Technology Briefing Series
These brief (~20 min) webcasts offer best practices and thought leadership on a variety of security and compliance topics, including: Vulnerability Management, Policy Compliance, PCI Compliance, Web Application Security, Malware Detection.
Archived Recordings
Weathering a Storm of Vulnerabilities
Presenter: Corey Bodzin, Director, Product Management, Qualys, Inc.
Abstract: Security professionals are confronted with more and more issues detected during scans, and system administrators face a veritable blizzard of patches to apply. Both are looking for help in determining how to prioritize their efforts to make the best use of limited time, personnel, and budgets. This 30-min presentation discusses how remediation efforts can be prioritized by looking at the exploitability, associated Malware, and solutions associated with vulnerabilities found in the typical corporate environment.
Mitigating Network Security Risks Through Shared Vulnerability and Threat Intelligence
Featured Speaker: Jon Cook (Sr. Network Security Architect), TransUnion, LLC
Speakers: Richard Park (Sr. Product Manager), Sourcefire; Eric Perraudeau (Sr. Product Manager), Qualys
Abstract: In this 30-minute live webcast, Jon Cook of TransUnion discusses how they’ve successfully enhanced their IPS/IDS with vulnerability management data – enabling TransUnion to improve security and reduce workload. This session provides real-world examples of how QualysGuard’s vulnerability intelligence can complement Sourcefire’s threat intelligence to achieve robust network protection. Specifically, you learn how QualysGuard can improve Sourcefire IPS impact assessment.
A Recipe for Streamlined Vulnerability Patching
Presenter: Corey Bodzin, Director, Product Management, Qualys, Inc.
Abstract: The task of applying patches to address new vulnerabilities can be a frustrating cycle of discovery, review, remediation, and verification. There are many tasks within each of the steps that are routinely performed by IT professionals, but how many of those steps are actually worth the effort? This 20 min presentation discusses the specifics of how patching can be streamlined and simplified.
Evolving Your Security: From Vulnerability Assessment to Vulnerability Management
Presenter: Corey Bodzin, Director, Product Management, Qualys, Inc.
Abstract: Performing Vulnerability Assessments is a well-understood component of managing risk in a modern IT environment. Maturing from assessments to management is, however, a non-trivial task that requires attention in many different aspects: Discovery, Assessment, Analysis, Reporting and Remediation. This presentation discusses the specifics of what is required to evolve to a robust Vulnerability Management program that includes the operational processes and technologies needed to discover and remediate security weaknesses before they are exploited.
The Laws of Vulnerabilities Research - Categorized by Industry
Presenter: Wolfgang Kandek, Chief Technology Officer, Qualys, Inc. (Hosted by the RSA Conference)
Abstract: The Law of Vulnerabilities is a unique view of vulnerability data compiled from millions of systems and gathered from over 100 million scans. Within 24 months, critical vulnerabilities were identified on real-world systems and categorized by industry. This research shows critical vulnerabilities and relationship to threats, time-to-patch trends and other factors that affect remediation efforts.
A Lesson in Higher Education IT Security: Network and Server Vulnerability Management
Presenter: Walter Petruska, Chief Information Security Officer at University of San Francisco
Abstract: Securing your college or university’s network and servers from malicious attacks, internal threats, and service interruptions can be a daunting challenge. With limited resources and budget, IT security is under constant pressure to protect a growing network with fewer resources. This session will provide insight regarding the best-practices approach and automated tools USF utilizes to efficiently manage network risk.
Justifying IT Security: Managing Risk & Keeping Your Network Secure
Presenter: Ira Winkler
Abstract: The goal of a security program is to choose and implement cost effective countermeasures that mitigate the vulnerabilities that will most likely lead to loss. This webcast discusses the management of Risk and how Vulnerability Management is one of the few counter-measures easily justified by its ability to optimize risk.
Understanding & Selecting a Database Assessment Solution
Presenter: Adrian Lane, Analyst & CTO at Securosis
Abstract: This webinar will provide the information necessary to understand the value of database assessments and properly evaluate products both individually and head-to-head so you can avoid common problems that occur in assessing databases.
Cloud Computing: A Positive Disruption for IT Security
Host: Chenxi Wang, Forrester Research
Panelists: John N. Stewart, VP and CSO, Cisco Systems, Inc., and Philippe Courtot, CEO, Qualys, Inc.
Abstract: The software industry is entering another age of astonishing innovation. One where data and information are readily available anywhere, anytime, and on any device. However, with all the innovation and benefits associated with Cloud Computing offerings come new risks and challenges for security professionals. In this webcasts panelists discuss how leading organizations are embracing the shift to the Cloud and the best practices to strenthen an organization's cloud computing environment.
Fast Track: Planning & Deploying an Effective Vulnerability Management Program
Presenter: Steve Ouzman
Abstract: This webcast covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Planung & Umsetzung eines effektiven Programms für Schwachstellenmanagement
Presenter: Stephan Siedler
Abstract: Dieser Webcast umfasst die grundlegenden Komponenten einer erfolgreichen Schwachstellenmanagement-Anwendung die es Ihnen ermöglicht proaktiv und umfassend Risiken zu identifizieren um Ihr Netzwerk und Ihre Assets zu schützen.
Déployer un projet de gestion des vulnérabilités
Presenter: Eric Perraudeau
Abstract: Ce séminaire en ligne couvre les aspects essentiels d’un programme de gestion de vulnérabilités, vous permettant en retour d’identifier les risques de manière proactive afin de protéger votre réseau et les éléments critiques de l’Entreprise.
ABC's of Securing Educational Networks
Presenter: Jonathan Bitle
Abstract: This webcast covers real-world examples of how today’s security professionals at educational institutions are protecting their networks.
New Requirements for Security and Compliance Auditing in the Cloud
Presenter: Matt Alderman
Abstract: This session provides a brief history of traditional IT audit, compliance, and security concerns, current conditions driving cloud adoption, and how to transform IT audit, compliance, and security in the cloud. Cloud adoption is real, so learn how to prepare your organization, tools, and processes for these changes before migration begins.
Automating Policy Compliance and IT Governance
Presenter: Jason Creech
Abstract: This webcast covers the foundations of a successful IT Governance and Policy Compaliance program and how your organization can seamlessly align IT controls and processes with strategic business objectives.
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
Presenter: Jason Creech
Abstract: This 20-min webcast describes seven typical IT security compliance errors and outlines the best practices you can immediately apply to your environment to help your company achieve compliance.
Delivering IT Compliance Solutions in the Cloud
Presenter: Jason Creech
Abstract: This 20-min presentation focuses on how cloud computing is changing the way organizations are meeting their compliance objectives – efficiently and cost-effectively. In addition, Jason outlines a best-practice approach to address even the most complex IT compliance initiatives.
10 Tips to Achieve PCI Compliance
Presenter: Jim Bibles
Abstract: In this brief 20 minute webcast session, Jim Bibles shared Ten Best-Practice tips that merchants need to focus on, in order to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program..
ABC’s of PCI Validation: A Merchant's Guide to Working with Your Acquirer
Presenter: James Bibles
Abstract: Trying to get your hands around the PCI Data Security Standard and work with your Acquirer to achieve compliance can be a daunting task – especially if your organization has limited time and resources. In this 20-min briefing, Merchants receive practical, straightforward answers to working with your Acquirer.
How to Prioritize PCI DSS Compliance
Presenter: Anton Chuvakin and Terry Ramos
Abstract: Using the recently released PCI Council “Prioritized Approach” guidance, this 20-min briefing discusses how organizations can effectively focus their PCI DSS implementation efforts in order to ensure the security of cardholder data, reduce information risk and protect the organization --- all while on the shortest path towards PCI DSS validation.
PCI Compliance 2008: What You Need to Know
Presenter: Sumedh Thakar
Abstract: This webcast covers the key facts you need to know about the current and upcoming PCI compliance requirements. In less than 30 minutes, this session gives you the straightforward breakdown on all the new PCI changes. You'll also learn about today's best practice methodologies used by leading organizations to achieve compliance and avoid penalties.
PCI Myths: Common Mistakes and Misconceptions About PCI
10 Tips to Achieve PCI Compliance
Web Application Security (WAS) When HTML Goes Bad: Inside XSS, CSRF, and Malware… Web Application Security 101 - What You Need to Know Les bases de la Sécurité des Applications web - ce que vous devez savoir Web Application Security 101 - Was Sie wissen müssen Web Application Security - Dynamic Application Security Testing (DAST) Vs Static Application Security Testing (SAST) Building and Maintaining a Proactive Security Program for Web Sites - Introducing Qualys GO SECURE Service Protect Your Web Sites from Serving Malware - Introducing QualysGuard Malware Detection Service
Presenter: Anton Chuvakin
Abstract: The briefing covers PCI DSS-related myths and misconceptions that are common among some merchants and other organizations dealing with PCI DSS challenges. Mistakes related to technical and process side of PCI, self-assessment and audits as well as PCI validation requirements will be discussed. The information will be useful to all merchants dealing with credit card information and thus struggling with PCI DSS mandates.
Presenter: Terry Ramos and Sumedh Thakar
Abstract: In this brief webcast session, Terry Ramos and Sumedh Thakar share the 10 Best-Practice tips merchants need to focus on to achieve PCI Compliance, protect cardholder data, and establish a successful risk reduction program.
Presenter: Michael Shema
Abstract: This webcast highlights how modern attacks target the web browser – and the best practices to safeguard your web applications against these risks. The slick interfaces and high interactivity of modern web sites rely on a handful of technologies built into browsers. The combination of HTML, CSS, and JavaScript provides these rich user experiences and desktop-like applications. Yet these powerful capabilities can also be compromised to steal data and make money for criminals and vandals.
Presenter: Michael Shema
Abstract: This brief session will present the basics of Web Application Security and how to safeguard your web infrastructure against the most prevalent online threats and security risks, such as: cross-site scripting (XSS) attacks, SQL injection, directory traversals, and other web vulnerabilities. Learn how to proactively identify critical web application vulnerabilities and take corrective actions to minimize risks.
Presenter: Francois Larouche
Abstract: Lors de cette mise au point technologique, nous serons ravis de vous présenter les bases de la Sécurité des Applications Web et comment sauvegarder votre infrastructure Web contre les menaces en ligne les plus répandues et les risques de sécurité, tels que: le cross-site scripting (XSS), les attaques par injection SQL, les "directory traversals", et autres vulnérabilités Web. Apprenez à identifier de manière proactive les vulnérabilités des applications web critiques et à prendre les mesures correctives pour minimiser les risques.
Presenter: Leif Kremkow
Abstract: Diese kurze Session führt sie in 20 – 30 Minuten in die Grundlagen der Web Application Security ein und zeigt, wie Sie Ihre Web-Infrastruktur vor den häufigsten Online-Bedrohungen und Sicherheitsrisiken schützen können, wie etwa Cross-Site Scripting (XSS)-Angriffen, SQL-Injection, Directory Traversals und anderen Web-Schwachstellen. Dabei erfahren Sie, wie Sie kritische Schwachstellen in Webanwendungen proaktiv finden und Korrekturmaßnahmen einleiten können, um die Risiken zu minimieren.
Presenter: Will Bechtel
Abstract: DAST and SAST both identify web application vulnerabilities - but they do it in different ways that give each an advantage for certain categories of vulnerabilities. Join Will Bechtel in a high level review the categories of web application vulnerabilities that each of the testing methods excel in and the situations in which one may provide more value than the other as well as when using both is the best approach.
Presenter: Sean Molloy, Director of Engineering, Qualys, Inc.
Abstract: As more and more business is transacted over the Internet, it is important for consumers to know that the web sites they visit are taking online security seriously. Web site owners need to be able to demonstrate to their online customers that they are being proactive about the security of their web sites. By using Qualys GO SECURE, businesses can demonstrate that their web sites are following rigorous security testing procedures on a regular basis. This presentation includes a demonstration of the Qualys GO SECURE service and seal.
Presenter: Brett Hardin, Product Manager at Qualys
Abstract: Thousands of web sites are infected with malware daily and unknowingly propagating the infection to visitors of their sites. To combat these rapidly spreading threats, Qualys is introducing a free new anti-malware service. QualysGuard Malware Detection lets businesses proactively scan their web sites for malware infections and threats. This presentation focuses on how to prevent drive-by malware from being served from your business web sites. It includes a demonstration of the QualysGuard Malware Detection service.