At the conference, you will meet Qualys engineers, the driving force behind our Enterprise TruRisk Platform, hear our roadmap for the future and have the opportunity to provide direct feedback and suggestions.
Listen to best practices and user case study presentations, connect with our product managers and fellow Qualys customers and tally up your CPE credits.
CIOs, CSOs and CTOs; directors and managers of network, security and cloud; developers and DevSecOps practitioners; Qualys partners and consultants; or anyone passionate about security.
|8:00 – 9:00 AM||Registration|
|9:00 – 9:15 AM||
Our IT and security world is undergoing a profound transformation and there is no question that we all must now embrace the Cloud if we want to regain control of our networks. Philippe will retrace the journey Qualys undertook in the cloud as early as 1999 and highlight the founding principles that are helping Qualys transform security and make our computing world safer — one cloud app at a time.
|9:15 – 11:00 AM||
Keynote: Regaining Our Lost Visibility
While digital transformation gave us the opportunity to build security in, it represents a new challenge in a world where public cloud platforms and an avalanche of new IT security such as container security technology are forcing enterprises to rethink both their IT infrastructure, applications and security. Sumedh will discuss the ways that Qualys’ Cloud Platform, with its new global IT asset inventory capabilities, is rapidly becoming a keystone that unifies IT, Security and compliance across on-premises, hybrid clouds, endpoints, mobile devices, OT and IoT environments.
|11:00 – 11:20 AM||
|11:20 – 12:00 PM||
This talk will demonstrate the new features in Enterprise TruRisk Platform 10.0, and introduce the new Patch Management app. Enterprise TruRisk Platform 10.0 introduces a new customizable Vulnerability Management Dashboard for faster pivoting through vulnerability data, Custom Remote Detections for developing your own signatures, and Unified Dashboarding for mixing and matching widgets from multiple apps into a single view. Our new Patch Management app now lets you detect missing patches on a system and patch your entire environment with just a few clicks, using existing Qualys Cloud Agents. Learn how vulnerability data is leveraged by Patch Management in security patch detections, allowing you to quickly target and patch a CVE without the need to track down the specific security bulletins.
|12:00 – 12:30 PM||
This talk demonstrates how threat actors are rapidly weaponizing known vulnerabilities to target, exploit, and take over organization’s network for financial motivations, customer account and intellectual property theft, and sabotage. Learn how to using Qualys Indication of Compromise and other Cloud Apps to address mutant, dormant, and fileless malware; and best practices for streamlining Threat Hunting and Incident Response by instantly identifying compromised and suspicious devices across endpoints and networks.
|12:30 – 2:00 PM||
|2:00 – 2:20 PM||
Case Study Bank of England: Year One With Qualys
David Ferguson, CISSP CISM, Senior Manager of Technical Vulnerability Management, Bank of England
Neal Semikin, CISM, Head of Security & Infrastructure, Bank of England
|2:20 – 2:50 PM||
Users are increasingly adopting multicloud for their hybrid IT strategies to drive digital transformation, and securing clouds requires shared security responsibility. This session will introduce the inherent threats and solutions needed to secure your cloud stack, from workloads to infrastructure. This demonstrate how to gain visibility of your public clouds, secure workloads from both internal and perimeter vulnerabilities, and set up continuous security monitoring of cloud resources to avoid issues such as data leaks and cryptomining attacks through your cloud infrastructure. Also learn best practices from real-world examples of customers transparently orchestrating security into their practices and DevOps pipelines.
|2:50 – 3:20 PM||
Containers are the most sought after development tool for microservices. Their simplicity and portability allow DevOps to create true agile builds within development cycles. However, this new kind of environment brings a new set of security threats at every phase of this cycle—from unvalidated software entering the environment to running containers drifting and breaking immutable behaviors. This talk outlines how to build security into every phase. Learn about detecting anomalies and preventing security breaches in an extremely agile runtime environment, enabling you to efficiently manage security at the speed and scale of DevOps.
|3:20 – 4:00 PM||
Web Applications: The Soft Belly of the Cloud
Dave Ferguson, Director of Product Management
Rémi Le Mer, Director of Product Management
One of the main drivers in adopting cloud services is quick and easy deployment of web applications and APIs that support your business. But attackers view them as ripe targets because they handle sensitive data and are often developed without security in mind. Any web application could be a foothold into your organization and lead to a data breach if a latent vulnerability such as SQL injection or remote code execution were successfully exploited. Using Qualys Web Application Scanning (WAS) continues to be an effective way to identify app-layer vulnerabilities quickly and reliably across different environments and integrates with Qualys Web Application Firewall to provide an easy and effective way to protect known and unknown apps. This session will describe new capabilities in Qualys WAS and WAF such as better scan coverage and vulnerability detection, improved usability, automated scanning in CI/CD pipelines, new WAF container solution and much more. This talk will also dive into the WAS and WAF roadmaps for 2019, including some exciting changes coming to the UI and API security capability.
|4:00 – 4:20 PM||
|4:20 – 4:40 PM||
Case Study: How Your Organisation Can Successfully Implement a Vulnerability Management Strategy
Umair Imran, Vulnerability Manager, Maersk
|4:40 – 5:00 PM||
A safe browsing experience is good for business, driving HTTPS adoption to the extent that browsers now mark web pages NOT using TLS and certificates as “Not Secure”. In order to stay ahead of risk amidst the rise of DevOps and public clouds, organizations must automate visibility and tracking of their certificate deployments. Qualys CertView allows them to do so by centralizing visibility and lifecycle management of certificates as well as TLS configuration assessments into their overall continuous view of security and compliance state, and by enabling customers to rapidly see and remediate expired or vulnerable certificates. Learn how CertView can help you prevent downtime and outages, audit and compliance failures, mitigate risks associated with expired or vulnerable certificates and simplify the process of renewing, revoking and acquiring certificates into just a few clicks.
|5:00 – 5:25 PM||
Security Control Automation for IT Security, Risk & Compliance
Tim White, Director of Product Management
With so many overlapping and vague compliance requirements, selecting appropriate technical and procedural controls continues to be a challenge for organizations of all sizes in every industry. On the other side, there's always a race to make sure our environment is free from vulnerability, configuration and overall security issues, through robust cybersecurity procedures. Learn how innovations in the compliance family of apps can help you overcome common compliance challenges, simplify the control selection process and overall continuous compliance monitoring. You will see a preview of new automation to simplify control selection & assessment, continuous visibility into mandated requirements, and find new ways to get more data into the Qualys platform for a complete view of your compliance landscape.
|5:25 – 5:50 PM|
|5:50 – 6:00 PM||
Networking Reception in Scarfe’s Bar
Qualys Security Conference will be held at the Rosewood Hotel.
252 High Holborn
London, WC1V 7EN, United Kingdom
T: +44 20 7781 8888
Attendance at QSC is complimentary. This includes access to all general sessions, breakout sessions, breakfast, lunch, breaks, and receptions.
Travel and hotel accommodations are not included with QSC.
As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He was previously Chairman and CEO of Signio until its acquisition by VeriSign. He is also a member of the Board of Directors of StopBadware, a non-profit, anti-malware organization.
As Chief Product Officer at Qualys, Sumedh oversees worldwide engineering, development and product management for the Enterprise TruRisk Platform and integrated suite of security and compliance applications. A core systems and database engineer, Sumedh started at Qualys in 2003, architecting and delivering Qualys' PCI compliance platform to meet the Payment Card Industry (PCI) Data Security Standard (DSS) requirements.
Jimmy Graham is the Director of Product Management for Vulnerability Management. He has been deeply involved in information security and vulnerability management for over 10 years, and has managed teams covering security operations, incident response, application security, vulnerability management, penetration testing, governance, and compliance.
Hari Srinivasan is director of product management for Qualys’ security for cloud and virtualization. He has expertise in numerous enterprise software disciplines including cloud security and analytics, automation, systems management, data center transformation, Hybrid Cloud, PaaS - DBaaS, compliance and configuration management. He previously worked at Oracle both as an engineer and spent over a decade in multiple areas in product management positions.
Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.
Tim White, is Qualys’ director of product management for policy compliance. With more than 20 years of experience in IT GRC, he has worked with a variety of large enterprises across many different verticals while shaping products in the industry. He also has significant experience in broader Information Security, working with products ranging from Firewalls, Network Security, and Host Security.
Chris Carlson is a vice president of product management at Qualys, where he is in charge of the product definition, roadmap and strategy for the Cloud Agent Platform. During his 20+ year career in the infosec industry, Carlson has attained expertise in multiple areas, ranging from firewalls, VPNs and intrusion prevention systems to real-time event-processing, security analytics and next-generation endpoint platforms. Prior to joining Qualys, he held security architecture roles at UBS and at Booz Allen Hamilton, and product management positions at venture-funded startups and at leading vendors, including Hexis Cyber Solutions, Agent Logic, Informatica and Trustwave.