Qualys at Black Hat USA 2017: Best practices and case study presentations

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

There will be no lack of interesting content from Qualys at Black Hat next week. Depending on you interests, you might want to make time for some of these talks and presentations at booth #899.

qualys black hat usa 2017

Wednesday, July 26

10:20 AM – Achieving 2-Second Visibility with Qualys Cloud Agent
Jimmy Graham, Director of Product Management, Qualys

This talk focuses on how to use the Qualys Cloud Agent to enable instant, global visibility of IT assets including cloud server instances and occasionally connected remote users – with up-to-date asset configuration data for security and compliance. Attendees will learn how Cloud Agents can extend your Qualys network scanning deployment, how they deliver instant visibility into security, compliance, and remediation efforts, and how leading companies are using Cloud Agents in their environments.

11:05 AM – Leveraging Qualys Vulnerability Management and ThreatPROTECT for BU-Aligned Data Tagging and Reporting
Louise Quarles, Sr. Security Engineer, FiServ

Are you struggling to get your company’s threat and vulnerability data in front of the right teams for active response and remediation? Come and hear how Fiserv is using Qualys’ Vulnerability Management with ThreatPROTECT to provide meaningful and manageable dashboards and reports for Business Units of all sizes across the Fiserv enterprise.

11:50 AM – Remediation Prioritization with Qualys ThreatPROTECT
Jimmy Graham, Director of Product Management, Qualys

Learn how Qualys ThreatPROTECT adds real-time threat data to vulnerability detections, allowing vulnerability managers to narrow down and prioritize large numbers of vulnerabilities, without manually tracking thousands of vulnerability and exploit disclosures. This session will discuss the difficulty and ineffectiveness of manual prioritization, and will show how ThreatPROTECT RTIs (Real-time Threat Indicators) can be leveraged visually in a dashboard for quick and effective remediation prioritization.

12:35 PM – Building Security Tool Synergy
BJ Creasy, Security Architect, Genesys

Learn why and how organizations are applying the concept of “synergy” — combining or integrating several organizational groups for greater value-add — to their security tools as a strategy to build greater value for both infosec and the broader business. This talk highlights how Genesys used the Qualys Cloud Platform to combine and integrate Vulnerability Management and Asset Inventory tools for better IT asset management, and how security tool synergy can drive better integration and collaboration across infosec and IT teams.

1:20 PM – Using Qualys FIM to Track File Changes Across Global IT Assets
Tim White, Director of Product Management, Qualys

This talk will introduce how to use the new Qualys File Integrity Monitoring to identify and track change across internal IT environments. Learn how these innovations can help customers with change monitoring and compliance efforts, and can reduce the time needed to pinpoint where policy violations may have taken place, so teams can more quickly remediate them.

2:05 PM – Continuous Security and Visibility of Your Complete Public Cloud Infrastructure
Hari Srinivasan, Director of Product Management, Qualys

Learn how to extend continuous cloud security monitoring beyond instances, and gain total visibility of all your cloud services.

2:50 PM – Expand Current Vulnerability Management Programs by Eliminating Security Misconfigurations
Tim White, Director of Product Management, Qualys

Learn how to build configuration assessment into your overall Security & Vulnerability Management Program. This presentation will showcase how Qualys Security Configuration Assessment (SCA) helps expand your current Vulnerability management program by automating the configuration assessment and reporting of varied IT assets in a continuous manner. We’ll showcase out-of-the-box tools for Center for Internet Security (CIS) policies that feature a simple Web-based UI to customize the policies per your organization, collect data in agent-based and agent-less manner and leverage Qualys’ leading coverage across CIS benchmarks for technologies such as operating systems, databases, applications and network devices.

3:25 PM – Using Qualys WAS for a Secure Software Development Lifecycle
Robert Martin, Information Security Engineer, Cisco Systems, Inc.

As part of a mature and secure web application development lifecycle, continuous security scans are imperative to support the requirements of NIST SP 800-53v4 to support web application development for government customers. This continuous process must consist of automated scans coupled with manual testing. The focus of this presentation is to examine the requirements of NIST SP 800-53v4 as it relates to Web Application security and outline how Qualys WAS can help mitigate the web application security vulnerabilities throughout the web application development lifecycle.

4:10 PM – Application Security Scanning of REST APIs, and Modern Web Technologies
Frank Catucci, Director of Product Management, Qualys

Attendees will learn how Qualys WAS can effectively help appsec teams tackle the challenge of scanning of REST APIs, web services and modern web technologies that are traditionally very difficult and time consuming to test manually.

5:00 PM – Securing Containers with Qualys
Hari Srinivasan, Director of Product Management, Qualys

Learn about how Qualys’ new container security solution enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments. In this session, learn how to use Qualys to inventory and track container assets, identify vulnerabilities in images and containers, and incorporate security checks into the CI/CD pipeline, to remediate risks early within the development cycles.

6:00 PM – Achieving Visibility into Post Breach Detection with Qualys IOC
Jimmy Graham, Director of Product Management, Qualys

This session details the expansion of the Qualys Cloud Platform to include Indicator of Compromise (IOC) detection, one of two new products that deliver visibility into post-breach detection, as well using the Qualys Platform to remediate and harden systems, and avoid breaches. Malware infections are unavoidable – learn how Qualys Indicator of Compromise detection can help organizations detect and respond to infections faster to reduce the time that a potential breach or compromise can occur.

Thursday, July 27

10:20 AM – Vulnerability Management and Compliance for Elastic Public Cloud Instances
Hari Srinivasan, Director of Product Management, Qualys

Qualys solutions provide security and compliance for your cloud workloads across AWS, Azure and Google clouds. Come gain insights into how Qualys customers gain total visibility of their cloud server instances, identify vulnerabilities, and check compliance to help them keep up with shared security responsibility models.

11:05 AM – Leveraging Qualys Vulnerability Management and ThreatPROTECT for BU-Aligned Data Tagging and Reporting
Louise Quarles, Sr. Security Engineer, FiServ

Are you struggling to get your company’s threat and vulnerability data in front of the right teams for active response and remediation? Come and hear how Fiserv is using Qualys’ Vulnerability Management with ThreatPROTECT to provide meaningful and manageable dashboards and reports for Business Units of all sizes across the Fiserv enterprise.

11:50 AM – Container Security in the World of DevSecOps
Hari Srinivasan, Director of Product Management, Qualys

Containers are probably the most talked-about infrastructure technology of the past few years. With their rapid growth, containers are transforming the DevOps process with increased agility and delivery speed. Security teams need to be at the forefront of this change, and security processes need to shift left and into the developer’s build cycle.

12:35 PM – Using Qualys FIM to Track File Changes Across Global IT Assets
Tim White, Director of Product Management, Qualys

This talk will introduce how to use the new Qualys File Integrity Monitoring to identify and track change across internal IT environments. Learn how these innovations can help customers with change monitoring and compliance efforts, and can reduce the time needed to pinpoint where policy violations may have taken place, so teams can more quickly remediate them.

1:20 PM – Building Security Tool Synergy
BJ Creasy, Security Architect, Genesys

Learn why and how organizations are applying the concept of “synergy” — combining or integrating several organizational groups for greater value-add — to their security tools as a strategy to build greater value for both infosec and the broader business. This talk highlights how Genesys used the Qualys Cloud Platform to combine and integrate Vulnerability Management and Asset Inventory tools for better IT asset management, and how security tool synergy can drive better integration and collaboration across infosec and IT teams.

2:05 PM – Expand Current Vulnerability Management Programs by Eliminating Security Misconfigurations
Tim White, Director of Product Management, Qualys

Learn how to build configuration assessment into your overall Security and Vulnerability Management Program. This presentation will showcase how Qualys Security Configuration Assessment (SCA) helps expand your current Vulnerability management program by automating the configuration assessment and reporting of varied IT assets in a continuous manner. We’ll showcase out-of-the-box tools for Center for Internet Security (CIS) policies that feature a simple Web-based UI to customize the policies per your organization, collect data in agent-based and agent-less manner and leverage Qualys’ leading coverage across CIS benchmarks for technologies such as operating systems, databases, applications and network devices.

2:50 PM – Using Qualys WAS for a Secure Software Development Lifecycle
Robert Martin, Information Security Engineer, Cisco Systems, Inc.

As part of a mature and secure web application development lifecycle, continuous security scans are imperative to support the requirements of NIST SP 800-53v4 to support web application development for government customers. This continuous process must consist of automated scans coupled with manual testing. The focus of this presentation is to examine the requirements of NIST SP 800-53v4 as it relates to Web Application security and outline how Qualys WAS can help mitigate the web application security vulnerabilities throughout the web application development lifecycle.

3:25 PM – Application Security Scanning of REST APIs, and Modern Web Technologies
Frank Catucci, Director of Product Management, Qualys

Attendees will learn how Qualys WAS can effectively help appsec teams tackle the challenge of scanning of REST APIs, web services and modern web technologies that are traditionally very difficult and time consuming to test manually.

4:10 PM – Achieving Visibility into Post Breach Detection with Qualys IOC
Jimmy Graham, Director of Product Management, Qualys

This session details the expansion of the Qualys Cloud Platform to include Indicator of Compromise (IOC) detection, one of two new products that deliver visibility into post-breach detection, as well using the Qualys Platform to remediate and harden systems, and avoid breaches. Malware infections are unavoidable – learn how Qualys Indicator of Compromise detection can help organizations detect and respond to infections faster to reduce the time that a potential breach or compromise can occur.