. Simply put, AppSec technology has not kept pace with the demands of business today. Not anymore.

On July 25th, Kunal Modasiya, Vice President of Product Management, joins Vertiv CISO, Mike Orosz to unveil how Qualys WAS is modernizing web app and API security with AI-powered scanning, comprehensive asset discovery & inventory, targeted risk-based remediation actions, deep learning-based web malware detection, LLM security and much more. Join this must-see event to learn how we’re doing this with WAS and API security. 

Join this live event to come away with:
1. What advances have been made to Qualys WAS for modern web app & API security 
2. How we’re leveraging AI-powered scanning and deep learning-based web malware detection 
3. New and improved integrations across popular CI/CD tools like Bamboo, Jenkins, Azure 
4. … and real use-cases from Qualys valued customer and Vertiv CISO - Mike Orosz 

Register Now!

Breaking the mold: Modern, AI-powered web app & API security with Qualys TruRisk

Many requirements for PCI DSS 4.0 went into effect in March 2024, with the balance going into effect by March 2025. Are you audit ready? There are 64 new requirements, including internal scanning verification, the ability to discover assets such as databases and middleware, and File Access Monitoring and Agentless Network Support as part of a File Integrity Monitoring (FIM) solution. These and many other critical capabilities are now required to prevent security breaches, audit failures, and litigation.

Join guest speaker Elie Abouzeid, AVP Information Security at DentaQuest and PCI Internal Security Assessor (ISA), along with technical experts from Qualys, for an informative webinar event on Tuesday, July 23, 9 AM PT as they discuss industry trends and new attack vectors, as well as why customers are switching to Qualys from other solutions. 

Here’s what you’ll learn:

• What the latest PCI changes are and how they impact security teams
• Why policy compliance is needed to discover misconfigurations and middleware
• What the new requirements are for internal versus external vulnerability scanning
• Why File Access Monitoring and agentless network support are required for PCI
• Why noise cancellation is needed to reduce false alerts and IT costs by 90%+
• Why file reputation and trust status are critical for FIM effectiveness
• Why web application scanning is required for several PCI requirements

PCI DSS 4.0: Are You Ready for the New Requirements?

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on July 11, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of June 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, June 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, July 2024

On July 1, 2024, the <a href="https://www.qualys.com/tru/" target="_blank">Qualys Threat Research Unit (TRU)</a> announced the discovery of a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems (CVE-2024-6387). This vulnerability enables remote code execution on OpenSSH's default configuration without authentication or user interaction, granting full root privileges and posing a significant security risk.

If exploited, it could lead to full system compromise where an attacker can take over systems, install malware, manipulate data, and create backdoors for persistent access. It could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

Given the risk presented by this vulnerability, our team is putting on a special presentation to unpack everything you need to know to combat it. Join Himanshu Kathpal and Saeed Abbasi on Wednesday, July 3, 2024, at 9:00 A.M PST to find out: 
- The full details of the vulnerability 
- The potential impact of regreSSHion 
- Step-by-step guidance to mitigate the risk
- Details on how Qualys can help

regreSSHion Vulnerability: Key Insights & Strategies to De-risk Your Environment

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on June 13, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of May 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, May 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, June 2024

The European Union’s revised Network and Information Security (NIS2) Directive is a comprehensive cybersecurity regulation aimed at bolstering the resilience of critical entities and essential services across the EU. As organizations grapple with the complexities of compliance, Qualys offers a suite of powerful cybersecurity solutions that can help streamline the process and ensure adherence to NIS2 requirements.

Join Simona Selmer, Governance, Risk & Compliance expert at NTT Data, and a compliance expert from Qualys for an informative webinar on Tuesday, June 11 at 9 AM GMT as they discuss the new NIS2 directive requirements. 

Here’s what you’ll learn:

• Overview of NIS2, what’s required, and which entities are affected
• Timing for implementation and consequences for compliance failures
• NIS2 reporting processes, timely submissions, and reporting guidelines
• Which compliance and security solutions are required to ensure compliance
• How Qualys solutions can help ensure you’re audit-ready

Achieving NIS2 Compliance with Qualys

With the news of yet another Chrome vulnerability—the third within one week—and potentially more to come, IT and security teams face the prospect of a very busy year. However, by utilizing Qualys Patch Management and its Zero-Touch Patching feature, these teams can transform the challenge of managing endless vulnerabilities into a seamless, automated process. 

Join Dan Gislason, SME Patch Management & Remediation, Saeed Abassi, Product Manager Vulnerability Research, and Eran Livne, Sr. Director of Product Management as they discuss: 

1. State-of-the-Art Research Overview: Detailed breakdowns of CVE-2024-5274, CVE-2024-4947, CVE-2024-4671, and CVE-2024-4761 plus how they impact your security posture.
2. Proactive Patching Strategies: What happens with these vulnerabilities, why they are zero-days, plus tips and tricks for mitigating the risks of future Chrome vulnerabilities. 
3. Zero-Touch Patching: Discover how to utilize Qualys Patch Management and its Zero-Touch Patching feature to automate and streamline your patching processes, ensuring vulnerabilities are addressed in under 3 hours. 
4. Enhanced Security Measures: Explore continuous vulnerability management strategies to align your IT operations with stringent security objectives. 

Don't miss this opportunity to transform your vulnerability management practices and ensure your organization stays one step ahead of cyber threats. 

Register now to secure your spot.

Google Chrome's Three Strikes: Fix Chrome Vulnerabilities in Under 3 Hours

Do you underscore your Written Information Security Plan (WISP) with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)? NIST just released version 2.0, the first major upgrade in a decade, that includes several new requirements. For example, a new GOVERN function requires a better understanding of assets and true risks. How will the new requirements impact security teams to avoid security breaches, audit failures, and litigation? 
 
Join security and compliance experts from USAA and Qualys for an informative webinar on Tuesday, May 29 at 8 AM PT as they discuss details about the new NIST CSF 2.0 requirements and how to avoid serious consequences. 

Here’s what you’ll learn: 

• How do NIST CSF 2.0 requirements differ from CSF 1.0? 
• What is the new GOVERN function and how does it impact security teams? 
• How can you avoid people mistakes that lead to 99% of cloud security breaches? 
• What are the four levels of CSF maturity, and how can you attain the top level? 
• How can you implement solutions to meet all requirements and lower costs?

How Will NIST CSF 2.0 Impact Security and IT Teams?

A recent cybersecurity report predicted that the cost of cybercrime would reach $9.5 trillion in 2024 and exceed $10.5 trillion in 2025. This statistic highlights the crucial need to integrate cybersecurity into ITSM practices. This webinar, designed for I&O leaders, underscores the critical need for strategic alignment between IT and security teams to optimize resilience and minimize security risks across organizations. 
 
Key Takeaways: 

• Strategic Integration: Learn how to proactively incorporate cybersecurity practices within ITSM to bolster your organization’s defense mechanisms against emerging threats. 
• Collaboration and Communication: Discover strategies to bridge the communication and collaboration gaps between IT and security teams, ensuring a unified approach towards common goals. 
• Resource Optimization: Understand how to effectively manage and allocate resources, including manpower and technological tools, to enhance your security posture without compromising operational efficiency. 
• Risk Management: Explore continuous vulnerability risk management strategies to align IT operations with stringent security objectives, making your systems robust and less prone to attacks. 
 
Who Should Attend: IT and security leaders, I&O professionals, risk management officers, and anyone interested in learning about integrating cybersecurity practices into ITSM frameworks to achieve superior organizational resilience. 
 
Join us on May 28th to transform your ITSM practices by integrating cutting-edge cybersecurity measures, ensuring your organization stays one step ahead of cyber threats.

Craft a Unified Cybersecurity and ITSM Strategy

Unknown assets are hiding throughout the modern attack surface, and too many cybersecurity teams rely on disparate scanners and point solutions to find them. One for external scans. One that relies on API-connectors. And a CMDB that’s constantly missing asset records.

Join us for the introduction of CyberSecurity Asset Management 3.0—the ultimate consolidation of asset discovery and cyber risk assessment. Kunal Modasiya (VP of Product Management at Qualys) will demonstrate the power of versatile discovery and risk assessment beyond vulnerabilities, including:

• Consolidating internal and external discovery to include EASM attribution, built-in passive sensing for unmanaged devices on the network, and 3rd-party connectors to compliment Qualys sensors
• Isolating external attack surface risks with patent pending scanning technology to reduce false positives up to 60%
• Prioritizing risk beyond vulnerabilities to include end-of-support (EoS) software, risky open ports, and missing security controls
• Transforming the CMDB from out-of-date to up-to-date by syncing all assets (including external and IoT) to streamline IT-Security workflow and reduce MTTR by half

Eliminate the risk from unknown assets in your organization. Register today!

Eliminate the Risk of Unknown Assets with CyberSecurity Asset Management 3.0

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on May 16, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of April 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, April 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, May 2024

De-risk your IaaS and SaaS environments with one prioritised view so you can fix what matters most. 

Cybercriminals have sophisticated and targeted attack methods with ransomware, supply chain attacks, and zero-day exploits. Security teams struggle to keep up with these evolving threats and have conveyed the need for a unified Cloud Native Application Protection Platform (CNAPP), to address the challenges in converging and prioritising threat indicators from diverse sources such as Vulnerabilities, Misconfigurations, Malware detections and other prominent stages of the cyber kill chain. 

Join our cloud security specialists to learn how you can gain complete visibility to your environment, including: 

• Cloud Risk Insights: Fine-tuned approach to gain actionable insights and focus on the imminent risk, and effectively narrowing down on the most exploitable systems
• Real time threat detection and response using a well-trained Deep Learning AI 
• Cloud Workload Protection with Agent & Agentless techniques to detect vulnerabilities for OS and open-source software
• Detect and Remediate Cloud Misconfiguration from Build to Runtime 
 
Empower your security team to measure, communicate, and help eliminate risk across your multi-cloud environments through a unified platform approach.

Connecting the Dots, Correlating Security Risks for Smarter Defense

Many organizations today run their businesses using proprietary or “First-Party” applications built on 80% open-source components to meet their unique needs. These applications have limited risk assessments performed against them, and even if they do, the lifecycle of these vulnerabilities (from discovery to prioritization to remediation) is rarely managed through a unified platform solution such as VMDR.

As a result, SecOps teams are either “blind” to this risk or do not measure it at all!

If potential security risks lurking unnoticed and unaddressed in custom, first-party applications are a concern to you, we invite you to the upcoming Qualys webinar. With this solution, Qualys unifies threat detection and remediation of both third and first-party applications/software to give expanded detection, and remediation capabilities for deep-embedded, open-source (OSS) in production like log4J, OpenSSL and more using the single powerful Cloud Agent.

Discover & Assess the Risk of Open-Source Software (OSS) Vulnerabilities

First-party software

Homegrown Software Risk

Custom Software

Custom Software risk

First-Party Software

Risk Management

Bespoke Software Risk

Tailor-Made Software

Custom Applications

Custom Application Risk

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Discover & Assess the Risk of Open-Source Software (OSS) Vulnerabilities

Presented by

About this talk

More from this channel