Cyber Risk Series To be or not to be: Patch is the Question

In this new edition of the Cyber Risk Series, we delve into the critical aspects of Patch Management. This session will guide you through the decision-making process of whether to patch or not, detailing the criteria and considerations that influence this decision. Learn the best practices for implementing patches effectively when you decide to patch, ensuring minimal disruption and maximum security. Additionally, we will explore strategies for managing and mitigating risks when patching isn't feasible, equipping you with the tools to maintain robust security even in challenging scenarios. Join us to enhance your understanding and execution of Patch Management, a vital component in defending against evolving cyber threats.

Wednesday, July 31, 2024

Virtual

Featured Speakers

Sumedh Thakar

Sumedh Thakar
President and CEO, Qualys

Graham Cluley

Graham Cluley
Smashing Security

Sean Atkinson

Sean Atkinson
CISO, Center for Internet Security

Satish Machaiah

Satish Machaiah
Associate Practice Manager, Infosys

Jonathan Trull

Jonathan Trull
CISO, Qualys

Matthew Figueroa

Matthew Figueroa
Senior Security Engineer

Adam Gray

Adam Gray
CTO, Novacoast

Derek Fisher

Derek Fisher
Product Security, Enterprise Security & Risk Management Published Author

Eran Livne

Eran Livne
Sr. Director, Endpoint Remediation, Qualys

PATCHING GOES PATCHLESS – Join Qualys’ innovative CEO, Sumedh Thakar, to hear his “Patchless” vision and this revolutionary new approach.
Make sure you stay until the end!

Learn how industry leaders approach patch management best practices

Patch management is a continually shifting target that requires IT and Security teams to align their priorities—a task easier said than done. Merely conducting scans and passing the information to another department, expecting them to take action, is untenable. Therefore, CISOs and CIOs need an actionable, risk-based approach to reduce the risk of exploitable vulnerabilities and prioritize their most critical assets within their digital environments.

Don’t miss this exclusive opportunity to hear top industry experts share insider tips on what IT and security leaders need to know to protect their entire IT environment from growing threats with cutting-edge patch management strategies.

Key topics:

  • Enhancing Federal Browser Security
  • The ROI of Patch Management
  • Aligning ITOps & Security Priorities
  • When Patching Isn’t Enough
  • Patchless Patching: Flexible, Immediate, Secure

Agenda

9:00 AM PT

Welcome to the Cyber Risk Series!

Graham Cluley

Smashing Security

Join us as we delve into remediation and patching and sessions packed with expert insights, thoughtful discussions, and actionable strategies.
Watch Now

9:10 AM PT

Unlocking New Frontiers in Cyber Risk Elimination

Sumedh Thakar

President and CEO, Qualys

Five years ago, Sumedh Thakar revolutionized the industry by merging vulnerability management with patching, enabling organizations to streamline and expedite threat remediation. Now, he’s back to kick off the Cyber Risk Series with groundbreaking new strategies to further reduce risk exposure. Are you wondering what innovative solutions he has in store? Don’t miss this captivating session to find out!
Watch Now

9:30 AM PT

Balancing Risks, Rewards, and Remediation

Sean Atkinson

CISO, Center for Internet Security

Proactive patch management is crucial for balancing threat mitigation and business continuity. Reactive patching exposes organizations to vulnerabilities and disrupts operations.
In this session, Sean will discuss approaches to integrating risk assessment with patch management to achieve:
  • A comprehensive approach to identifying and prioritizing vulnerabilities
  • Streamlined communication between IT and security teams
  • Strategic decision-making on when and when not to patch, minimizing business disruption
  • Analyze industry data on patching to evaluate its effectiveness and impact
Discover how this risk-based framework ensures sustainable, effective patch management, aligning IT operations and security priorities to stay ahead in a constantly evolving threat landscape.
Watch Now

10:00 AM PT

Scaling Security: Managing 300,000 Endpoints and Remediating 85% of Threats in 5 Days

Satish Machaiah

Associate Practice Manager, Infosys

Jonathan Trull

CISO, Qualys

Hybrid workplaces are now the norm, presenting new daily cybersecurity challenges. Managing 300,000 endpoints and 20,000 services globally, one organization ensures their data and brand remain secure amid rising malware and ransomware attacks. Join us for a fireside chat between Satish Machaiah, Associate Practice Manager, and Jonathan Trull, CISO & SVP Customer Solutions Strategy at Qualys, to explore how defenses have been fortified, vulnerabilities eliminated, and cyber insurance costs reduced through strategic automation and seamless IT-security collaboration.
Key Takeaways:
  • Integrated Security Strategies: Gain insights into aligning IT and security teams, fostering a unified approach to reducing vulnerabilities.
  • Building a Security Culture: Learn how to cultivate a robust security culture, enhancing overall resilience.
  • Automation in Cybersecurity: Discover how leveraging patch management can remediate 80 to 85% of critical security updates within 4 to 5 days.
  • Cost Reduction Methods: Understand how proactive risk management and enhanced security measures can significantly reduce cyber insurance costs.

Join us to explore a forward-thinking cybersecurity approach, the journey in building a cohesive security culture, and how your organization can enhance its security posture in an evolving threat landscape.
Watch Now

10:30 AM PT

Your Tools Are Failing: Navigating the Fine Line Between Success and Vulnerability

Adam Gray

CTO, Novacoast

Traditional EPP often fall short as cyber threats evolve. Join industry expert Adam Gray from Novacoast to explore critical cybersecurity challenges modern organizations face and discover how advanced solutions can strengthen your defenses.
  • The financial impact of cybercrime, comprehensive data collection for threat detection, and browser and endpoint security.
  • The effectiveness of AV/EDR solutions, supply chain vulnerabilities, and essential data for improving security posture.
Learn how to transform your cybersecurity strategy for robust protection and enhance your organization’s resilience.
Watch Now

11:00 AM PT

Building A Culture of Communication and Resilience

Matthew Figueroa

Senior Security Engineer

James Lowery

Director of Information Security

Learn how this leader in the private aviation space has strengthened its defenses, eliminated 100,000 vulnerabilities, and achieved a 35% reduction in cyber insurance costs while boosting operational efficiency.
Key Takeaways:
  • Automation in Cybersecurity: Discover how we utilize automation tools for efficient vulnerability detection and management, enhancing overall security processes
  • Vulnerability Reduction Strategies: Gain insights into the advanced scanning tools, integrated security platforms, and predictive analytics that have significantly decreased our vulnerabilities
  • Cost Reduction Methods: Understand the correlation between improved security measures and reduced cyber insurance costs through proactive risk management
Register now to explore this proactive cybersecurity approach and learn how to enhance your organization’s security posture in an ever-evolving threat landscape.
Watch Now

11:30 AM PT

Mitigating Risks in Healthcare: The Role of Exploitability in Patch Management

Derek Fisher

Product Security, Enterprise Security & Risk Management Published Author

Understanding and mitigating cybersecurity risks is crucial for patient and organizational security in the healthcare sector. Join Derek Fisher as he explores the concept of exploitability and its impact on healthcare organizations. Learn how to identify and prioritize vulnerabilities by focusing on their actual risk to your organization. This session will cover:
  • Balancing risk by using exploitability to determine which vulnerabilities need immediate attention.
  • Building efficient workflows for remediation, ensuring critical vulnerabilities are addressed promptly.
  • Overcoming challenges in healthcare, such as limited budgets, legacy systems, and low-tech adoption.
Discover how a strategic patch management approach can enhance healthcare security and operational efficiency.
Watch Now

11:45 AM PT

Proactive Risk Mitigation Through IT and Security Alignment

Eran Livne

Sr. Director, Endpoint Remediation, Qualys

Join us as we share best practices on how organizations of every size can significantly reduce risk.
This session will cover:
  • Discover the steps needed to improve your communication with IT and ensure that you haven’t deployed one patch too many that resulted in unnecessary downtime
  • Learn how to automate patch management where it makes sense
Attendees gain actionable insights and practical strategies for aligning IT and security teams, optimizing resilience, and minimizing security risks across your organization.
Watch Now

12:10 PM PT

Patching Goes Patchless: Introducing a New Approach to Risk Reduction

Eran Livne

Sr. Director, Endpoint Remediation, Qualys

Join us for the unveiling of Qualys’ latest innovation taking remediation beyond patching.

Tap into expert cyber risk insights every quarter!

Subscribe

Missed past Cyber Risk Series events?

Watch full recordings of every session.

Watch Now
Sumedh Thakar

Sumedh Thakar

President and CEO, Qualys

Qualys
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Jonathan Trull

Jonathan Trull

CISO & SVP Security Solution Architecture, Qualys

Qualys
Jonathan Trull is a longtime security practitioner and CISO & SVP Security Solution Architecture with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.
Eran Livne

Eran Livne

Senior Director, Endpoint Remediation, Qualys

Qualys
Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti's enterprise security and endpoint security and management solutions. Eran holds a bachelor's degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.