Thank you for your interest in Qualys at Black Hat! Please enjoy videos of our recent Black Hat sessions while we look forward to Black Hat USA 2022.
Taming Vulnerability Management Overload
August 4, 10:50 – 11:10 AM
Alan Shimel, CEO and Founder, MediaOps
Dr. Jason Gamage, Head of Information Security, Fashion Nova
Eran Livne, Director, Product Management, Qualys
Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate vulnerabilities in the programs themselves, it is unlikely to happen any time soon. Join us as Alan Shimel of Security Boulevard talks with Eran Livne, director of product management, endpoint remediation at Qualys, to discuss the importance of vulnerability patching. They'll discuss why companies fail to patch promptly, even when patches are available, and other barriers companies face that delay patching. We'll also discuss strategies to prioritize the right set of vulnerabilities and provide tips for reducing risk with efficient patch deployment models.
David Spark, CISO Podcast
Ben Carr, CISO, Qualys
Ed Rossi, VP Product Management, Qualys
Today's IT environments are growing increasingly complex and securing them is even more so. The rapid expansion and adoption of new technologies wreak havoc on security teams as they attempt to manage and secure an ever-changing landscape. Those who rely on asset inventory from their IT counterparts are challenged by a lack of security context for assets, and they miss an opportunity to identify and fix asset-centric issues like EOL or unauthorized software that they can address even before they run their vulnerability management program.
Join David Spark of the CISO Podcast and Qualys executives Ben Carr, CISO and Ed Rossi, VP Product Management, to discuss the role asset inventory plays in your overall security strategy. They'll cover the importance of security context for IT assets, which teams benefit from the information, and how to effectively implement a cybersecurity asset management practice.
Reinventing Asset Inventory for Security
August 5, 11:20 AM – 12:10 PM
Defense Strategies to Combat Sophisticated Ransomware and Multi-Vector Attacks
August 4, 11:30 AM – 12:20 PM
Shailesh Athalye, Senior Vice President, Product Management, Qualys
Every report and metric indicate that attacks are growing increasingly more sophisticated, and it's harder than ever to defend against them. Day in and day out cybercriminals launch sophisticated attacks to discover assets connecting to your environment and exploit your ever-increasing attack surface. They drop malicious objects, disguise themselves as authentic users, and discover and hold your precious data ransom before you can even detect their presence.
To defend themselves, companies need to detect attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. This session will dive into why multiple point solutions and manual security response strategies are no longer enough. Shailesh Athalye, Senior Vice President, Product Management at Qualys will share how security teams can gain the upper hand against ransomware and other sophisticated attacks by unifying their security strategy - managing asset inventory for cybersecurity, prioritizing vulnerabilities and automating remediation with zero-touch patching per threat indicators, and taking an effective multi-vector approach to detecting and responding to malicious attacks.
Atul Nair, Malware Researcher, Qualys
Harshal Tupsamudre, Senior Threat Researcher, Qualys
Persistence consists of techniques that adversaries use to maintain their foothold on systems across restarts. Techniques used for persistence include any access, action, or configuration changes that allow attackers retain access on systems. Persistence is one of the more sought-after techniques of an attacker. Every 3 techniques out of top 10 used by Adversaries belong to Persistence. We leveraged data from MITRE ATT&CK and open-source cyber threat intelligence to understand how adversary achieves persistence. We created Tenacity, a light-weight adversary emulation tool that emulates over 30+ persistence techniques using 100+ procedures employed by attackers in the wild. Using this tool the organizations and individuals can quickly validate the risk posture and exposure of their business as well as the performance of the existing security solutions.
DEF CON VIRTUAL SESSION:
Tenacity: An Adversary Emulation Tool for Persistence
August 6 - 8, 2021