Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Black Hat USA 2024

Want to Learn How to Manage Cyber Risk at the Speed of Business?

Visit us at booth 1320 to learn how the Qualys Enterprise TruRiskTM Platform can measure, communicate, and eliminate cyber risk—everywhere.

Black Hat USA 2024

Qualys Sessions at Black Hat USA


Business Hall Theater E

Manage Your AI and LLM Attack Surface by De-Risking Your AI Pipeline

August 7, 1:30 PM - 2:30 PM

Shailesh Athalye, Senior Vice President, Product Management, Qualys

AI and Large Language Models (LLMs) offer organizations the promise of security solutions with enhanced threat detection, predictive analytics, and automated responses. However, they also introduce new vulnerabilities and expand the attack surface, presenting unique risk management and remediation challenges.

Join us for an in-depth session exploring the complexities of securing AI and LLM deployments. This presentation will cover:

  • Understanding the AI Attack Surface: Identify the potential vulnerabilities and attack vectors unique to AI and LLM systems as defined by tools like the OWASP Top 10 and the MITRE ATT&CK Framework.
  • Risk assessment and mitigation strategies: Gain insights into best practices for assessing and mitigating risks associated with AI and LLM technologies.
  • Real-world case studies: Examine scenarios where AI and LLM vulnerabilities have been exploited and learn from the successes and challenges faced by organizations in managing these risks.

Attendees will leave with actionable recommendations and tools to enhance the security posture of their AI and LLM initiatives. They will also learn how to effectively communicate the risks and benefits of AI to stakeholders while building a culture of security within their organization.

Booth sessions

10:20 AM Remediating the Nightmares: Preparing To Reduce Risk Comprehensively With TruRisk Eliminate
Eran Livne, Senior Director, Endpoint Remediation, Qualys
Register Now
Eran Livne's bio

Explore how Qualys Patch Management boosts enterprise security and compliance through robust, scalable automation and risk-based remediation. This session highlights the platform's ability to automate patching for Windows, Linux, Mac, and third-party apps from a central dashboard, targeting vulnerabilities with up to 90% efficiency. Integrated with VMDR, it maps detected vulnerabilities to the appropriate patches, enabling proactive security measures. We'll delve into zero-touch patching that prioritizes critical threats, optimizing Mean Time To Remediate (MTTR) and allowing IT teams to focus on strategic initiatives. Discover how Qualys enhances security frameworks and complements solutions like SCCM, ensuring comprehensive, risk-focused cybersecurity.

11:00 AM Cintas’ Journey: Achieving Automated, Risk-Based Patch Management
Tom Scheffler, Security Operations Manager, Cintas

Join Tom Scheffler, Security Operations Manager at Cintas, to explore how Cintas revolutionized its patch management process. Leveraging Qualys Patch Management, TruRisk, and CyberSecurity Asset Management, Cintas achieved automated patching for severe threats within 24 hours, reducing cyber risk by 61%. In this session, you'll discover how these solutions enabled Cintas to:

  • Prioritize vulnerabilities effectively
  • Enhance asset visibility
  • Significantly shorten remediation times

Learn how Cintas' approach has strengthened its overall security posture against evolving cyber threats.

11:40 AM Preventing, Detecting and Responding to Malware and Ransomware Attacks in Cloud With TotalCloud Powered by Deep Learning AI
Nayeem Islam, Vice President, Product Management, Qualys
Register Now
Nayeem Islam's Bio

As cloud adoption has increased and data has moved to the cloud, attackers are increasingly interested in this data. In this presentation, we discuss deep learning AI to detect ransomware from development to runtime. As applications are developed, container registeries registries can be scanned, and at runtime network traffic and cloud logs are inspected using deep learning AI make sure ransomware is detected early.

12:20 PM Securing AI and LLMs: Integrating Advanced Threats Into Your Vulnerability Management Framework
Ashish Kar, Director, Product Management, Qualys
Register Now

Artificial Intelligence (AI) and Large Language Models (LLMs) are transforming industries with their advanced capabilities, but they also introduce new vectors of vulnerabilities and misconfigurations. In this talk, we will explore the critical importance of incorporating AI and LLM-specific security measures into a comprehensive vulnerability management program to allow teams to measure, communicate, and eliminate AI and LLM related risk. Attendees will gain insights into the unique challenges posed by AI applications, models, data, and infrastructure, as well as best practices for identifying and mitigating associated risks. This session will cover how to adapt traditional vulnerability management, asset management, and proactive patching strategies to address the complexities of AI systems, ensuring that your organization can harness the power of AI while maintaining a robust security posture. Join us to learn how to secure the next generation of intelligent technologies and integrate them seamlessly into your vulnerability management framework.

1:00 PM Your Cloud De-Risked With Qualys TotalCloud Kubernetes and Container Security
Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys
Register Now

In today's digital landscape, securing cloud-native applications is critical. "Your Cloud De-Risked with Qualys TotalCloud Kubernetes and Container Security" explores Qualys TotalCloud's comprehensive security solutions for Kubernetes and container environments. Key highlights include:

  • Vulnerability Prioritization: Leveraging TruRisk™ for container-specific risk management.
  • Compliance and Best Practices: Adhering to CIS standards and PCI 4.0 with runtime drift detection and file integrity monitoring.
  • Advanced Threat Detection: Using deep-learning-based malware classification with binary analysis and network traffic inspection.

Join us to learn best practices for securing containerized applications, mitigating vulnerabilities, and ensuring compliance across cloud environments with Qualys TotalCloud.

1:40 PM Attack Surface Management as a Business Growth Driver
Beatrice Sirchis, VP Application Security, IDBNY

In a competitive financial services industry, IDB Bank invests heavily in technology as a competitive advantage, which comes with demands on the cybersecurity front.

Join Beatrice Sirchis (VP of Application Security at IDBNY) to learn how she and her team prioritize asset discovery and continuous cyber risk assessment to enable digital investment for the bank, including:

  • Real-time and continuous risk assessment of the external attack surface
  • Leveraging business context to prioritize the TruRisk of every asset
  • Proactive tech debt (EoL/EoS) management to prioritize technology upgrades based on cyber risk
  • Aligning cyber risk context with the CMDB to map tickets 95% faster

Join this session to learn how to leverage your attack surface management program to drive positive business outcomes

2:20 PM De-Risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys Software Composition Analysis and VMDR
Himanshu Kathpal, Senior Director, Product Management, Platform & Sensors, Qualys
Register Now
Himanshu Kathpal's Bio

In today’s dynamic digital landscape, the rise of open-source components in application development presents both opportunities and challenges. High-profile attacks on widely used software packages underscore the urgent need to address vulnerabilities within the software supply chain.

Join our session to discover how Software Composition Analysis (SwCA) with the same Qualys Cloud Agent provides comprehensive visibility into the software components used in your applications. This enables proactive identification and mitigation of vulnerabilities, preparing you for situations like the Log4j outbreak. You can integrate SwCA seamlessly into existing workflows for vulnerability management, ensuring efficient and automated reporting without disruption. Stay ahead of attackers with Qualys SwCA and enhance your software security today.

3:00 PM Enhancing Vulnerability Management With Threat Intelligence: A Strategic Approach
Sandeep Potdar, Senior Director, Product Management, VMDR, Qualys
Register Now
Sandeep Potdar

As cyber threats become more sophisticated, integrating threat intelligence into a vulnerability management program is essential for proactively defending against potential attacks. In this session, we will delve into the critical role that threat intelligence plays in identifying, prioritizing, and mitigating vulnerabilities within an organization's IT infrastructure. Attendees will learn how to leverage threat intelligence to enhance the accuracy of vulnerability assessments, improve risk prioritization, and enable more effective remediation strategies. By examining real-world case studies and best practices, this talk will provide actionable insights on how to integrate threat intelligence seamlessly into existing vulnerability management workflows, ultimately strengthening an organization's overall security posture. Join us to discover how to transform your vulnerability management program into a proactive and intelligence-driven defense mechanism against the ever-evolving threat landscape.

3:40 PM Unified Attack Surface Management With an Attacker's and Defender's View
Sidharth Bhatia, Director, Product Management - CSAM & ESAM, Qualys
Register Now

The attack surface is your cyber battlefield. Its most vulnerable targets are unprotected, externally exposed and internal rogue assets. Essentially, they give attackers keys to pierce your enterprise and plunder sensitive assets at will. This session offers crucial insights for building a successful Attack Surface Management (ASM) project to safeguard risks from cyber attackers.

The session details how IDBNY solved six practical ASM use cases. Its lessons will teach you how to discover attack surface risks, lock down exposure points, and automatically remediate risks by order of priority.

4:20 PM TruRisk/Toxic Combination Session – TotalCloud TruRisk Insights Report
Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys
Register Now
Kunal Modasiya's Bio

Prioritizing risk in the cloud is complex, and it's easy to be deluged by signals with differing indications of what to prioritize. In this session, we describe TruRisk Insights, which correlates risk indicators from diverse sources, providing you with a single prioritized view of your cloud risk landscape with actionable insights so you can fix what matters the most... first. TruRisk Insights algorithmically correlates vulnerabilities, misconfigurations, cloud entitlements, and active threats to create a single list of issues to address.

5:00 PM Redefining Incident Response in 2024: Integrating Vulnerability Management and EDR
Andrew Morrisett, Director, Product Management, Endpoint Security, Qualys
Register Now

In today’s rapidly evolving cyber threat landscape, threat actors are increasingly exploiting Common Vulnerabilities and Exposures (CVEs) as a gateway for initial compromises. Often, Security Operations Center (SOC) teams overlook the critical role of CVEs in the incident response process, resulting in incidents that spread rapidly due to the lack of real-time intelligence and correlation between CVEs and malware.

Visit us at our booth and win prizes

Stop by booth 1320 to meet with our product managers, technical account managers, and other experts.

Attend one of our in-person booth presentations and enter the chance to win one of our great prizes! Must be present to win.

Meet with a Qualys Expert

Himanshu Kathpal

Himanshu Kathpal

Sr. Director, Product Management, Platform, Qulays

Himanshu Kathpal is senior director of Product Management at Qualys. He has over 13 years of experience in cybersecurity and product management, with a specialization in vulnerability management, remediation, and next-generation endpoint security. Himanshu is passionate about developing security solutions that align with the company’s cybersecurity product strategy to meet customer needs, reduce the attack surface, and strengthen the organization’s security posture. He holds a master’s degree in engineering from D.Y.Patil University, Pune, as well as an MBA in International Business Management from NMIMS, Mumbai.

Nayeem Islam

Nayeem Islam

Vice President, Product Management, Qualys

Nayeem Islam is the Vice President of Product Management at Qualys for the TotalCloud initiative. Prior to joining he was founder and CEO of Blue Hexagon, a cloud security company that pioneered the use of AI to detect cloud threats. Blue Hexagon is now part of Qualys.

Shailesh Athalye

Shailesh Athalye

Senior Vice President, Product Management, Qualys Inc.

As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.

Lavish Jhamb

Lavish Jhamb

Sr. Product Manager, Compliance Solutions, Qualys

Lavish Jhamb is Solution Architect for Compliance Solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.

Eran Livne

Eran Livne

Senior Director, Endpoint Remediation, Qualys

Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti’s enterprise security and endpoint security and management solutions. Eran holds a bachelor’s degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.

Kunal Modasiya

Kunal Modasiya

Vice President, Product Management, Attack Surface Management & AppSec, Qualys

Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.

Sandeep Potdar

Sandeep Potdar

Senior Director, Product Management, VMDR, Qualys

As Senior Director of Product Management, Sandeep Potdar leads product strategy and its execution for the Qualys VMDR product portfolio. He is an Engineer-turned-Architect-turned-PM, with close to 2 decades of experience in Enterprise Software and Cybersecurity domains and an extensive consulting experience in various Retail, Banking, Insurance, Travel, and Manufacturing Fortune 500 companies. Prior to joining Qualys, he led Platform and Product Management at Tenable. Before that, he led Product Management at WhiteHat Security and launched several Application Security products. Sandeep has a bachelor’s in computer science engineering from Visvesvaraya Technological University, India and a certificate of business excellence from Haas School of Business, University of California, Berkeley.