Relying on your configuration management database (CMDB) for a comprehensive view of assets leaves significant gaps in your security program. In this edition of the Cyber Risk Series, we'll go beyond broken CMDBs to consolidate asset inventory and ALL risk factors to one source of truth for Security and IT teams. Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.
Wednesday, May 8, 2024
Virtual
Featured Speakers
Sumedh Thakar
Software Engineer,
Qualys
Omar Santos
Cybersecurity and AI Security Research,
OASIS Open
Shira Rubinoff
President,
Cybersphere
Bindu Sundaresan
Director,
AT&T Cybersecurity
Beatrice Sirchis
VP, Application Security Manager,
IDBNY
Mike Orosz
VP, Global Information & Product Security, CISO,
Vertiv
Kunal Modasiya
VP, Product Management, Attack Surface Management & AppSec,
Qualys
Pablo Quiroga
Senior Director of Product Management CSAM and EASM,
Qualys
Learn what industry leaders are tracking on their cyber assets
The modern attack surface is dynamic, and a periodically updated list of assets won't secure your organization. CISOs and security teams need an actionable, risk-based approach to attack surface management to prioritize their riskiest assets amidst the sprawl.
Don't miss this unique opportunity to hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate far beyond the limitations of the CMDB.
Tracks
Beware Your EoL/EoS Tech Debt
End-of-life (EoL) and end-of-support (EoS) hardware, software, and operating systems are often seen as an IT responsibility. The problem for security teams is that these instances of tech debt expose the organization to unpatchable vulnerabilities and other critical risks. While IT may control the budget and resources for upgrades, security bears the responsibility for associated risks. So, how can security teams measure the risk and align with IT proactively?
De-risking Your External Attack Surface
The modern enterprise has thousands of assets outside of its network, exposed to the internet—many of which are unknown. Not only does the cybersecurity team need to find these websites, applications, and legacy systems, but they must identify critical risk among the sprawl. Learn best practices for discovering external assets and providing IT and Security teams with the required intelligence to de-risk the external attack surface.
Bringing ITOps & Security Together
For IT teams, asset management implies procurement, change management, patching, and operational efficiency. For Security teams, asset management is the foundation for measuring and prioritizing risk. Every organization must find harmony between prioritizing risk and powering business operations through technology. Learn how to create a unified view of technology and risk to bridge the gap between Security and IT.
Asset Inventory Risk
Many asset management programs focus on building a comprehensive inventory—an important first step. But a list of assets is useless, unless you know the asset criticality along with associated vulnerabilities, misconfigurations, EoL/EoS data, and missing security controls. Learn the difference between visibility and inventory risk assessment.
9:00 AM PT
Welcome to the Cyber Risk Series: The Art of the Impossible: Navigating the Broken CMDB
Shira Rubinoff
President, Cybersphere
Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.
9:05 AM PT
Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface
Sumedh Thakar
President and CEO, Qualys
Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.
This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption.
9:20 AM PT
OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity
Omar Santos
Cybersecurity and AI Security Research, OASIS Open
Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.
Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.
9:50 AM PT
A Fireside Chat: Unlocking the Power of CMDB – Strategies for Overcoming Challenges and Enhancing Cybersecurity Posture
Shira Rubinoff
President, Cybersphere
Bindu Sundaresan
Director, AT&T Cybersecurity
In the modern enterprise, the CMDB is vital yet fraught with challenges. This fireside chat explores the CMDB’s pivotal role in asset management and cybersecurity. It will cover key IT and Security challenges such as:
10:25 AM PT
Fast Track SLAs when Cyber Risk Meets CMDB
Beatrice Sirchis
VP Application Security IT – Cybersecurity, IDBNY
Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.
That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:
10:45 AM PT
The Ultimate Cyber Defense Partnership: Qualys and Your CMDB
Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt & AppSec, Qualys
The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right?
In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:
11:05 AM PT
The Step-by-Step Guide to Turbocharging Your CMDB
Pablo Quiroga
Senior Director of Product Management CSAM and EASM, Qualys
You know there are blind spots in the CMDB, and it keeps you awake at night.
Are you missing external assets? What about the IoT/OT devices or BYOD on our network at any given time?
Even if your SecOps team finds those assets and discovers critical risk, your IT team has no records in the CMDB. While your team wastes precious time aligning on where to focus, the window is open for attackers.
Join us to see exactly how to locate these missing cyber assets and add them to the CMDB with comprehensive, real time risk assessment. When security teams identify cyber risk, IT teams will work from the same asset inventory and set of data to take remediation action immediately.
Pablo Quiroga, Senior Director of Product Management at Qualys will demonstrate real-world scenarios of cyber risk response using a bi-directional sync between the Enterprise TruRisk Platform and the CMDB to measure, communicate, and eliminate risk across IT and Security workflows.
11:20 AM PT
Fireside Chat: Bridging the IT/Security Gap
Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt & AppSec, Qualys
Mike Orosz
VP, Global Information & Product Security, CISO , Vertiv
Kunal Modasiya and Mike Orosz, CISO of Vertiv, will close out the Cyber Risk Series with a discussion on how Vertiv bridges the IT-security gap and the importance of a complete asset inventory.