Name: Risk Mitigation for AI with Secure Development Lifecycle
Start: 2024-12-09T13:26:00Z
End: 2024-12-09T13:26:30.000Z
Location: BrightTALK
Rating: 0

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Today's enterprises face complex regulatory compliance challenges. Many enterprises struggle to stay audit ready. They lack the tools necessary to maintain continuous compliance, to produce detailed reports, and to reduce compliance risk.

Relying solely on CIS Benchmark assessments leaves enterprises with significant manual effort to remediate and prove compliance. These challenges are driving many customers to make the change from Qualys Secure Configuration Analysis (SCA) to the full featured offerings of Qualys Policy Compliance. 


Join Qualys Product Manager Anu Kapil for a fireside chat and a demo of Qualys Policy Compliance. 

During this webinar you'll learn how Qualys Policy Compliance:

<li>Simplifies and Automates the Compliance auditing process</li>
<li>Enables Mandate Based Reports (PCI DSS, NIST, DISA, HIPAA, GDPR)</li>
<li>Maintains Audit Readiness With Auto Remediation</li>
<li>Monitors and Reports on Compliance Changes Over Time</li>
<li>Provides Advanced and Detailed Dashboards to improve Enterprise Compliance Visibility</li>

For more information about Qualys Policy Compliance ahead of this event, <a href="https://www.qualys.com/solutions/compliance/" target="_blank">please visit: https://www.qualys.com/solutions/compliance/</a>

Supercharge Compliance Beyond SCA With Policy Compliance

The workshop will delve into the heart of cybersecurity risk measurement across four progressive sessions. Our focus will be on discovering which risks are most likely to cause significant business losses across the intersection of assets, threats, and vulnerabilities. 
Facilitator: Richard Seiersen is the author of two books: How to Measure Anything in Cybersecurity Risk and The Metric Manifesto: Confronting Security with Data. Prior to joining Qualys as Chief Risk Technology Officer, Richard held CISO roles at Twilio, LendingClub, and GE Healthcare, and has facilitated hundreds of engagements with CISOs on metrics, risk quantification, and board presentations via IANS. 
In this episode (or session), we will cover: 
#4 PRESENTING METRICS THAT MATTER - To Stakeholders On Their Terms About Their Business Learn how to assemble everything you have learned into metrics cards for engaging stakeholders. Get introduced to the modern approach to cybersecurity risk management called the “Risk Operations Center” that integrates risk across IT and cloud risks.

Cyber Risk Workshop #4 PRESENTING METRICS THAT MATTER - To Stakeholders On Their Terms About Their Business

The workshop will delve into the heart of cybersecurity risk measurement across four progressive sessions. Our focus will be on discovering which risks are most likely to cause significant business losses across the intersection of assets, threats, and vulnerabilities. 
Facilitator: Richard Seiersen is the author of two books: How to Measure Anything in Cybersecurity Risk and The Metric Manifesto: Confronting Security with Data. Prior to joining Qualys as Chief Risk Technology Officer, Richard held CISO roles at Twilio, LendingClub, and GE Healthcare, and has facilitated hundreds of engagements with CISOs on metrics, risk quantification, and board presentations via IANS. 
In this episode (or session), we will cover: 
#3 THE QUANTIFIED CYBERSECURITY RISK REGISTER - Focusing On What The Business Stands to Lose Get introduced to modeling risk scenarios and their application in the “Rapid Risk Interview.” In the process you will learn the very basics in forecasting monetary impacts. Learn how these can be assembled into basic “quantified cybersecurity risk register.”

Cyber Risk Workshop #3 THE QUANTIFIED CYBERSECURITY RISK REGISTER - Focusing On What The Business Stands to Lose

The workshop will delve into the heart of cybersecurity risk measurement across four progressive sessions. Our focus will be on discovering which risks are most likely to cause significant business losses across the intersection of assets, threats, and vulnerabilities. 
Facilitator: Richard Seiersen is the author of two books: How to Measure Anything in Cybersecurity Risk and The Metric Manifesto: Confronting Security with Data. Prior to joining Qualys as Chief Risk Technology Officer, Richard held CISO roles at Twilio, LendingClub, and GE Healthcare, and has facilitated hundreds of engagements with CISOs on metrics, risk quantification, and board presentations via IANS. 
In this episode (or session), we will cover: 
#2: CYBERSECURITY METRICS ON RAILS - Measuring Efficiency In Risk Elimination This next module builds on “The Measurement Mindset” with a focus on metrics. The three classes and components of good metrics are covered. We then apply these concepts to building capability-based metrics in the form of Burndown-, Arrival-, and Survival-based metrics.

Cyber Risk Workshop #2 CYBERSECURITY METRICS ON RAILS - Measuring Efficiency In Risk Elimination

Join us for a fireside chat with Joe Petrocelli, VP of Product Management, and Andrew Morrisett, Product Lead for Endpoint Security, as they discuss how Qualys' unified platform delivers holistic ransomware defense validated by the 2024 MITRE ATT&CK® Evaluation.
 
What You'll Learn:
<li>How Qualys achieved 91.5% detection with only 1 false positive, joining an elite group of only five vendors with 90%+ detection and under 10% false positives.</li>
<li>Why false positive rates matter and how excessive noise makes many EDR solutions impractical.</li>
<li>A deep dive into Qualys' unified approach to stopping advanced ransomware like LockBit and Cl0P across the entire attack chain—leveraging EASM, VM, Patch Management, and EDR.</li>
Agenda:
<ol>
 <li>MITRE ATT&CK Results Breakdown: What sets Qualys apart in detection and precision.</li>
 <li>Holistic Ransomware Defense: How Qualys prevents attacks before they happen and responds to active threats.</li>
 <li>Real-World Scenarios: How Qualys protects against LockBit and Cl0P ransomware techniques.</li>
 <li>Interactive Q&A: Get your questions answered live by our experts.</li>
</ol>

Complete Attack Chain Prevention: Qualys' Unified Approach Validated by MITRE ATT&CK 2024

The workshop will delve into the heart of cybersecurity risk measurement across four progressive sessions. Our focus will be on discovering which risks are most likely to cause significant business losses across the intersection of assets, threats, and vulnerabilities. 
Facilitator: Richard Seiersen is the author of two books: How to Measure Anything in Cybersecurity Risk and The Metric Manifesto: Confronting Security with Data. Prior to joining Qualys as Chief Risk Technology Officer, Richard held CISO roles at Twilio, LendingClub, and GE Healthcare, and has facilitated hundreds of engagements with CISOs on metrics, risk quantification, and board presentations via IANS. 
In this episode (or session), we will cover: 
#1: THE MEASUREMENT MINDSET - Patching The Concepts That Hold Us Back This introductory module covers the fundamentals of security measurement. Our focus will be understanding the Concepts, Objects, and Methods (COM) of measurement with a touch of statistical history.

Cyber Risk Workshop #1 THE MEASUREMENT MINDSET - Patching The Concepts That Hold Us Back

Are you struggling with manual agent deployment across your organization? Traditional methods can be time-consuming, prone to errors, and challenging to scale. Join our webinar to discover how Qualys Cloud Agent Deployment Using Qualys Scanner revolutionizes this process, empowering businesses to secure their infrastructure with efficiency and precision.
 
What You'll Learn
<li>Overcome Manual Deployment Challenges: Address inefficiencies and eliminate the complexities of manual installations.</li>
<li>Seamless Agent Deployment: Explore how Qualys Scanner effortlessly installs Cloud Agents across Windows and Linux platforms.</li>
<li>Uncover Hidden Vulnerabilities: Identify assets missing the essential Qualys Cloud Agent and take proactive measures to secure them.</li>
<li>Streamlined Workflow: Integrate agent deployment into your existing IT processes to reduce overhead and total cost of ownership (TCO).</li>
Key Benefits
<li>Effortless Scalability: Quickly deploy agents to new endpoints as your organization grows.</li>
<li>Regulatory Compliance: Automate deployments to maintain consistent security protocols and meet industry standards.</li>
<li>Unified Asset Management: Use Qualys Scanner to discover eligible assets and deploy agents seamlessly.</li>
<li>Continuous Visibility: Generate alerts, monitor missing agents, and track remediation progress through dynamic dashboards.</li>

Simplify Security with Qualys Cloud Agent Deployment Using Qualys Scanner

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on January 16, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of December 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, December 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar January 2025: This Month in Vulnerabilities and Patches

Qualys’ Risk Operations Centre (ROC) enables cross-functional collaboration across finance, security and compliance teams to unify cyber risk management within your organisation to allow for a coordinated response in real time. 

In this cross-EMEA webinar, Qualys CTSO and VP Solutions Architect, EMEA & APAC Richard Sorosina and VP, Cyber Risk Technology Ivan Milenkovic will provide practical advice on operationalizing the ROC while considering minimizing costs, reducing risk, and meeting compliance mandates.  

Join us on Thursday 16th January in our webinar to discover:

• Understand the concept of the ROC
• How it enables centralized risk management 
• How you can implement it within your organization

Register now and don't miss this opportunity to learn more about Qualys’ Risk Operations Centre.

Operationalising the Risk Operations Centre

Navigating PCI DSS 4.0 compliance can be complex, but Qualys simplifies it with its advanced File Integrity Monitoring (FIM) solution. Tailored for efficiency, Qualys FIM automates noise cancellation, streamlining compliance while offering comprehensive coverage for servers, endpoints, network devices, and containers.

Join us on 1/14/25 at 11 AM, PST for an engaging webinar featuring Stuart Hinson from Solidigm. Learn how Qualys FIM reduces operational costs, enhances compliance workflows, and ensures seamless adherence to PCI 4.0 requirements with zero issues.

What You’ll Gain:
<ul>
<li>Effortless onboarding with preconfigured setups specifically designed for PCI 4.0 compliance.</li>
<li>Advanced noise-canceling automation to simplify monitoring and reduce operational overhead.</li>
<li>Comprehensive coverage across diverse infrastructures, ensuring robust security and compliance.</li>
<li>Real-world insights from Solidigm's successful implementation of Qualys FIM.</li></ul>

This webinar is a must-attend for security professionals, compliance officers, and IT managers seeking to optimize compliance processes and strengthen their security posture. Discover how Qualys FIM can help your organization achieve and maintain PCI 4.0 compliance efficiently and effectively.

Simplifying PCI 4.0 Compliance with Noise-Cancelling File Integrity Monitoring

Bridge the gap between traditional vulnerability management and true risk-based prioritization with Qualys TruRisk. Enable security teams to communicate the real impact of cyber risks, helping the business make informed, strategic decisions. Empower your teams to go beyond metrics like CVSS and CISA KEV, with actionable insights that clearly demonstrate risk levels in business terms.
 
Introducing the "Steps to TruRisk" Dashboard
The new "Steps to TruRisk" dashboard is a powerful tool that visually supports risk-based prioritization. It brings Qualys TruRisk insights to life, helping security teams illustrate the significance of threats, identify practice gaps, and allows teams to connect vulnerability data to business-critical assets for precise remediation.
 
Key Takeaways will include:
<li>Identify Real Threats: Prioritize high-impact vulnerabilities to enhance threat awareness beyond traditional metrics.</li>
<li>Target Remediation Efforts connect vulnerability management with Business Impact Analysis to focus on what matters most.</li>
<li>Improve Communication by translating risk insights into clear, business-aligned narratives for leadership and auditors.</li>
<li>A quick sneak peek into what's next for Qualys TruRisk with VMDR and ETM!</li>
 
Discover how VMDR with TruRisk drives risk-based prioritization, see the "Steps to TruRisk" dashboard in action, and learn practical steps for adopting a risk-aligned strategy. 
 
Don’t miss this opportunity to elevate your cybersecurity program and simplify risk-based management and remediation.

Register now!

Steps To TruRisk: Leveraging Qualys To Reduce Your Risk

Managing vulnerabilities shouldn’t feel like a juggling act. With the redesigned Qualys VMDR for ITSM integration with ServiceNow, we’ve made it easier than ever to bridge the gap between security and IT operations. Join us to see how this powerful update simplifies the vulnerability management process, aligns with ITIL best practices, and empowers your teams to stay ahead of risks.
 
In this session, you’ll explore how the latest Qualys Core and VMDR App redefines vulnerability management. Certified for Xanadu, Washington DC, and Vancouver, the app now aligns with ServiceNow guidelines, adopting ITSM-Incident Management tables for seamless ticket creation and grouping.
 
What You’ll Learn:
<ol><li>Streamline Your Workflow: Discover how automated incident creation helps you save time and eliminate manual reporting headaches.</li>
 <li>Prioritize with Precision: Learn how TruRisk attributes enable your teams to focus on what matters most for quicker, smarter remediation.</li>
 <li>Foster Better Collaboration: See how a shared platform for security and IT teams promotes teamwork and transparency.</li>
 <li>Automate Patching: Understand how Qualys Patch Management integrates with ServiceNow to kick off automated change requests and patch deployment jobs effortlessly.</li></ol>
Walk away with actionable insights to enhance your vulnerability management strategy and simplify your team’s daily operations.

Additional Resources:
<ul>
 <li><a href="https://store.servicenow.com/sn_appstore_store.do#!/store/application/dd3cef9c87a2f0107bb3a86e0ebb3529/2.0.1" target="_blank">ServiceNow Store - Qualys Core App</a></li>
 <li><a href="https://store.servicenow.com/sn_appstore_store.do#!/store/application/3bd20edd1b56fc10203dca22604bcb7c/3.0.1" target="_blank">ServiceNow Store - Qualys VMDR App</a></li>
</ul>

Redesigned Version of The Qualys VMDR For ITSM: ServiceNow Integration Simplified

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 12, 2024.

We will discuss this month's high-impact vulnerabilities, including those that are part of December 2024 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, December 2024 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar December 2024: This Month in Vulnerabilities and Patches

Understanding the intricacies of web application security is crucial in today's tech-driven markets. This webinar dives into the significance of securing production sites and complex business logics, which are pivotal for maintaining robust and secure online operations. From the vulnerabilities introduced in JavaScript code to the complexities of advanced business logics, attendees will gain a comprehensive view of the potential risks, and the innovative strategies needed to address them. A key focus will be on the integration of Qualys Web Application Scanning (WAS) into CI/CD pipelines. This shift-left approach ensures that vulnerabilities are identified and mitigated early in the development process, enhancing overall security posture. Join us to know how Qualys WAS can meticulously scan production environments, analyze JavaScript, and evaluate complex business logics to identify security weak points.

Securing Modern Applications in the Digital Age

As organizations adopt LLMs rapidly, security challenges arise, especially when development teams deploy these models without notifying security teams. Total AI enhances visibility, offers proactive scanning, and categorizes AI vulnerabilities, helping organizations secure their infrastructures and manage risks effectively. A demo showcases how users can manage AI assets and address vulnerabilities.

Navigating Security Challenges of Large Language Models with AI Asset Visibility and Model Scanning

Emergent technologies like generative AI can sometimes take security professionals out of their comfort zone and challenge preconceived notions about what it means to secure a system or capability. The new challenges that come with securing AI have also forced us to revisit risk and resilience in a threat landscape that has quickly shifted into novel attack spaces.

Effectively managing enterprise cybersecurity risks has historically been facilitated by the adoption of robust risk management frameworks, tools, and processes that directly link risks to actions. For this talk, we will illustrate how the concepts that have traditionally afforded us the ability to mitigate and respond to risk through security are the same concepts we can apply to secure capabilities enabled by emergent technologies, including AI. Along the way, we will examine what it is that makes us uncomfortable with AI and discuss concrete steps to take that will make us more comfortable with deploying these capabilities confidently and securely.

Becoming More Comfortable with Risk-Informed Secure AI

The landscape of cybersecurity has undergone a profound shift as we embrace the potential of AI to revolutionize industries. In this talk, we delve into the critical imperatives for securing our digital ecosystems in the age of AI and explore the urgent need to transform these architectures to accommodate AI-driven workloads. From edge devices to cloud infrastructure, our systems must evolve to handle the demands of AI algorithms while also maintaining robust security. We’ll discuss NVIDIA’s significant role in fortifying cybersecurity, including NVIDIA Morpheus, digital fingerprinting, and behavior analytics.

Security in the Age of AI

Chatbots Breaking Bad Unmasking the Risks of LLMs

Redefining Risk and Resilience in a New Cyber Era

Cyber Risk Series – AI & LLM Edition: How Secure Are Your Generative Sheep?

The session provides actionable insights for organizations looking to implement robust security practices in their AI development practices while balancing innovation with risk mitigation. We explore integrating AI development and security lifecycles, offering a practical framework for risk management. We examine how secure development lifecycle (SDL) principles can be adapted for AI systems. The discussion covers distinct risk considerations from both AI model providers’ and consumers’ perspectives. We’ll analyze appropriate controls and risk mitigation strategies at different stages.

Risk Mitigation for AI with Secure Development Lifecycle

AI development

robust security

integrating AI

AI systems

framework

Risk Management

Risk Mitigation

security lifecycles

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Risk Mitigation for AI with Secure Development Lifecycle

Presented by

About this talk

More from this channel