Name: Steps To TruRisk: Step 2 - Take Inventory | Measuring Threats Accurately
Start: 2025-04-08T18:00:00Z
End: 2025-04-08T18:01:00.000Z
Location: BrightTALK
Rating: 0

Join us for this informative technology series for insights into emerging security trends that every IT professional should know. These brief sessions will give you an opportunity to discover best practices from market leaders as well as hands-on advice from industry experts on a variety of security and compliance topics.
 
Let Qualys help keep you up-to-date with cost-effective and efficient technology trends. Choose the topic that interests you or plan to attend the entire series to make sure you stay ahead of the curve.

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on December 11, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of November 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, November 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar December 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on November 13, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of October 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, October 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar November 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on October 16, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of September 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, September 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar October 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on September 11, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of August 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, August 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar September 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on August 14, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of July 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, July 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar August 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on July 10, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of June 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, June 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar July 2025: This Month in Vulnerabilities and Patches

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on June 12, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of May 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, May 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar June 2025: This Month in Vulnerabilities and Patches

Identifying risk is only the first step—taking decisive action is what truly makes an impact. Join us on May 20, 2025, at 11AM PST | 2PM EST for Steps To TruRisk: Step 5 - Eliminate the Risk | Taking Decisive Action, where we’ll explore how to turn risk assessments into meaningful and measurable cybersecurity improvements.

Effective risk management requires not just prioritization, but clear communication and strategic execution. This session will provide a step-by-step approach to:
<ul><li>Prioritizing remediation using Qualys TruRisk, whether through predefined scoring or custom strategies</li><li>Shifting to a patch-first approach to streamline remediation efforts</li><li>Leveraging the MITRE ATT&CK framework to refine risk-based prioritization</li><li>Tracking progress using the new Steps To TruRisk dashboard, which provides real-time risk trends, CVSS vs. QDS comparisons, and insights into CISA KEV vulnerabilities</li></ul>

With Qualys TruRisk, security teams can align cybersecurity efforts with business goals, ensuring that remediation efforts focus on the vulnerabilities that pose the greatest threat. Whether through automated tracking, real-time recalculations, or tailored prioritization models, this session will equip you with the tools to drive efficient, data-driven risk reduction.

Join us live for the final episode of the series and take the next step in eliminating risk with confidence.

Steps To TruRisk: Step 5 - Eliminate the Risk | Taking Decisive Action

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on May 15, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of April 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, April 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar May 2025: This Month in Vulnerabilities and Patches

Communicating cybersecurity risk effectively is just as important as identifying it. Join us on May 6, 2025, at 11AM PST | 2PM EST for Steps To TruRisk: Step 4 - Communicate Risk | Aligning Stakeholders, where we’ll explore how to bridge the gap between technical findings and business priorities to drive informed decision-making.

A strong risk management strategy requires clear, persuasive communication across stakeholders—from security teams to executives. This session will cover:
<ul><li>Strategies to present risk assessments in a way that resonates with both technical and business audiences</li><li>Methods to validate and adjust risk assessments as new threats emerge</li><li>Frameworks such as NIST SP 800-37, ISO 31000, COSO, and COBIT to guide risk communication and decision-making</li></ul>

We’ll also introduce Qualys TruRisk, included with VMDR, which enables organizations to shift from traditional vulnerability tracking to a risk-based approach. By applying the Risk = Likelihood x Impact formula, teams can:
<ul><li>Use Qualys Detection Score (QDS) to measure threat likelihood</li><li>Assign Asset Criticality Scores (ACS) to reflect business impact</li><li>Leverage risk scores to prioritize actions, measure progress, and refine strategies over time</li></ul>

With just a few simple steps—such as tagging assets and assigning ACS scores—you can transform the way your organization communicates and manages risk.

Join us live to learn how to align stakeholders, gain executive buy-in, and ensure security efforts focus on what truly matters.

Steps To TruRisk: Step 4 - Communicate Risk | Aligning Stakeholders

Did you know that 71% of organizations say their cyber risk levels are either increasing or holding steady? Despite growing investments in security, many organizations struggle to effectively reduce their risk exposure. The 2025 State of Cyber Risk Assessment Report, conducted by Dark Reading and Qualys, highlights the state of cyber risk maturity today—and the gaps that remain. While 49% of organizations now have formal cyber risk programs, nearly half of these programs are under two years old, signaling that many businesses are still in the early stages of their risk management journey.

Join industry experts Richard Seiersen, Chief Risk Technology Officer, and Mayuresh Ektare, VP of Product Management at Qualys, as they analyze key findings from the report and discuss how security leaders can shift from reactive assessments to proactive, automated risk management. This session will explore the role of asset discovery, business context, automation, and real-time insights in achieving true cyber risk maturity.

What You’ll Learn:
<ul><li>Why cyber risk management programs are gaining traction—but still have room to grow</li><li>How organizations can move beyond periodic asset discovery to continuous, real-time visibility</li><li>The importance of business context in risk prioritization—and why vulnerability severity alone isn’t enough</li><li>The biggest barriers to cyber risk maturity, including reliance on manual risk tracking and inconsistent reporting</li><li>Practical steps to evolve your risk management strategy and drive better security outcomes</li></ul>
Speakers:
<ul><li>Richard Seiersen – Chief Risk Technology Officer, Cybersecurity Expert, and Author</li><li>Mayuresh Ektare – Senior Vice President, Product Management, Qualys</li></ul>
Date & Time:
<ul><li>4/24/25</li><li>11 am PST</li></ul>

2025 State of Cyber Risk: Insights, Challenges & the Path Forward

Reducing cybersecurity risk starts with understanding the real-world impact of vulnerabilities on business operations. Join Colton Pepper (Product Marketing Manager) and Anthony Williams (VMDR Subject Matter Expert)—your returning co-hosts—for Steps To TruRisk: Step 3 – Get Started | Assessing Business Consequences, airing live on April 22, 2025, at 11AM PST | 2PM EST. They'll be joined by Lori Renaldi (Security Solutions Architect), who’ll bring real-world insight into how security teams are aligning risk with business priorities.

Many organizations struggle to prioritize remediation effectively because they overlook the business value of assets. This session will provide a structured approach to assessing risk by:
<ul>
<li>Evaluating the criticality of assets using Business Impact Analysis (BIA)</li><li>Assigning Asset Criticality Scores (ACS) based on Confidentiality, Integrity, and Availability (CIA)</li><li>Connecting business priorities with technical risks to drive meaningful remediation efforts</li></ul>

By integrating ACS with the Qualys Detection Score (QDS), organizations can apply the Risk = Likelihood x Impact formula to align security efforts with business objectives. Starting with Crown Jewel assets—those most essential to operations—this method ensures vulnerabilities with the highest potential consequences receive immediate attention.

Join us live to learn how to transform risk assessments into actionable, business-driven security decisions.

Steps To TruRisk: Step 3 - Get Started | Assessing Business Consequences

Discover a new standard in File Integrity Monitoring (FIM) designed to meet the rigorous demands of PCI 4.0. In this webinar, we’ll explore how Qualys’ advanced, “noise-cancelling” FIM solution helps organizations quickly detect and investigate unusual file system activities—without sifting through endless alerts. From real-time File Access Monitoring (FAM) and container-level FIM to agentless deployment network devices, you’ll see how easy it can be to ensure complete coverage and continuous compliance with PCI 4.0.

What You’ll Gain
<ul><li>Staying Audit Ready: Get up and running fast with preconfigured templates tailored to PCI 4.0 requirements.</li><li>Noise Cancellation: Reduce alert fatigue through automated noise cancellation and focus on the most critical events.</li><li>Most Comprehensive Protection: Extend coverage to servers, endpoints, network devices, and containers—all from a single platform.</li><li>Lower Operational Costs: Streamline FIM management with unified dashboards, reducing resource overhead and saving time.</li></ul>

Join us to learn how Qualys’ innovative FIM solution not only fulfills PCI 4.0 standards but also empowers your security teams to operate more efficiently and effectively.

Noise Cancelling FIM for PCI 4.0

Please join the Qualys research and product teams for the “This Month in Vulnerabilities and Patches” webinar on April 10, 2025.

We will discuss this month's high-impact vulnerabilities, including those that are part of March 2025 Patch Tuesday. We will walk you through the steps to address the key vulnerabilities using Qualys VMDR and Patch Management.

We will cover:

• The significant vulnerabilities published this month:
• Microsoft Patch Tuesday, March 2025 
• Other Significant Vulnerabilities

An action plan to quickly identify and remediate vulnerabilities:

• Learn how to use Qualys Patch Management to remediate vulnerabilities.

Patch Tuesday Webinar April 2025: This Month in Vulnerabilities and Patches

Are you prioritizing the right vulnerabilities, or just checking boxes?

Join Colton Pepper, Product Marketing Manager, Anthony Williams, Subject Matter Expert, VMDR, and Russ Sanderlin, Director, SME, VMDR on March 25, 2025, at 11AM PT | 2PM ET for Steps To TruRisk: Step 1 - Mind the Gap | Shifting to Priority-Driven Strategies, the first episode in a five-part series designed to help organizations move from vulnerability management to true risk reduction.

Cybersecurity isn’t just about patching everything—it’s about reducing risk where it matters most. In this session, Colton and Anthony will break down how to align technical remediation efforts with real business priorities.

Using the time-tested formula Risk = Likelihood x Impact, you’ll learn how to:
<ul><li>Define your organization’s risk tolerance and what it means in practical terms</li><li>Assess the true value of your assets and their role in business operations</li><li>Measure the real-world impact of potential compromises to focus on what matters most</li></ul>
To complement this session, check out our <a href="https://blog.qualys.com/product-tech/2025/03/10/steps-to-trurisk-1-shift-to-priority-driven-strategies?utm_source=brighttalk&utm_medium=resource&leadsource=344576687">accompanying blog post</a> for deeper insights into risk prioritization strategies.

Join us live as we explore how a priority-driven approach transforms vulnerability management from a never-ending chase into a strategic risk-reduction engine. Don’t miss this chance to shift your security strategy in the right direction.

Register now to secure your spot.

Steps To TruRisk: Step 1 - Mind the Gap | Shifting to Priority-Driven Strategies

According to Enterprise Strategy Group, 93% of organizations use at least three tools to inventory their cyber assets. That means three different sources to manage, three different UIs—and most importantly, three different interpretations of cyber risk.

In this webinar, join Pablo Quiroga (Sr Director of Product Management) at Qualys for a review of the threat landscape and the market challenges driving this disjointed approach, and a roadmap to a simpler program, including:
<ul>
<li>Consolidating API-based CAASM tools, EASM scanners, and CMDB inventories to a single view of cyber risk</li><li>Multiplying risk factors that must be accounted for within a unified inventory</li><li>How to leverage a unified inventory to drive risk-based vulnerability management and streamlined remediation</li></ul>

Join us to take the first step in consolidating your attack surface coverage.

How Many Tools Should it Take to Secure Your Entire Attack Surface

Scaling cloud-native applications demands more than just ticketing—it requires risk-driven vulnerability management. Traditional tools struggle with container ephemerality, generating excessive noise without prioritization, leading to inefficiencies and delayed remediation.

Join Qualys and ServiceNow to see how the Qualys TotalCloud Kubernetes & Container Security (KCS) integration with ServiceNow Container Vulnerability Response (CVR) streamlines risk-based remediation with:

<ul><li>TruRisk™-Powered Prioritization – Focus on what matters most with Qualys TruRisk scoring based on real-world threats and business impact.</li><li>Noise-Free, Actionable Insights – Reduce ticket overload by eliminating unnecessary alerts, ensuring security teams act on critical risks.</li><li>Remediation Ready – Qualys tickets are enriched with full developer context, so teams get everything they need to take action immediately—without back-and-forth.</li><li>Continuous Automation – From accurate detection to auto-prioritized ticketing and streamlined remediation, Qualys and ServiceNow eliminate friction and accelerate security.</li></ul>
See how leading enterprises are transforming container vulnerability management with Qualys TotalCloud and ServiceNow CVR.

Speakers:
<li>Andy Ojha: Principal Outbound Product Manager Security Operations, ServiceNow</li>
<li>Abhinav Mishra: Director of Product Management – Qualys</li>
Date: March 19th

Register now to take control of container security with a smarter, risk-based approach!

Proactive Container Security: Risk-Driven Remediation with Qualys & ServiceNow CVR

Steps To TruRisk: A Five-step Framework for True Risk Management

Understanding your environment is essential, but accurately measuring real-world threats is transformative. Join Colton Pepper, Product Marketing Manager, and Anthony Williams, VMDR Subject Matter Expert, along with special guests Russ Sanderlin, Director of the VMDR SME Team, and Chinmay Inamdar, Lead Technical Trainer, on April 8, 2025, at 11AM PT | 2PM ET for Steps To TruRisk: Step 2 - Take Inventory | Measuring Threats Accurately.

Many organizations rely solely on CVSS scores for prioritization, but these scores often fail to reflect the true likelihood of exploitation. A medium-severity CVSS vulnerability could pose a critical risk if it’s linked to ransomware or listed in CISA’s Known Exploitable Vulnerabilities (KEV) catalog.

This session introduces the Qualys Detection Score (QDS), a more comprehensive metric that enhances visibility into:
<ul><li>Technical severity, such as CVSS scores</li><li>Temporal details, including exploit code maturity and threat intelligence</li><li>Mitigation details, such as compensating controls</li></ul>

With QDS, security teams can move beyond guesswork, streamline decision-making, and focus on high-confidence, high-impact threats. Colton, Anthony, Russ, and Chinmay will also discuss additional tools like MITRE ATT&CK, EPSS, and CISA KEV to help teams strengthen their risk assessments.

Join us live to learn how QDS eliminates fragmented workflows and helps prioritize what truly matters in today’s evolving threat landscape.

Steps To TruRisk: Step 2 - Take Inventory | Measuring Threats Accurately

Qualys TruRisk

Steps To TruRisk

Cyber threat assessment

CVSS vs. risk-based prioritization

Vulnerability risk scoring

How to measure cyber risk

Exploit prediction scoring system (EPSS)

Cybersecurity risk visibility

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Steps To TruRisk: Step 2 - Take Inventory | Measuring Threats Accurately

Presented by

About this talk

More from this channel