We hope to virtually see you at Black Hat ASIA 2021 this year from May 4-7! We are excited to join the InfoSec community from around the world for original talks, advancing courses, groundbreaking security research and community building.
FEATURED SESSION:
Why are the bad guys winning?
May 7th, 10:10 AM – 11:10 AM
(Singapore Time)
Hiep Dang, VP Product Management, EDR at Qualys
Sangamesh S., Head of Managed Security Services at Infosys
By almost every account, trend, or metric, the bad guys are winning. 2020 saw the highest number of vulnerabilities ever recorded and an increase in malware, ransomware, and extortion payouts. And time is not on our side, with breaches going undetected for months and sometimes years.
In this session, we’ll dive into the problem of multi-vector attacks and why they complicate defense and gives attackers an advantage. Sangamesh S., head of managed security services at Infosys, will share a threat case study and show how you can get the upper hand against these complex multi-vector attacks. Finally, we’ll look at what the industry can do to stay ahead of the bad guys through cross-collaboration on research, threat intelligence and more.
Anand Paturi, Principal Research Analyst, Threat Management
Based on the recent Proxylogon and SolarWinds Sunburst vulnerabilities, it is evident that organizations continue to fall prey to massive cyberattacks caused by the exploitation of known vulnerabilities despite adapting risk-based vulnerability management solutions. We will investigate the hurdles teams face when implementing a patching program that results in susceptibility to critical threat vectors. Further, we will compare patch management metrics like mean time to patch between organizations that have adopted a threat-exposure-based patch management solution vs. those that have not.
Next, we will present a novel framework that includes mitigation controls and patching results while computing an overall organization's risk posture. Finally, we will put the framework to use in a study based on the Proxylogon attacks to show how it can lead to ideal risk management. not.
Continuously reduce risk with threat-based patch management and mitigation controls
May 6th, 11:15 AM – 11:35 AM
(Singapore Time)
The state of EDR and the battle between good and evil
May 7th, 11:40 AM – 12:00 PM
(Singapore Time)
Travis Smith, Director of Malware Threat Research at Qualys
For nearly 10 years, endpoint detection and response (EDR) tools have helped the good guys defend against adversarial attacks while setting in motion a Luckily, the arrival of MITRE ATT&CK has shifted the balance of power from attackers to defenders by providing more defensive insight into adversarial techniques than ever before. In this session, we’ll take a brief look at the history of EDR and what’s in store for its future. This discussion will include a focus on alerts and how organizations can set up for success and reduce the number of false positives and negatives. Travis will also review the role digital forensics, incident response, and even threat hunting play in setting up your security team for success.
Stop by our virtual booth to meet with our product managers, technical account managers and other experts.
Attendees who book a meeting or demo will automatically be entered for a chance to win a Qualys sweatshirt, an Apple iPad and other great prizes!
Meet with a Qualys Expert