Cloud Platform
Platform
Solutions
Resources
Customers
Partners
Community
Support
Company
Login
Contact us
Try it
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview

  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security
Cyber Risk Series | Cloud Security Edition | February 28 | Register Now
2024 Cyber Risk Submit 2024 Cyber Risk Submit
Register

Art of the Impossible: Navigating the Broken CMDB

Relying on your configuration management database (CMDB) for a comprehensive view of assets leaves significant gaps in your security program. In this edition of the Cyber Risk Series, we'll go beyond broken CMDBs to consolidate asset inventory and ALL risk factors to one source of truth for Security and IT teams. Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.

Wednesday, May 8, 2024

Virtual

Featured Speakers

Bio

Sumedh Thakar
President and CEO, Qualys

Bio

Omar Santos
Cybersecurity and AI Security Research, OASIS Open

Bio

Shira Rubinoff
President, Cybersphere

Beatrice Sirchis
VP, Application Security Manager, IDBNY

Bio

Kunal Modasiya
VP, Product Management, Attack Surface Management & AppSec, Qualys

Learn what industry leaders are tracking on their cyber assets

The modern attack surface is dynamic, and a periodically updated list of assets won't secure your organization. CISOs and security teams need an actionable, risk-based approach to attack surface management to prioritize their riskiest assets amidst the sprawl.

Don't miss this unique opportunity to hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate far beyond the limitations of the CMDB.

Register

Tracks

Beware Your EoL/EoS Tech Debt

End-of-life (EoL) and end-of-support (EoS) hardware, software, and operating systems are often seen as an IT responsibility. The problem for security teams is that these instances of tech debt expose the organization to unpatchable vulnerabilities and other critical risks. While IT may control the budget and resources for upgrades, security bears the responsibility for associated risks. So, how can security teams measure the risk and align with IT proactively?

De-risking Your External Attack Surface

The modern enterprise has thousands of assets outside of its network, exposed to the internet—many of which are unknown. Not only does the cybersecurity team need to find these websites, applications, and legacy systems, but they must identify critical risk among the sprawl. Learn best practices for discovering external assets and providing IT and Security teams with the required intelligence to de-risk the external attack surface.

Bringing ITOps & Security Together

For IT teams, asset management implies procurement, change management, patching, and operational efficiency. For Security teams, asset management is the foundation for measuring and prioritizing risk. Every organization must find harmony between prioritizing risk and powering business operations through technology. Learn how to create a unified view of technology and risk to bridge the gap between Security and IT.

Asset Inventory Risk

Many asset management programs focus on building a comprehensive inventory—an important first step. But a list of assets is useless, unless you know the asset criticality along with associated vulnerabilities, misconfigurations, EoL/EoS data, and missing security controls. Learn the difference between visibility and inventory risk assessment.

Agenda

9:00 AM PT

Welcome to the Cyber Risk Series: The Art of the Impossible: Navigating the Broken CMDB

Shira Rubinoff
President, Cybersphere

Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.

9:05 AM PT

Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface

Sumedh Thakar
President and CEO, Qualys

Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.

This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption.

9:45 AM PT

OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity

Omar Santos
Cybersecurity and AI Security Research, OASIS Open

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

10:15 AM PT

Fireside Chat: A CISO’s Perspective on Attack Surface Management and the Limitations of the CMDB

Shira Rubinoff
President, Cybersphere

In the ever-evolving landscape of cybersecurity, the traditional approach of relying solely on periodically updated lists of assets is becoming obsolete. The modern attack surface is dynamic and expansive, presenting new challenges for CISOs and security teams. Join us for an insightful fireside chat with a seasoned CISO as we delve into the critical issue of Attack Surface Management and the limitations of the CMDB.

10:45 AM PT

Fast Track SLAs when Cyber Risk Meets CMDB

Beatrice Sirchis
VP Application Security IT – Cybersecurity, IDBNY

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

  • An always-up-to-date inventory in the CMDB
  • Automated ticket assignment for critical remediation tickets
  • Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades

Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

11:45 AM PT

The Ultimate Cyber Defense Partnership: Qualys and Your CMDB

Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt & AppSec, Qualys

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right?

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

  • Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization.
  • Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time.
  • Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities.

Join us in bridging the IT-security gap and proving that the CISO and CIO are correct when it comes to a complete asset inventory.

Tap into expert cyber risk insights every quarter!

Missed past Cyber Risk Series events?

Watch full recordings of every session.

Navigating the Complexity of Cloud Security: Challenges, Vulnerabilities, and Common Solutions Needed in 2024

David S. Linthicum, Globally recognized thought leader, innovator, and influencer in cloud computing, AI, and cybersecurity

Decoding Risk in the Cloud: A Fireside Conversation with CSA’s Jim Reavis, and Qualys’ Sumedh Thakar

Jim Reavis, CEO, Cloud Security Alliance

Sumedh Thakar, President and CEO, Qualys

Adoption of CIS Benchmarks™ to Enhance Your Cloud Security

Sean Atkinson, CISO, Center for Internet Security

Navigating Business Growth and Transformation Through Rapid Hardening of Cloud-Native Environments

Terry Barber, Security Operations, American Express Global Business Travel

Cloud Security 101: When, Why, and How Your Security Team Needs to Harness the Power of Cloud Security

Rob Smith, Founder & CEO, Lionfish Tech Advisors, Inc

Strong Cloud Security is a Team Sport

Clayton Smith, Principal Security GTM Specialist, AWS

Prioritizing Risk In a Fragmented Cloud

Nayeem Islam, Vice President, Product Management, Qualys

Keynote

Jonathan Trull, CISO, Qualys

Compliance and the Cloud

Troy Leach, Chief Strategy Officer (CSO), Cloud Security Alliance

PCI DSS 4.0 Myths and Facts from the Assessor's Perspective

Avani Desai, CEO, Schellman

Matt Crane, Senior Manager, Schellman

Four Common Trends in PCI DSS 4.0 Compliance

Gene Yoshida, Consultant - Chief Risk/Compliance

Bill Reed, Marketing Expert, Qualys

Four Common Trends in PCI DSS 4.0 Compliance

Terry Barber, Manager, Security Operations, American Express Global Business Travel

The Platform Approach to PCI

Lavish Jhamb, Sr. Product Manager, Compliance Solutions, Qualys

PCI DSS 4.0 Challenges and Cardnet's Experience

Isaias Mercado, Senior Systems Security Manager, Cardnet

Wrapup

Corey Smith, Vice President, Solution Architects, Qualys

Navigating Risk in an Era of Expanding Attack Surfaces

Jonathan Trull, CISO, Qualys

Attack Surface Management Matters

Jon Oltsik, Sr. Principal Analyst & Fellow, Enterprise Strategy Group

Defining the Attack Surface: A CISO's Perspective

Jonathan Trull, CISO, Qualys

Ryan Barrett, CISO, Intermedia

The CISO Maturity Model: Building a Cyber Strategy that Aligns with Corporate Risk Goals

Mike Orosz, Global VP & Information and Product Security, Vertiv

Attack Surface Management with an Attacke's and Defende's View

Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys

Fireside Chat: ASM & the Zero-Trust Connection

Art Thompson, CIO, City of Detroit

Bill Reed, Marketing Expert, Qualys

Wrapup and Free EASM Report Offer

Corey Smith, Sr. Director Solutions Architecture, Qualys

Building a cyber resilient enterprise by pivoting to risk management

Sumedh Thakar, President and CEO, Qualys

The convergence of data security and data management in a world of ransomware protection and recovery

Sanjay Poonen, CEO and President, Cohesity

Fireside Chat: How CISOs Can Navigate the Changing Landscape of Cybersecurity

Jonathan Trull, Chief Security Officer, Qualys

Rinki Sethi, VP & CISO, Bill

Unlocking Intelligence-Backed Remediation: Insights from the Qualys Threat Research Unit

Travis Smith, Vice President, Threat Research Unit, Qualys

Cyber Insurance – Are we there yet?

Rajeev Gupta, CPO and Co-founder, Cowbell

Sneak Peak of Qualys Latest Innovation

Shailesh Athalye, SVP, Product Management, Qualys
Shira Rubinoff

Shira Rubinoff

President, Cybersphere

Shira is President, Cybersphere, The Futurum Group’s cybersecurity practice. She is a recognized Cybersecurity executive, cybersecurity advisor, global keynote speaker, influencer and author, who has built two Cybersecurity product companies, and both incepted and led multiple Women-in-Technology initiatives.

Shira also serves as President of the NYC-based technology incubator, Prime Tech Partners and the social-media-security firm, SecureMySocial. In addition, she holds seats on the Boards of Pace University Cybersecurity Programme, The Executive Women’s Forum for Information Security, Leading Women in Technology, the Capri Ventures, Memcyco and many other leading technology and security companies.

Shira has published countless articles and lectures on topics related to the human factors of cybersecurity, blockchain, AI and related topics, and holds several patents/patents-pending in areas related to the application of psychology to improve information technology and Cybersecurity.Shira was awarded as “New Jersey’s Best 50 Women in Business”; “Woman of Influence” by CSO Magazine; “One to Watch” by CSO and the EWF; “Outstanding Woman in Infosec” by the CyberHub Summit; One to Watch in IT Security by SC Media and Top Female Cybersecurity Influencer on Social Media.

Sumedh Thakar

Sumedh Thakar

President and CEO, Qualys

As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.

Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.

Omar Santos

Omar Santos

Cybersecurity and AI Security Research - Security & Trust, OASIS Open

Omar is a board member of OASIS Open. Omar is the chair of the Common Security Advisory Framework (CSAF) developing new ways to automate security vulnerability disclosure and management. These efforts include the CSAF Vulnerability Exploitability eXchange (VEX). He is the founder and chair of OpenEoX. Omar is the co-chair of the Forum of Incident Response and Security Teams (FIRST) PSIRT SIG.

Kunal Modasiya

Kunal Modasiya

Vice President, Product Management, Attack Surface Management & AppSec, Qualys

Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.