Name: regreSSHion Vulnerability: Key Insights & Strategies to De-risk Your Environment
Start: 2024-07-03T16:00:00Z
End: 2024-07-03T16:00:57.000Z
Location: BrightTALK
Rating: 4.6

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar December 2024: This Month in Vulnerabilities and Patches

As AI and large language models (LLMs) rapidly transform industries, they also introduce new vulnerabilities that traditional cybersecurity methods can't fully address—data leaks, non-compliance, intellectual property theft, and more. In fact, 94% of IT leaders have allocated budgets to safeguard AI in 2024, and this number is expected to rise significantly as AI and LLM adoption continues. The modern attack surface has evolved, making AI and LLMs prime targets for cyberattacks.  

In this edition of the Cyber Risk Series, we’ll tackle the most pressing AI security challenges, explore the hidden risks in your AI and LLM workloads, and forecast the 2025 AI security landscape. This event will bring AI security to the forefront, empowering security leaders to defend against emerging threats. 

Key topics we’ll cover:
• Full AI & LLM Workload Discovery: How to uncover all your AI and LLM assets, including shadow models that may pose hidden risks. 
• AI Vulnerability Management: Strategies for detecting and mitigating risks like prompt injection, jailbreaks, and model theft. 
• Risk-Based Prioritization: How to focus on the most critical vulnerabilities in your AI infrastructure using risk-based frameworks. 
• Compliance & Legal Protection: Ensuring your AI models comply with data protection regulations like GDPR and CCPA to avoid penalties.

Don't miss the opportunity to learn from industry experts. Register now.

Cyber Risk Series: AI & LLM - How Secure are Your Generative Sheep?

In today’s rapidly evolving cybersecurity landscape, maintaining the health of your Qualys deployments is more critical than ever. Issues such as duplicate asset entries, potential ghost hosts, and decommissioned devices get in the way. Ensuring clean and reliable asset data is paramount for robust security and compliance.
 
On November 21st , join Colton Pepper and Anthony Williams, VMDR Subject Matter Expert, as we unveil the latest updates to the Qualys Subscription Health Dashboard. This enhanced tool is designed not only to optimize your Vulnerability Management (VM) deployments but also streamlines operations across other Qualys capabilities, including Policy Compliance, File Integrity Monitoring, Endpoint Detection Response, general Cloud Agent tracking, and more!
 
Learn how these updates empower your teams to quickly identify and resolve issues that can hinder data cleanliness and operational efficiency in the Qualys Enterprise TruRisk Platform!
 
Join this live event to gain insights on:
1. The latest advancements in the Subscription Health Dashboard for optimizing your Qualys deployments across multiple modules.
2. How to quickly pinpoint and resolve issues like ghost hosts and duplicate entries to enhance data integrity.
3. Best practices for maintaining clean, reliable, and scalable asset data to ensure robust security and compliance across your Qualys Platform ecosystem.
 
Don’t miss this opportunity to elevate your Qualys deployment-game! Register now!

Updated Subscription Health Dashboard: Tracking Deployments and Ensuring Best Practices in Qualys

In today's fast-paced virtualized environments, tracking VMs and ESXi hosts in VMware can be a complex challenge. The lack of unified monitoring makes it difficult to achieve the visibility and control you need. With VMs constantly being created, moved, or deleted, maintaining an up-to-date inventory and managing risks feels like chasing a moving target. Add to this the distributed nature of VMware across multiple data centers, the complexities of snapshots and clones, and the interdependencies between ESXi hosts and VMs, and the task becomes even more daunting. 

Join Himanshu Kathpal, Senior Director of Product Management, and Siddharth Bhatia, Director of Product Management, for an exciting webinar where you'll discover how Qualys simplifies VMware ESXi management. Learn how Qualys automatically syncs all ESXi-managed assets, seamlessly integrates key business context, and eliminates the headaches of manual tracking so you can complete the risk assessment on them. Enhance your security by automatically detecting and scanning disconnected ESXi hosts through VMware Center.
 
Register and don't miss out on how you can effortlessly de-risk your VMware environment and ensure continuous protection with Qualys!

Eliminate Blind Spots and Automate Risk Detection for VMware ESXis with Qualys

As container adoption continues to surge, Gartner predicts that by 2028, over 95% of organizations will run containerized applications in production—a significant jump from under 50% in 2023. With this rapid growth comes an increase in security challenges; studies show that over 40% of container images contain vulnerabilities. Join us for this insightful webinar to discover how Qualys TotalCloud CNAPP delivers holistic Kubernetes security, integrating threat resilience and risk prioritization to meet the evolving needs of modern DevSecOps teams. 

In this session, explore how to build a comprehensive risk strategy that focuses on critical vulnerabilities, enhances threat resilience, and ensures robust protection for your Kubernetes environment. We’ll delve into automated, data-driven solutions that streamline risk management and bolster resilience throughout the container lifecycle. 

Key takeaways will include how to: 
<ul>
<li>Implement Optimized, Agentless Vulnerability Scanning  Discover how our advanced combination of registry sensor, cluster sensor, and admission controller enables thorough scanning without agents, focusing protection on your most valuable clusters. </li>
<li>Gain Comprehensive, Layered Risk Insights  Learn how to quantify and assess risk across every layer—clusters, namespaces, pods, and containers—providing actionable insights tailored to your business priorities.</li>
<li>Detect High-Risk Combinations  Understand how to identify complex risk scenarios, such as publicly exposed containers with elevated privileges accessing critical assets, so you can address these threats proactively.</li> 
<li>Adopt Proactive, Signatureless Threat Management  Experience proactive threat detection without traditional signatures, enabling rapid response to zero-day and emerging threats for enhanced resilience.</li></ul>

Holistic Container and Kubernetes Security: Integrating Threat Resilience and Risk Prioritization

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 14, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar November 2024: This Month in Vulnerabilities and Patches

Today, organizations face unprecedented risks across their attack surfaces, spanning code, applications, endpoints, and cloud environments. Security teams are overwhelmed by fragmented tools and alerts from 70+ systems, making it hard to prioritize risks that matter. Without a unified view, organizations struggle to justify cybersecurity investments and remain exposed to threats.

Join us on Wednesday, November 13, 2024, at 11 am PST, for our webinar where we will unveil Qualys Enterprise TruRisk Management (ETM)—the world’s first Risk Operations Center (ROC). Learn how ETM centralizes risk management with unified asset inventory management, risk signal aggregation, and response orchestration into a cohesive platform, providing real-time visibility across on-premises, hybrid, and cloud environments.

Key takeaways:

1. Explore the current issues and challenges of modern risk management
2. Learn about the Risk Operations Center (ROC) and discover why it is essential for a unified risk management
3. Get practical insights into operationalizing your ROC with Qualys ETM
4. See Qualys ETM in action with a step-by-step demo of the platform

Register now to learn more!

How to Build a Risk Operations Center (ROC) with Qualys Enterprise TruRisk Management (ETM)

Traditional patching isn’t always feasible, especially with complex vulnerabilities. This webinar introduces advanced approaches to vulnerability management, including “patchless patching,” balancing security and operational needs. Explore how a comprehensive, ROI-driven strategy can transform your organization’s cyber resilience.

In this session, you’ll learn how to:
<ul>
<li>Build a Cyber-Resilient Culture:
Foster a security-first culture through IT-Security collaboration to enable effective vulnerability management and strengthen resilience.</li>
<li>Maximize ROI with Qualys TruRisk Eliminate:
See how Qualys optimizes patch management through automation, prioritization, and efficiency to drive ROI.</li>
<li>Explore the Future of Patch Management:
Discover “Patchless Patching” techniques to manage critical vulnerabilities when patching poses high operational risks, along with strategies for handling vulnerabilities that remain open longer than anticipated.</li>
<li>Implement Proactive Patch Management Essentials: 
<ul>
<li>Risk-Based Prioritization</li>
<li>Automation and Seamless Integration</li>
<li>Continuous Monitoring</li></ul>
<li>Showcase the ROI of Risk Mitigation: 
Learn how proactive strategies reduce downtime, cut remediation costs, and enhance overall security.</li></ul>
By the end of this session, you’ll have actionable strategies to bolster cybersecurity, streamline operations, and drive a clear return on your vulnerability management investments.

Beyond Patch Management - Exploring Patchless Patching for All Vulnerabilities

This webinar explores the adoption of public cloud services worldwide and the recent increased investments in Middle-East and Africa. With this adoption comes the need to protect an organization's assets in the clouds, and ensure the transition is safe and secure with minimal business disruption. In the public cloud there is a shared responsibility model with the cloud service provider responsible for basic infrastructure security and the organizations responsible for broader issues. We then describe common challenges organization face moving to cloud, the potential threats that lead to breaches and what you can do about it.

Examples discussed: 
1. Storage exposed to internet
2. Asset that has a critical KEV vulnerability exposed to the internet
3. Un-encrypted EBS volumes
4. Malware in containers
5. Exposed secrets in containers
6. Brute forced SSH attacks
7. C2 communications
8. Overprovisioned virtual machines with vulnerabilities and public access

Securing Your Digital Transformation To The Cloud

In the 2023 Qualys TruRisk Report, the Qualys Threat Research Unit revealed that adversaries are weaponizing vulnerabilities 11.5 days than the average organization can apply the necessary patches. A Mandiant report published at the end of 2023 evaluated time-to-exploit trends from 2021-2022. That report revealed that 62% of Vulnerabilities are exploited as zero day vulnerabilities, and the number of vulnerabilities continue to increase while the time to exploit continues to decrease.

CISA BOD-22-01 took major steps towards helping organizations prioritize risk remediation by mandating the discovery and remediation of Known Exploitable Vulnerabilities (KEV) within 2 weeks of being added to the CISA KEV database. As reflected in the last 12 months of FISMA OIG reports, many Federal organizations continue to struggle with risk prioritization and remediation, and several are finding meeting KEV remediation deadlines to be a challenge.

Vulnerability remediation plays a critical role in helping organizations reduce risk and improve cyber security resilience, yet it’s an area where nearly 85% of Agencies continue to struggle.

Join Qualys, for: Accelerating Patch Remediation and Meeting BOD-22-01 webinar where we will discuss:

<ul><li>Breaking down Vulnerability Discover and Remediation Siloes</li>
<li>How to Leverage Automation to Reduce High Risk Vulnerabilities</li>
<li>In-depth coverage for KEV discovery and Remediation Tracking</li>
<li>Building Successful workflows for patch management</li>
<li>What to do when patching isn't an option</li></ul>

Accelerating Patch Remediation and Meeting BOD-22-01

As AI technologies become deeply embedded in our digital infrastructures, they also become prime targets for sophisticated cyber threats. Recognizing the urgent need for specialized security measures, Qualys is excited to introduce TotalAI, a comprehensive security solution designed specifically for the complexities of Generative AI and LLMs.

Join us on Thursday, October 17, 2024 at 11 am PST for our webinar where we will unveil Qualys TotalAI for comprehensive protection for AI-driven applications and infrastructures. This session will cover the intricate landscape of AI threats, the specific vulnerabilities of LLMs and AI-Infrastructure, and how TotalAI addresses these challenges with a live demonstration.

Key Highlights:

- Explore the unique challenges associated with AI technologies and the potential risks they pose. 
- Learn about the features and capabilities of Qualys TotalAI and how it stands out from conventional security solutions. 
- See how TotalAI tackles your real-world AI security challenges in a live demonstration. 
- Engage with our experts to ask questions and discuss how TotalAI can be tailored to meet the specific needs of your organization. 

This webinar is essential for CISOs, IT security professionals, compliance officers, and anyone involved in managing and securing AI infrastructures. Whether your organization is already using AI technologies or planning to implement them, understanding the security measures necessary to protect these innovations is crucial.

Securing Generative AI and LLMs with Qualys TotalAI

Join us on October 23, 2024 at 11 AM PST as we discuss the evolving landscape of web application security, moving beyond the foundational OWASP Top 10 to explore advanced defensive strategies tailored for the complex threat environment of 2024. As we consolidate all web app and API risk findings into Qualys Web Application Scanning (WAS), you will gain a robust understanding of how a unified platform can be leveraged to detect and mitigate emerging vulnerabilities.

Join us to stay ahead in a dynamically changing threat landscape, providing actionable insights that go beyond conventional wisdom. 

Register now

Beyond the Top 10: Advanced Security Strategies for Web Applications & APIs

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 10, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, October 2024

There are several crucial developments in the cybersecurity landscape in 2024, including a significant rise in reported CVEs and the need for advanced defensive strategies. This webinar will highlight emerging risks and provide insights into the best practices and strategies for effectively addressing them.

Key highlights include:

• 10 Exploited Vulnerabilities You Should Be Tracking in 2024
• A 30% increase in CVEs from 2023 underscores a growing security imperative.
• Analysis of the 204 vulnerabilities that have been weaponized Examination of vulnerabilities that exploit public-facing applications and utilize remote services for network breaches.

Learn how cutting-edge security solutions can help you stay ahead of emerging risks. Equip yourself with the knowledge to fortify your defences against the dynamic threats of today's digital environment. [SA1] [CM2] [CM3]

Exploited CVE Insights: Navigating the Storm of New Threats

For nearly 20 years, Federal agencies have been attempting to quantify, prioritize and respond to vulnerabilities and misconfigurations using largely the same set of core technologies. These technologies have consistently led to inconsistent FISMA configuration management findings for many Agencies, commonly resulting in deficiencies in timely vulnerability detection and remediation, due to slow scanning architectures and siloed processes. FISMA M-24-04 introduces additional requirements, beyond traditional IT, to identify and quantify risk associated with IoT and Operational technologies.

The Qualys TruRisk Platform brings a fresh perspective to helping organizations achieve FISMA compliance. By integrating attack surface management, continuous vulnerability discovery, and integrated remediation customers are able to more effectively facilitate compliance with Federal outcomes, and to lay the foundation for Zero Trust.

Join Qualys public sector experts as we discuss Federal directives and mandates, challenges and strategies for achieving compliance outcomes. You’ll learn:
<ul>
<li>How to achieve comprehensive asset visibility across your entire attack surface, including IT, IoT, OT, and external assets.</li>
<li>Strategies for risk-based vulnerability management and prioritizing remediation efforts to protect your High Value Assets (HVAs).</li>
<li>Best practices for implementing continuous monitoring and automation to stay ahead of emerging threats and maintain a robust security posture. </li>
<li>Ways to support Zero Trust Architecture principles and establish granular access controls to minimize the risk of unauthorized access and data breaches.</li>
</ul>
Don't miss this opportunity to gain valuable insights and practical guidance on aligning your cybersecurity program with the latest directives and better securing your organization's attack surface.

Improving FISMA Outcomes with Qualys

Cloud security is more than just vulnerability management—it is about recognizing and neutralizing toxic combinations that can leave your assets exposed. In this must-attend webinar, we will explore how Qualys TotalCloud CNAPP, powered by TruRisk Insights, uncovers hidden risks in your cloud environment and provides the tools to eliminate them before they become a threat. 

Key Takeaways: 

- Break down silos: Remove organization silos, drive consistent visibility across the DevOps lifecycle, and drive security as a key part of each stage of that journey.  

- Spot the Risks: Learn how TruRisk Insights identifies and prioritizes toxic combinations that elevate your cloud’s risk profile, enabling targeted and effective remediation. 

- Automate and Secure: Discover how automated workflows in TotalCloud CNAPP help you neutralize risks, streamline your security operations, and maintain continuous protection across your cloud infrastructure. 

- Understand Cloud Infrastructure and Entitlement Management’s role in enabling overall risk reduction.  

Why Attend? 

Do not just manage cloud security—master it. Join us to discover how TruRisk Insights can transform your approach to cloud security, enabling you to proactively identify and neutralize the threats lurking in your environment. Join us on September 18th to understand how you can drive a fundamental change in cloud security with Qualys TotalCloud CNAPP.

Breaking down silos and creating an integrated view of risk in the cloud with Qualys TotalCloud CNAPP

Cloud security is more than just vulnerability management—it is about recognizing and neutralizing toxic combinations that can leave your assets exposed. In this must-attend webinar, we will explore how Qualys TotalCloud CNAPP, powered by TruRisk Insights, uncovers hidden risks in your cloud environment and provides the tools to eliminate them before they become a threat. 

Key Takeaways: 

- Break down silos: Remove organization silos, drive consistent visibility across the DevOps lifecycle, and drive security as a key part of each stage of that journey.  

- Spot the Risks: Learn how TruRisk Insights identifies and prioritizes toxic combinations that elevate your cloud’s risk profile, enabling targeted and effective remediation. 

- Automate and Secure: Discover how automated workflows in TotalCloud CNAPP help you neutralize risks, streamline your security operations, and maintain continuous protection across your cloud infrastructure. 

- Understand Cloud Infrastructure and Entitlement Management’s role in enabling overall risk reduction.  

Why Attend? 

Do not just manage cloud security—master it. Join us to discover how TruRisk Insights can transform your approach to cloud security, enabling you to proactively identify and neutralize the threats lurking in your environment. Join us September 17th to understand how you can drive a fundamental change in cloud security with Qualys TotalCloud CNAPP.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

This Month in Vulnerabilities and Patches, September 2024

On July 1, 2024, the <a href="https://www.qualys.com/tru/" target="_blank">Qualys Threat Research Unit (TRU)</a> announced the discovery of a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems (CVE-2024-6387). This vulnerability enables remote code execution on OpenSSH's default configuration without authentication or user interaction, granting full root privileges and posing a significant security risk.

If exploited, it could lead to full system compromise where an attacker can take over systems, install malware, manipulate data, and create backdoors for persistent access. It could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

Given the risk presented by this vulnerability, our team is putting on a special presentation to unpack everything you need to know to combat it. Join Himanshu Kathpal and Saeed Abbasi on Wednesday, July 3, 2024, at 9:00 A.M PST to find out: 
- The full details of the vulnerability 
- The potential impact of regreSSHion 
- Step-by-step guidance to mitigate the risk
- Details on how Qualys can help

regreSSHion Vulnerability: Key Insights & Strategies to De-risk Your Environment

regreSSHion

Vulnerabilities

openssh

Remote Unauthenticated Code Execution

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

regreSSHion Vulnerability: Key Insights & Strategies to De-risk Your Environment

Presented by

About this talk

More from this channel