QSC EMEA'21
Virtual Event

In this session, Philippe will discuss why, in a world where connected devices are exploding, visibility across all devices (known and unknown) and environments is essential. Creating an accurate inventory or "cartography of your entire hybrid environment," which is always up to date and seamlessly integrated into your security stack, is the foundation for a comprehensive security program. Simply said, "You can’t secure what you don’t know or can’t see."

In this keynote, Sumedh will discuss the current state of security given the evolving infrastructure and growth in the remote workforce. He will discuss industry trends, new challenges and the opportunity these changes bring to improve our cybersecurity.

He will share Qualys' approach that allows customers to take advantage of these opportunities and effectively streamline security. He will discuss the latest in Enterprise TruRisk Platform evolution and give a peek into our upcoming innovations with a comprehensive set of demos showing the end-to-end capabilities the Qualys offers with a unified platform for IT, security and compliance.

Please join us for this Live Q&A session, where we welcome your comments and questions. The Q&A is hosted by:

• Philippe Courtot, Chairman and CEO, Qualys
• Sumedh Thakar, President and Chief Product Officer, Qualys

In its Global Risks Report 2020, the World Economic Forum ranked cybercrime among the top seven risks of highest concern to organizations. This isn't surprising given that hackers find more ways to attack assets every day, putting the security of critical data and business continuity itself at risk. This increase in attacks, along with new threat vectors and attack techniques, demands new approaches to cybersecurity. Please join our panel of experts as they share their strategies for reducing threats in the digital world.

If your organization fails to prioritize the right set of vulnerabilities, attackers will prioritize them for you. With today's hybrid infrastructure, figuring out the right vulnerabilities to prioritize based on risk can be a daunting task, but it doesn't have to be. Determining risk requires an in-depth understanding of the assets, the vulnerabilities impacting them, and their associated threats. Once understood, reducing risk requires an approach that balances and converges the needs of people, process and technology to offer closed-loop remediation. Find out how a new integrated approach from Qualys can help organizations discover assets, find and prioritize vulnerabilities, and finally remediate them all from a single platform.

WINDTRE is one of the three main mobile operators in Italy and among the main alternative carriers in the fixed-line market. As a provider of critical national telecoms infrastructure, watertight information security is essential. In this presentation, you'll learn how WINDTRE is leveraging the Enterprise TruRisk Platform and VMDR® to deliver effective, low-touch vulnerability monitoring for over 6,000 servers and 7,000 clients across multiple data centres.

As the saying goes, to a hammer everything is a nail. For traditional endpoint security products, every threat is just a file. This narrow perspective is no longer adequate to protect Enterprises against the evolving spectrum of threats they face today. New techniques such as fileless malware, living-off-the-land attacks, and insider threats require a solution that combines breadth and depth of visibility into all corporate assets. Adding EDR to Qualys' product stack allows you to go beyond detection and response of a single threat by identifying exploited vulnerabilities and compliance failures to increase your security posture and prevent future threats.

Uphold is on a mission to change the way people use money, providing borderless access to financial services not available through traditional banks. In this presentation, Uphold explains how the Enterprise TruRisk Platform is eliminating hours of manual PCI DSS compliance work while helping to protect thousands of endpoints—allowing the company to scale rapidly without sending operational costs soaring.

Driven by digital transformation and remote work, enterprises today face a proliferation of cloud infrastructure and containerized workloads. Securing this infrastructure requires a holistic approach that runs across workloads and the cloud posture.

In this session, attendees will see why a platform approach focusing on visibility, prevention, detection, and response is needed to effectively address these security challenges. We’ll explore how Qualys CloudView and Container Security provide visibility into your cloud footprint, continuously assess its security posture and help proactively manage the associated attack surface with automated detection and response capabilities across cloud and container resources.

Zoom is a cloud-based video conferencing company that’s seen its business soar in 2020. This session will cover Zoom’s approach to container security in a hybrid environment and touch on how they manage container vulnerabilities, misconfigurations and workflows.

In today's dynamic IT environments, traditional IT GRC/IRM tools prove ineffective in managing real-time risk and compliance programs. These legacy tools operate in silos, with a cumbersome and time-consuming approach of defining security and risk controls and reporting them back for compliance audits and risk posture. This session will show how the Qualys Unified Risk & Compliance platform brings together security and compliance profiles and orchestrates them as policies for automated assessment and enforcement through various Qualys apps. You'll also learn how the correlated insights are leveraged for real-time risk and audit management.

Bankmed, a leading bank in Lebanon, must protect its online and mobile services against cyber threats 24/7. In this session, you'll learn how Bankmed harnesses the Enterprise TruRisk Platform—including Cloud Platform Apps for Vulnerability Management, Threat Protection, Continuous Monitoring and more—to enable the rapid identification and remediation of critical vulnerabilities.

Web applications continue to be the top hacking vector and source of data breaches according to the 2020 Verizon DBIR. With Qualys Web Application Scanning, you can guard against these realities by identifying and fixing application vulnerabilities throughout the development lifecycle. In this session, you’ll see how to bake scanning into your CI/CD pipelines, scan prior to go-live in QA or staging, and set up scheduled scanning to monitor production apps. We’ll also take a look at APIs, and you’ll learn how Qualys API Security empowers developers to design and build secure APIs from the start.

Cembra depends on its online and mobile channels to enable 24/7 access to financial products, services and support to customers across Switzerland. In this presentation, you’ll discover how Enterprise TruRisk Platform solutions are empowering Cembra to build a new Security Operations Centre—delivering automated alerts on vulnerabilities and misconfigurations, cutting response times and increasing alignment with internal security policies.

Infosys, a global leader in digital services, will discuss its proactive lifecycle approach to vulnerability management based on people, technology and process. The session will share best practices and delve into how Infosys uses VMDR for a threat intel led approach to VM that automatically correlates vulnerabilities to patched for auto-remediation.

Hackers are becoming more targeted, advanced, and stealth. Today’s cybersecurity landscape is increasingly challenging to navigate, with ransomware attacks becoming more sophisticated and costly. With limited financial and IT resources to support security efforts and a lack of in-house security technical expertise, enterprises are increasingly turning to managed service providers (MSPs) like Syntax to keep them safe.

In this session, you’ll learn:

• Why it’s important that your partner has a macro and micro view of cybersecurity
• How to overcome the growing cybersecurity skills gap and to account for hackers attacking during non-business hours
• Why security problems rarely follow a standard script
• How to avoid the commodity ransomware wave

Jabil, a large manufacturing solutions provider, will discuss its vulnerability management journey from appliance-based scanning to its present agent-based scanning approach, which delivers improved awareness and real-time assessment. The presentation will also cover VMDR and a look towards automating the entire vulnerability management cycle including OT and IoT environments.

A critical element in effectively securing your network is complete visibility across your full IT ecosystem. Technology advances such as SaaS, cloud instances, containers and mobile devices, in addition to existing on-prem hardware and software deployments, are significantly increasing the complexity of today's IT environment. This presentation will discuss how a comprehensive, up-to-date Global AssetView strengthens your security position and helps you manage scarce IT resources. We'll also look at using the same IT Inventory to improve the accuracy of your Service Management CMDB.

Vulnerabilities are not created equal, but the CVSS scoring model scores them as though they are all the same. CVSS ratings represent the technical severity of the vulnerability, not the risk it poses to an organization. Without the right context, the risk from a critical vulnerability with no exploit would appear to have the same risk as a vulnerability with an easy exploit that is actively being exploited. This is why context is so important. This session will show how Qualys VMDR helps organizations prioritize vulnerabilities with the proper context across threats, assets, and vulnerabilities. VMDR then combines them with mitigation controls so you can focus on the right set of vulnerabilities to prioritize and remediate.

Patch management is critical, yet it's also a cumbersome process for most enterprises. Luckily, many detected vulnerabilities are more easily remediated using the Qualys Patch Management app. In this session, we will share best practices for streamlining the remediation process to ensure an efficient handoff between your security and IT teams. We will also demonstrate current and upcoming product capabilities and share our vision for how Qualys can help remediate most of the discovered vulnerabilities regardless of OS and vulnerability type.

Today's distributed workforce is rapidly adopting mobile devices. Enterprises are adapting by allowing connectivity with the corporate network, which increases the amount of company data on these mobile devices. There has also been a drastic rise in Android and iOS vulnerabilities and an increased number of vulnerable apps distributed from authorized app stores. Both of these trends make the mobile device a preferred target of attacks. At the same time, Digital Transformation in manufacturing, power generation and distribution, oil and gas, and similar industrial environments is rapidly inter-connecting these systems with each other and back to the enterprise networks. Every year, more and more vulnerabilities are disclosed for these industrial systems, and the number of cybersecurity-related incidents on the shop floor rises. In this session, we will walk through how Qualys solutions - Secure Enterprise Mobility and Industrial Control Security - help you secure mobile and industrial assets providing extensive visibility into the security posture and performing various remediation actions on the affected assets.

At IBM X-Force Red, we work with our clients to drive successful Vulnerability Management programs. This work requires us to roll up our sleeves and dig into the underlying problems that plague most organizations. It's no surprise that we find more issues around fixing vulnerabilities than around detecting them. Steve Ocepek, CTO of X-Force Red, will share his team's insights on the long-Tail Detection and Response issues that most clients encounter, and explain how Qualys VMDR helps organizations reduce operational debt and focus on their most critical risks.

The world of virtual work presents unique challenges for information security professionals – but also new opportunities to re-imagine a more secure future of work. This session will dive into the challenges and offer approaches to solving them.

Emotet and Trickbot (two of today's most prevalent threats) can infiltrate corporate networks from employees' homes. In this session, you'll learn how Qualys EDR can protect your organization from these attacks by giving your security response teams the necessary visibility, insights and context. We will show how Qualys EDR goes beyond traditional EDR by combining contextual data from other Qualys modules, including Asset Inventory, Vulnerability Management, and Policy Compliance. Qualys EDR helps you not only to detect and respond, but also to harden your assets to prevent future attacks.

The MITRE ATT&CK framework gives defenders an advantage by letting them know how attackers target their systems. In this session, we'll look at how the Enterprise TruRisk Platform lets you respond quickly and intelligently to attackers and shorten the time attackers lurk in your environment. We'll explore how Qualys Policy Compliance helps you lock down assets under the context of the ATT&CK framework. In instances where attackers bypass the hardened state of the system, we'll show you how Qualys File Integrity Monitoring and Qualys EDR provide enhanced capabilities to detect tactics, techniques and procedures linked back to the ATT&CK framework.

The goal of attackers is to find the most compelling and well-connected assets in a network so they can then move laterally and carry out their nefarious plans. Their target could be a domain controller, database server or even a developer's laptop. With Qualys Attack Path Discovery, we help you identify these assets using attacker-like "situational awareness" techniques. We then leverage the Qualys Agent and Qualys Vulnerability Management data to further enrich the asset information with user-, asset- and network-related contextual details. This gives you the upper hand at remediation before an attacker can find your well-connected assets.

Effective cybersecurity requires real-time context. Deploying multiple, siloed cybersecurity products and stitching them together with SIEM solutions is not working. In this session, you'll get a glimpse into the upcoming Security Analytics, a next-gen product line for security analytics and incident response that natively integrates and correlates security telemetry. The solution will incorporate solutions from Qualys and third parties into a cohesive security incident and response platform that includes native support for UEBA, threat hunting, intelligence, and automated response with out-of-the-box support for MITRE ATT&CK detection use cases.

EPAM Systems, Inc is a global company specializing in consulting, engineering, architecture, and design. The company uses nine Qualys solutions to secure its hybrid infrastructure. The presentation will cover the company's approach to the organization and implementation of security management and its approach to securing EPAM cloud infrastructure and containers.

The rise of DevOps methodologies has changed how software is developed and delivered -- and also how it's secured. As part of the "shift left" DevOps practice, there has been growing momentum for embedding security throughout the development cycle. Shifting left focuses on problem prevention instead of detection, so that DevOps teams can increase code quality, shorten test cycles and reduce the possibility of unpleasant surprises at the end of the development cycle—or, worse, in production. This session will explore how Qualys' native CI/CD integrations enable organizations to achieve their shift left goals securely.

With an increasing number of enterprises maintaining multiple cloud environments, a new approach is needed to maintain and secure these environments. Enterprises must continuously inventory these resources and assess them against best practices such as the CIS standards and cloud provider recommendations. In this session, you'll learn how Qualys CloudView collects rich metadata, and provides powerful search capabilities, advanced resource information like associations, and hundreds of out-of-the-box controls covering the CIS standards and best practices policies. With Qualys CloudView, you'll be able to quickly and continuously identify misconfigurations and minimize your multi-cloud attack surface

We're seeing an increase in the utilization of public cloud platforms, the adoption of cloud-native services, and the prevalence of multi-cloud deployments. These trends pose a visibility challenge for security teams tasked with managing vulnerabilities and achieving compliance across all cloud assets. Each cloud platform has a different toolset, which creates information silos and a mishmash of methods for consuming security-related data. This session will demonstrate how to integrate the Enterprise TruRisk Platform into your public multi-cloud infrastructure. First, we'll explore how to automatically create CloudView connectors for visibility into workload locations and account compliance. Next, we'll show options for deploying agents across clouds. Finally, we'll explain how to integrate Qualys vulnerability assessment findings with native security tools from public cloud platforms, so you can unify your vulnerability management program. Integrations will cover AWS/Security Hub, Azure/Security Center, and Google Cloud Platform/Cloud Security Command Center.

An effective container security program consists of scanning container images, running containers across the "build-ship-run" pipeline, and implementing runtime security to provide visibility and enforcement of in-container behavior. Proper implementation of runtime security is particularly important as it addresses several use cases, including attack mitigation, enforcement of security best practices, and monitoring. This session will cover the entire runtime security workflow using Qualys Container Runtime Security, including image instrumentation, policy tuning and runtime event management. We'll also cover various use cases for runtime security.

Using Qualys APIs, you can create automated processes for scanning and releasing new systems on your network. See how a financial institution has used this to their advantage and how easy it can be to use in your organization.

Managing Vulnerability and Compliance programs for ephemeral environments can be challenging. To effectively maintain the right security posture, gaining end-to-end visibility is critical. In this session, we will discuss how Informatica is embracing the "Shift Left" approach by integrating security best practices early in the DevOps process. Informatica leverages Qualys platform capabilities to address security issues in near real time to meet its Vulnerability Management, CIS Compliance and File Integrity Monitoring requirements using a single agent.

Misconfiguration of IT assets puts systems and data at risk for breaches, which is why it's essential for organizations to have a cyber hygiene plan. This is especially true today, because increasingly IT infrastructures are hybrid, with assets and data on premises, in public clouds and even in employees' homes. In this session, you'll learn how a good cyber hygiene plan serves as the foundation for better security and compliance programs that foster trusted systems and business processes. We will explain best practices around continuous cyber hygiene and policy enforcement at scale.

The surge in remote working has caused sensitive and critical data that is subject to regulatory compliance to increasingly reside outside of traditional asset and network boundaries. This increases the risk of data breaches or other cyber incidents. What's more, if you don't discover where your sensitive and critical data is, attackers will find it. This session will explore new capabilities from Qualys that allow automatic discovery and labeling of sensitive data across assets and tagging of assets for orchestrating further workflows to assess user access and monitor it for changes and suspicious activities.

Assessing an organization's compliance posture in near realtime, understanding current threat levels, and satisfying the auditor's requirement for an ongoing CIS/FedRAMP compliance can be tedious and resource-intensive. This session will show how Qualys File Integrity Management (FIM) helps organizations gain visibility to detect authorized and unauthorized changes, known good changes, and malicious activities. Expanded Qualys FIM capabilities include one-click assessment for CIS and FedRAMP compliance, and support to assess security posture based on MITRE framework.

As enterprises rapidly adopt SaaS applications, IT teams must manage and secure them. Qualys SaaS Security and Compliance (SSC) expands the Enterprise TruRisk Platform to provide a single console for IT administrators to manage security and compliance for their critical SaaS applications such as Google G Suite, Microsoft's Office 365, and Salesforce.com. In this session, we will review compliance capabilities as well as real-time reporting on malicious or careless data exposure.

Web applications are frequently exploited by attackers, often with catastrophic outcomes. Sometimes the web application and associated services represent the actual objective and in other cases the application layer serves as a gateway into your environment. What can we do to improve our knowledge of web application vulnerabilities and the external attack surface? How can we reduce the number of opportunities an attacker has to compromise our information and/or infrastructure?

As web applications and APIs rapidly increase, application security teams can get overwhelmed with scanning requirements. By integrating DAST scanning into the CI/CD pipeline, scans are automatically run as part of the normal build process. Learn how Qualys plugins let you empower developers to view scan results in their preferred environment and address security vulnerabilities proactively while securing the DevOps lifecycle.

One of the biggest challenges a web application security program can face is scaling testing efforts against a larger number of web sites. Whether you have a dozen sites or thousands of them, Qualys Web Application Scanning (WAS) makes scaling quick and painless. In this session, we'll explain Qualys WAS' multiple options to set up applications, schedules, and reporting. You'll learn how to leverage its UI features, automation, and APIs to get a fully automated solution up and running in no time.

The early days of RESTful APIs were like the Wild West, as APIs were not built with security in mind. Developers had no standard to describe APIs to consumers and documentation was done manually in an ad-hoc fashion. Eventually, a specification known as Swagger - now called OpenAPI – came onto the scene. Swagger/OpenAPI not only provides a standard way to describe an API, but it also offers an opportunity to harden it against attack. In this session, you will learn how APIs can be developed securely by leveraging the Swagger/OpenAPI specification.

As a cyber defender, assessing and rating your security posture is essential, and this maxim also applies to web application firewalls (WAFs). In this talk, we will explore how Qualys Web Application Scanning (WAS) evaluates true-positive and false-negative results from Qualys WAF and proposes actionable remediation. Using the Confusion Matrix and its scoring method, we will dive into the very true-positive and distinguish between true-bad and false-bad violations to get a clear picture of its efficiency in real scenarios.

With the evolving threat landscape and flexible work environments post-pandemic, security teams are under tremendous pressure to extend protection beyond the corporate network's traditional boundaries. It's no longer enough to follow the conventional model of concentrating security responsibilities within a single team. Security must be the responsibility of all stakeholders. Security teams need to add context, not just controls, at all stages of the SDLC process. Learn how Qualys security team's simple and practical approach can lead to an effective cybersecurity program with better business alignment and higher levels of compliance. Qualys development teams can consume and action on vulnerability information at the design and build phase. In due course, this approach has accelerated the overall delivery and avoided disruptive maintenance at Qualys.