Name: PCI DSS 4.0 Challenges and Cardnet's Experience
Start: 2023-12-13T14:39:00Z
End: 2023-12-13T14:39:28.000Z
Location: BrightTALK
Rating: 0

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Bridge the gap between traditional vulnerability management and true risk-based prioritization with Qualys TruRisk. Enable security teams to communicate the real impact of cyber risks, helping the business make informed, strategic decisions. Empower your teams to go beyond metrics like CVSS and CISA KEV, with actionable insights that clearly demonstrate risk levels in business terms.
 
Introducing the "Steps to TruRisk" Dashboard
The new "Steps to TruRisk" dashboard is a powerful tool that visually supports risk-based prioritization. It brings Qualys TruRisk insights to life, helping security teams illustrate the significance of threats, identify practice gaps, and allows teams to connect vulnerability data to business-critical assets for precise remediation.
 
Key Takeaways will include:
<li>Identify Real Threats: Prioritize high-impact vulnerabilities to enhance threat awareness beyond traditional metrics.</li>
<li>Target Remediation Efforts connect vulnerability management with Business Impact Analysis to focus on what matters most.</li>
<li>Improve Communication by translating risk insights into clear, business-aligned narratives for leadership and auditors.</li>
<li>A quick sneak peek into what's next for Qualys TruRisk with VMDR and ETM!</li>
 
Discover how VMDR with TruRisk drives risk-based prioritization, see the "Steps to TruRisk" dashboard in action, and learn practical steps for adopting a risk-aligned strategy. 
 
Don’t miss this opportunity to elevate your cybersecurity program and simplify risk-based management and remediation.

Register now!

Steps To TruRisk: Leveraging Qualys To Reduce Your Risk

Managing vulnerabilities shouldn’t feel like a juggling act. With the redesigned Qualys VMDR for ITSM integration with ServiceNow, we’ve made it easier than ever to bridge the gap between security and IT operations. Join us to see how this powerful update simplifies the vulnerability management process, aligns with ITIL best practices, and empowers your teams to stay ahead of risks.
 
In this session, you’ll explore how the latest Qualys Core and VMDR App redefines vulnerability management. Certified for Xanadu, Washington DC, and Vancouver, the app now aligns with ServiceNow guidelines, adopting ITSM-Incident Management tables for seamless ticket creation and grouping.
 
What You’ll Learn:
<ol><li>Streamline Your Workflow: Discover how automated incident creation helps you save time and eliminate manual reporting headaches.</li>
 <li>Prioritize with Precision: Learn how TruRisk attributes enable your teams to focus on what matters most for quicker, smarter remediation.</li>
 <li>Foster Better Collaboration: See how a shared platform for security and IT teams promotes teamwork and transparency.</li>
 <li>Automate Patching: Understand how Qualys Patch Management integrates with ServiceNow to kick off automated change requests and patch deployment jobs effortlessly.</li></ol>
Walk away with actionable insights to enhance your vulnerability management strategy and simplify your team’s daily operations.

Additional Resources:
<ul>
 <li><a href="https://store.servicenow.com/sn_appstore_store.do#!/store/application/dd3cef9c87a2f0107bb3a86e0ebb3529/2.0.1" target="_blank">ServiceNow Store - Qualys Core App</a></li>
 <li><a href="https://store.servicenow.com/sn_appstore_store.do#!/store/application/3bd20edd1b56fc10203dca22604bcb7c/3.0.1" target="_blank">ServiceNow Store - Qualys VMDR App</a></li>
</ul>

Redesigned Version of The Qualys VMDR For ITSM: ServiceNow Integration Simplified

Today's enterprises face complex regulatory compliance challenges. Many enterprises struggle to stay audit ready. They lack the tools necessary to maintain continuous compliance, to produce detailed reports, and to reduce compliance risk.

Relying solely on CIS Benchmark assessments leaves enterprises with significant manual effort to remediate and prove compliance. These challenges are driving many customers to make the change from Qualys Secure Configuration Analysis (SCA) to the full featured offerings of Qualys Policy Compliance. 


Join Qualys Product Manager Anu Kapil for a fireside chat and a demo of Qualys Policy Compliance. 

During this webinar you'll learn how Qualys Policy Compliance:

<li>Simplifies and Automates the Compliance auditing process</li>
<li>Enables Mandate Based Reports (PCI DSS, NIST, DISA, HIPAA, GDPR)</li>
<li>Maintains Audit Readiness With Auto Remediation</li>
<li>Monitors and Reports on Compliance Changes Over Time</li>
<li>Provides Advanced and Detailed Dashboards to improve Enterprise Compliance Visibility</li>

For more information about Qualys Policy Compliance ahead of this event, <a href="https://www.qualys.com/solutions/compliance/" target="_blank">please visit: https://www.qualys.com/solutions/compliance/</a>

Supercharge Compliance Beyond SCA With Policy Compliance

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of December 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, December 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar December 2024: This Month in Vulnerabilities and Patches

Understanding the intricacies of web application security is crucial in today's tech-driven markets. This webinar dives into the significance of securing production sites and complex business logics, which are pivotal for maintaining robust and secure online operations. From the vulnerabilities introduced in JavaScript code to the complexities of advanced business logics, attendees will gain a comprehensive view of the potential risks, and the innovative strategies needed to address them. A key focus will be on the integration of Qualys Web Application Scanning (WAS) into CI/CD pipelines. This shift-left approach ensures that vulnerabilities are identified and mitigated early in the development process, enhancing overall security posture. Join us to know how Qualys WAS can meticulously scan production environments, analyze JavaScript, and evaluate complex business logics to identify security weak points.

Securing Modern Applications in the Digital Age

As organizations adopt LLMs rapidly, security challenges arise, especially when development teams deploy these models without notifying security teams. Total AI enhances visibility, offers proactive scanning, and categorizes AI vulnerabilities, helping organizations secure their infrastructures and manage risks effectively. A demo showcases how users can manage AI assets and address vulnerabilities.

Navigating Security Challenges of Large Language Models with AI Asset Visibility and Model Scanning

The session provides actionable insights for organizations looking to implement robust security practices in their AI development practices while balancing innovation with risk mitigation. We explore integrating AI development and security lifecycles, offering a practical framework for risk management. We examine how secure development lifecycle (SDL) principles can be adapted for AI systems. The discussion covers distinct risk considerations from both AI model providers’ and consumers’ perspectives. We’ll analyze appropriate controls and risk mitigation strategies at different stages.

Risk Mitigation for AI with Secure Development Lifecycle

Emergent technologies like generative AI can sometimes take security professionals out of their comfort zone and challenge preconceived notions about what it means to secure a system or capability. The new challenges that come with securing AI have also forced us to revisit risk and resilience in a threat landscape that has quickly shifted into novel attack spaces.

Effectively managing enterprise cybersecurity risks has historically been facilitated by the adoption of robust risk management frameworks, tools, and processes that directly link risks to actions. For this talk, we will illustrate how the concepts that have traditionally afforded us the ability to mitigate and respond to risk through security are the same concepts we can apply to secure capabilities enabled by emergent technologies, including AI. Along the way, we will examine what it is that makes us uncomfortable with AI and discuss concrete steps to take that will make us more comfortable with deploying these capabilities confidently and securely.

Becoming More Comfortable with Risk-Informed Secure AI

The landscape of cybersecurity has undergone a profound shift as we embrace the potential of AI to revolutionize industries. In this talk, we delve into the critical imperatives for securing our digital ecosystems in the age of AI and explore the urgent need to transform these architectures to accommodate AI-driven workloads. From edge devices to cloud infrastructure, our systems must evolve to handle the demands of AI algorithms while also maintaining robust security. We’ll discuss NVIDIA’s significant role in fortifying cybersecurity, including NVIDIA Morpheus, digital fingerprinting, and behavior analytics.

Security in the Age of AI

As AI and large language models (LLMs) become integral to business operations, understanding their unique risks is critical. In this session, I’ll draw from my experience building production LLM systems at Exabeam, insights from my work with OWASP, and lessons from my award-winning O’Reilly book to uncover the vulnerabilities lurking in today’s generative AI. We’ll examine key security gaps and discuss actionable strategies to mitigate threats in an evolving landscape.

Steve Wilson
Chief Product Officer
Exabeam
OWASP Project Lead

Chatbots Breaking Bad Unmasking the Risks of LLMs

In a time when AI and LLMs are transforming both opportunities and threat landscapes, Sumedh will examine how CISOs and cybersecurity leaders can address the emerging complexities of AI security. Attendees will gain insights into risk-informed approaches that allow organizations to harness AI’s potential while safeguarding against evolving vulnerabilities.

Sumedh Thakar
President and CEO
Qualys

Redefining Risk and Resilience in a New Cyber Era

As AI and large language models (LLMs) rapidly transform industries, they also introduce new vulnerabilities that traditional cybersecurity methods can't fully address—data leaks, non-compliance, intellectual property theft, and more. In fact, 94% of IT leaders have allocated budgets to safeguard AI in 2024, and this number is expected to rise significantly as AI and LLM adoption continues. The modern attack surface has evolved, making AI and LLMs prime targets for cyberattacks.  

In this edition of the Cyber Risk Series, we’ll tackle the most pressing AI security challenges, explore the hidden risks in your AI and LLM workloads, and forecast the 2025 AI security landscape. This event will bring AI security to the forefront, empowering security leaders to defend against emerging threats. 

Key topics we’ll cover:
• Full AI & LLM Workload Discovery: How to uncover all your AI and LLM assets, including shadow models that may pose hidden risks. 
• AI Vulnerability Management: Strategies for detecting and mitigating risks like prompt injection, jailbreaks, and model theft. 
• Risk-Based Prioritization: How to focus on the most critical vulnerabilities in your AI infrastructure using risk-based frameworks. 
• Compliance & Legal Protection: Ensuring your AI models comply with data protection regulations like GDPR and CCPA to avoid penalties.

Don't miss the opportunity to learn from industry experts. Register now.

Cyber Risk Series: AI & LLM - How Secure are Your Generative Sheep?

Join us as we uncover the five Local Privilege Escalation (LPE) vulnerabilities recently discovered in the needrestart component of Ubuntu Server. These vulnerabilities, identified by Qualys (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-11003, and CVE-2024-10224), allow local attackers to gain root privileges and affect Debian, Ubuntu, and other Linux distributions.

Gain expert insights from Saeed Abbasi of Qualys' Threat Research Unit and Eran Livne, Senior Director of Endpoint Remediation at Qualys. Learn how to detect, manage, and mitigate these threats efficiently, even without immediate patching.

In this session, we will delve into the vulnerabilities and highlight proactive strategies to enhance your security posture and safeguard critical assets. Don’t miss this essential webinar for professionals aiming to stay ahead of evolving threats and strengthen their defenses.

Mitigating needrestart LPE Vulnerabilities: Strategies for Securing Ubuntu Servers

In today’s rapidly evolving cybersecurity landscape, maintaining the health of your Qualys deployments is more critical than ever. Issues such as duplicate asset entries, potential ghost hosts, and decommissioned devices get in the way. Ensuring clean and reliable asset data is paramount for robust security and compliance.
 
On November 21st , join Colton Pepper and Anthony Williams, VMDR Subject Matter Expert, as we unveil the latest updates to the Qualys Subscription Health Dashboard. This enhanced tool is designed not only to optimize your Vulnerability Management (VM) deployments but also streamlines operations across other Qualys capabilities, including Policy Compliance, File Integrity Monitoring, Endpoint Detection Response, general Cloud Agent tracking, and more!
 
Learn how these updates empower your teams to quickly identify and resolve issues that can hinder data cleanliness and operational efficiency in the Qualys Enterprise TruRisk Platform!
 
Join this live event to gain insights on:
1. The latest advancements in the Subscription Health Dashboard for optimizing your Qualys deployments across multiple modules.
2. How to quickly pinpoint and resolve issues like ghost hosts and duplicate entries to enhance data integrity.
3. Best practices for maintaining clean, reliable, and scalable asset data to ensure robust security and compliance across your Qualys Platform ecosystem.
 
Don’t miss this opportunity to elevate your Qualys deployment-game! Register now!

Updated Subscription Health Dashboard: Tracking Deployments and Ensuring Best Practices in Qualys

In today's fast-paced virtualized environments, tracking VMs and ESXi hosts in VMware can be a complex challenge. The lack of unified monitoring makes it difficult to achieve the visibility and control you need. With VMs constantly being created, moved, or deleted, maintaining an up-to-date inventory and managing risks feels like chasing a moving target. Add to this the distributed nature of VMware across multiple data centers, the complexities of snapshots and clones, and the interdependencies between ESXi hosts and VMs, and the task becomes even more daunting. 

Join Himanshu Kathpal, Senior Director of Product Management, and Siddharth Bhatia, Director of Product Management, for an exciting webinar where you'll discover how Qualys simplifies VMware ESXi management. Learn how Qualys automatically syncs all ESXi-managed assets, seamlessly integrates key business context, and eliminates the headaches of manual tracking so you can complete the risk assessment on them. Enhance your security by automatically detecting and scanning disconnected ESXi hosts through VMware Center.
 
Register and don't miss out on how you can effortlessly de-risk your VMware environment and ensure continuous protection with Qualys!

Eliminate Blind Spots and Automate Risk Detection for VMware ESXis with Qualys

As container adoption continues to surge, Gartner predicts that by 2028, over 95% of organizations will run containerized applications in production—a significant jump from under 50% in 2023. With this rapid growth comes an increase in security challenges; studies show that over 40% of container images contain vulnerabilities. Join us for this insightful webinar to discover how Qualys TotalCloud CNAPP delivers holistic Kubernetes security, integrating threat resilience and risk prioritization to meet the evolving needs of modern DevSecOps teams. 

In this session, explore how to build a comprehensive risk strategy that focuses on critical vulnerabilities, enhances threat resilience, and ensures robust protection for your Kubernetes environment. We’ll delve into automated, data-driven solutions that streamline risk management and bolster resilience throughout the container lifecycle. 

Key takeaways will include how to: 
<ul>
<li>Implement Optimized, Agentless Vulnerability Scanning  Discover how our advanced combination of registry sensor, cluster sensor, and admission controller enables thorough scanning without agents, focusing protection on your most valuable clusters. </li>
<li>Gain Comprehensive, Layered Risk Insights  Learn how to quantify and assess risk across every layer—clusters, namespaces, pods, and containers—providing actionable insights tailored to your business priorities.</li>
<li>Detect High-Risk Combinations  Understand how to identify complex risk scenarios, such as publicly exposed containers with elevated privileges accessing critical assets, so you can address these threats proactively.</li> 
<li>Adopt Proactive, Signatureless Threat Management  Experience proactive threat detection without traditional signatures, enabling rapid response to zero-day and emerging threats for enhanced resilience.</li></ul>

Holistic Container and Kubernetes Security: Integrating Threat Resilience and Risk Prioritization

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar November 2024: This Month in Vulnerabilities and Patches

Today, organizations face unprecedented risks across their attack surfaces, spanning code, applications, endpoints, and cloud environments. Security teams are overwhelmed by fragmented tools and alerts from 70+ systems, making it hard to prioritize risks that matter. Without a unified view, organizations struggle to justify cybersecurity investments and remain exposed to threats.

Join us on Wednesday, November 13, 2024, at 11 am PST, for our webinar where we will unveil Qualys Enterprise TruRisk Management (ETM)—the world’s first Risk Operations Center (ROC). Learn how ETM centralizes risk management with unified asset inventory management, risk signal aggregation, and response orchestration into a cohesive platform, providing real-time visibility across on-premises, hybrid, and cloud environments.

Key takeaways:

1. Explore the current issues and challenges of modern risk management
2. Learn about the Risk Operations Center (ROC) and discover why it is essential for a unified risk management
3. Get practical insights into operationalizing your ROC with Qualys ETM
4. See Qualys ETM in action with a step-by-step demo of the platform

Register now to learn more!

How to Build a Risk Operations Center (ROC) with Qualys Enterprise TruRisk Management (ETM)

The Platform Approach to PCI

Explore the Dynamic Landscape of PCI DSS 4.0

Four Common Trends in PCI DSS 4.0 Compliance

PCI DSS 4.0 Myths and Facts from the Assessor's Perspective

Compliance and the Cloud

Cyber Risk Series: PCI DSS 4.0

Understand from Cardnet how the Qualys suite of offerings can provide complete coverage for 97 percent of the PCI DSS 4.0 requirements, including vulnerability classification and software, as well as component patching under 6.3.1, 6.3.2, and 6.3.3.

PCI DSS 4.0 Challenges and Cardnet's Experience

PCI DSS

PCI Compliance

Cyber Risk Series

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

PCI DSS 4.0 Challenges and Cardnet's Experience

Presented by

About this talk

More from this channel