Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Black Hat ASIA 2021 – Virtual

We hope to virtually see you at Black Hat ASIA 2021 this year from May 4-7! We are excited to join the InfoSec community from around the world for original talks, advancing courses, groundbreaking security research and community building.

Free Business Pass

Register for free access to the Business Hall, Arsenal, Community Programs and Sponsored Sessions

Qualys sessions at Black Hat


Why are the bad guys winning?

May 7th, 10:10 AM – 11:10 AM
(Singapore Time)

Hiep Dang, VP Product Management, EDR at Qualys
Sangamesh S., Head of Managed Security Services at Infosys

By almost every account, trend, or metric, the bad guys are winning. 2020 saw the highest number of vulnerabilities ever recorded and an increase in malware, ransomware, and extortion payouts. And time is not on our side, with breaches going undetected for months and sometimes years.

In this session, we’ll dive into the problem of multi-vector attacks and why they complicate defense and gives attackers an advantage. Sangamesh S., head of managed security services at Infosys, will share a threat case study and show how you can get the upper hand against these complex multi-vector attacks. Finally, we’ll look at what the industry can do to stay ahead of the bad guys through cross-collaboration on research, threat intelligence and more.

Anand Paturi, Principal Research Analyst, Threat Management

Based on the recent Proxylogon and SolarWinds Sunburst vulnerabilities, it is evident that organizations continue to fall prey to massive cyberattacks caused by the exploitation of known vulnerabilities despite adapting risk-based vulnerability management solutions. We will investigate the hurdles teams face when implementing a patching program that results in susceptibility to critical threat vectors. Further, we will compare patch management metrics like mean time to patch between organizations that have adopted a threat-exposure-based patch management solution vs. those that have not.

Next, we will present a novel framework that includes mitigation controls and patching results while computing an overall organization's risk posture. Finally, we will put the framework to use in a study based on the Proxylogon attacks to show how it can lead to ideal risk management. not.

Continuously reduce risk with threat-based patch management and mitigation controls

May 6th, 11:15 AM – 11:35 AM
(Singapore Time)

The state of EDR and the battle between good and evil

May 7th, 11:40 AM – 12:00 PM
(Singapore Time)

Travis Smith, Director of Malware Threat Research at Qualys

For nearly 10 years, endpoint detection and response (EDR) tools have helped the good guys defend against adversarial attacks while setting in motion a Luckily, the arrival of MITRE ATT&CK has shifted the balance of power from attackers to defenders by providing more defensive insight into adversarial techniques than ever before. In this session, we’ll take a brief look at the history of EDR and what’s in store for its future. This discussion will include a focus on alerts and how organizations can set up for success and reduce the number of false positives and negatives. Travis will also review the role digital forensics, incident response, and even threat hunting play in setting up your security team for success.

Visit us at our virtual booth and win prizes

Stop by our virtual booth to meet with our product managers, technical account managers and other experts.

Attendees who book a meeting or demo will automatically be entered for a chance to win a Qualys sweatshirt, an Apple iPad and other great prizes!

Meet with a Qualys Expert