Qualys at RSA Conference 2018: Best practices presentations from industry leaders
There will be no lack of interesting content from Qualys at this year’s RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations. Visit Qualys at Booth N3815 to hear best practices presentations from industry leaders.
Monday, April 16
5:10 – 5:35 PM
Continuous Security and Visibility of Your Complete Public Cloud Infrastructure
Hari Srinivasan, Director of Product Management, Qualys
Learn how to extend continuous cloud security monitoring beyond instances, and gain total visibility of all your cloud services.
5:50 – 6:15 PM
Achieving 2-Second Visibility with Qualys Cloud Agent
Chris Carlson, Vice President of Product Management, Qualys
Securing modern IT infrastructure requires instant visibility of global assets including elastic cloud workload instances, roaming users, and fixed purpose assets – with up-to-date asset configuration data for continuous security, compliance, and threat detection. Learn how Qualys Cloud Agents can extend your Qualys network scanning deployment; deliver instant visibility into security, compliance, and remediation efforts; and how leading companies are using Cloud Agents to secure their digital transformation efforts.
6:30 – 6:55 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires organizations to automate real-time visibility and tracking of their SSL certificate deployments. Learn how Qualys CertView helps customers extend DevSecOps to prevent downtime and disruption, audit and compliance failures, and mitigate risks associated with expired or weak certificates and vulnerable TLS configurations.
Tuesday, April 17
10:15 – 10:40 AM
Achieving 2-Second Visibility with Qualys Cloud Agent
Chris Carlson, Vice President of Product Management, Qualys
Securing modern IT infrastructure requires instant visibility of global assets including elastic cloud workload instances, roaming users, and fixed purpose assets – with up-to-date asset configuration data for continuous security, compliance, and threat detection. Learn how Qualys Cloud Agents can extend your Qualys network scanning deployment; deliver instant visibility into security, compliance, and remediation efforts; and how leading companies are using Cloud Agents to secure their digital transformation efforts.
10:55 AM – 12:25 PM
The Future of Humanity
Dr. Michio Kaku, Futurist, Physicist, Bestselling Author
World-renowned physicist and futurist Dr. Michio Kaku will lead us on an intimate journey from the cutting-edge developments of today to the stars and heights we once thought unattainable. A book signing of his just-released New York Times bestseller, The Future of Humanity, will follow.
12:40 – 1:05 PM
Achieving Instant Visibility of Enterprise Risk Posture
Peeyush Patel, VP of Information Security, Experian
Experian is custodian of more than a billion customers’ information globally. Through series of multiple acquisitions, Experian has a broad technology footprint that includes cloud, hybrid and on-premises environments and is managed in a federated and decentralized manner. Peeyush Patel, VP, Information Security at Experian will illustrate how the Qualys Cloud Agent enables instant, global visibility of IT assets – including cloud server instances and remote users – with up-to-date asset configuration data for security and compliance. Learn how Qualys has enabled Experian to automate and streamline security and compliance supporting business functions globally, without compromising speed to market.
1:20 – 1:45 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires organizations to automate real-time visibility and tracking of their SSL certificate deployments. Learn how Qualys CertView helps customers extend DevSecOps to prevent downtime and disruption, audit and compliance failures, and mitigate risks associated with expired or weak certificates and vulnerable TLS configurations.
2:00 – 2:25 PM
Integrating Qualys into DevOps on AWS – Building a Secure AMI Bakery
Emmanuel Enaohwo, Senior Manager, Vulnerability/Configuration Management, Capital One
Capital One is building security into the DevOps process by integrating Qualys Vulnerability Management and Policy Compliance into the EC2 AMIs within the bakery. This method optimizes the security certification process and streamlines rollout by embedding agents within every AMI. Come learn how DevOps teams can use Qualys Agents and the APIs to automate security and get instant visibility into their elastic cloud deployments.
2:40 – 3:05 PM
Securing Containers with Qualys
Hari Srinivasan, Director of Product Management, Qualys
Learn about how Qualys’ new container security solution enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments. In this session, learn how to use Qualys to inventory and track container assets, identify vulnerabilities in images and containers, and incorporate security checks into the CI/CD pipeline, to remediate risks early within the development cycles.
3:20 – 3:45 PM
Rapidly Assessing and Prioritizing Headline Vulnerabilities
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
HCA Healthcare has improved its ability to respond quickly to high-profile vulnerabilities and attacks by leveraging the Qualys Cloud Platform for more accurate and instant assessment on a larger scale. Using real-world examples including its timely responses to the Wannacry and Apache Struts attacks, Sarah Kennedy and Robert Sloan from HCA will discuss how Vulnerability Management and Threat Protection have helped HCA build new capabilities to initiate risk management for critical vulnerabilities within days instead of weeks, and better adhere to its own security policies.
4:00 – 4:25 PM
Expand Current Vulnerability Risk Management Programs by Eliminating Security Misconfigurations
Tim White, Director of Product Management, Qualys
Learn how to build configuration assessment into your overall Security & Vulnerability Risk Management Program. This presentation will showcase how Qualys Security Configuration Assessment (SCA) helps expand your current Vulnerability management program by automating the configuration assessment and reporting of varied IT assets in a continuous manner. We’ll showcase out-of-the-box tools for Center for Internet Security (CIS) policies that feature a simple Web-based UI to customize the policies per your organization, collect data in agent-based and agent-less manner and leverage Qualys’ leading coverage across CIS benchmarks for technologies such as operating systems, databases, applications and network devices.
4:40 – 5:05 PM
Using Metrics to Drive Compliance and Executive Awareness
Christopher Eng, Security Specialist, Tractor Supply Company
Tractor Supply, the largest rural lifestyle chain in the United States, is seeing steady growth of around 100 new stores per year, and an increasingly complex footprint of assets that need vulnerability management. Utilizing the Qualys Cloud Platform, TSC has overhauled and accelerated its metrics program from a cumbersome process to an automated one, and transformed the way that security and compliance data is delivered to the teams responsible for patching. It has in turn achieved significant compliance-related results from those teams. Learn the methods in which the Qualys API has been leveraged, as well as the tools used in conjunction with it to create powerful dashboards and reports that drive executive awareness of how TSC’s vulnerability management program delivers business results.
5:20 – 5:45 PM
Dynamic Web Application Testing in a DevOps World
Dave Ferguson, Director of Product Management, Qualys
The need to test web applications and APIs for vulnerabilities in an automated fashion is greater than ever. Testing resources are scarce and new code is being written at breakneck speed while the business wants it deployed to production immediately. Learn about new tools and capabilities in Qualys Web Application Scanning (WAS) that are being introduced to help you integrate application security testing into this fast-paced, DevOps environment.
Wednesday, April 18
10:15 – 10:40 AM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires organizations to automate real-time visibility and tracking of their SSL certificate deployments. Learn how Qualys CertView helps customers extend DevSecOps to prevent downtime and disruption, audit and compliance failures, and mitigate risks associated with expired or weak certificates and vulnerable TLS configurations.
10:55 – 11:20 AM
Continuously Assessing Web Application Security at Scale
Jason Phillips, Vulnerability Management Analyst, General Electric
Qualys Web Application Scanning (WAS) enables application owners to run dynamic application security testing (DAST) operations to continually assess their applications. Jason Phillips, leads WAS operations for General Electric, and will illustrate how GE successfully on boarded its application baseline into Qualys. Jason will cover some best practices and unpack how GE’s security team uses Qualys WAS to efficiently process a high volume of applications. He will discuss the importance of pre-processing your applications prior to import, and tips for providing app owners the reporting and data necessary to remediate and retest findings. This talk will provide practical guidance, highlighting several key features including bulk import, tags, authentication, the scheduler, and more.
11:35 AM – 12:00 PM
Achieving Instant Visibility of Enterprise Risk Posture
Peeyush Patel, VP of Information Security, Experian
Experian is custodian of more than a billion customers’ information globally. Through series of multiple acquisitions, Experian has a broad technology footprint that includes cloud, hybrid and on-premises environments and is managed in a federated and decentralized manner. Peeyush Patel, VP, Information Security at Experian will illustrate how the Qualys Cloud Agent enables instant, global visibility of IT assets – including cloud server instances and remote users – with up-to-date asset configuration data for security and compliance. Learn how Qualys has enabled Experian to automate and streamline security and compliance supporting business functions globally, without compromising speed to market.
12:25 – 12:50 PM
Achieving 2-Second Visibility with Qualys Cloud Agent
Chris Carlson, Vice President of Product Management, Qualys
Securing modern IT infrastructure requires instant visibility of global assets including elastic cloud workload instances, roaming users, and fixed purpose assets – with up-to-date asset configuration data for continuous security, compliance, and threat detection. Learn how Qualys Cloud Agents can extend your Qualys network scanning deployment; deliver instant visibility into security, compliance, and remediation efforts; and how leading companies are using Cloud Agents to secure their digital transformation efforts.
1:05 – 1:30 PM
Integrating Qualys into DevOps on AWS – Building a Secure AMI Bakery
Emmanuel Enaohwo, Senior Manager, Vulnerability/Configuration Management, Capital One
Capital One is building security into the DevOps process by integrating Qualys Vulnerability Management and Policy Compliance into the EC2 AMIs within the bakery. This method optimizes the security certification process and streamlines rollout by embedding agents within every AMI. Come learn how DevOps teams can use Qualys Agents and the APIs to automate security and get instant visibility into their elastic cloud deployments.
1:45 – 2:10 PM
Continuous Security and Visibility of Your Complete Public Cloud Infrastructure
Hari Srinivasan, Director of Product Management, Qualys
Learn how to extend continuous cloud security monitoring beyond instances, and gain total visibility of all your cloud services.
2:25 – 2:50 PM
Using Metrics to Drive Compliance and Executive Awareness
Christopher Eng, Security Specialist, Tractor Supply Company
Tractor Supply, the largest rural lifestyle chain in the United States, is seeing steady growth of around 100 new stores per year, and an increasingly complex footprint of assets that need vulnerability management. Utilizing the Qualys Cloud Platform, TSC has overhauled and accelerated its metrics program from a cumbersome process to an automated one, and transformed the way that security and compliance data is delivered to the teams responsible for patching. It has in turn achieved significant compliance-related results from those teams. Learn the methods in which the Qualys API has been leveraged, as well as the tools used in conjunction with it to create powerful dashboards and reports that drive executive awareness of how TSC’s vulnerability management program delivers business results.
3:05 – 3:30 PM
Securing Containers with Qualys
Hari Srinivasan, Director of Product Management, Qualys
Learn about how Qualys’ new container security solution enables customers to address security for containers in their DevOps pipeline and deployments across cloud and on-premises environments. In this session, learn how to use Qualys to inventory and track container assets, identify vulnerabilities in images and containers, and incorporate security checks into the CI/CD pipeline, to remediate risks early within the development cycles.
3:45 – 4:10 PM
Rapidly Assessing and Prioritizing Headline Vulnerabilities
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
HCA Healthcare has improved its ability to respond quickly to high-profile vulnerabilities and attacks by leveraging the Qualys Cloud Platform for more accurate and instant assessment on a larger scale. Using real-world examples including its timely responses to the Wannacry and Apache Struts attacks, Sarah Kennedy and Robert Sloan from HCA will discuss how Vulnerability Management and Threat Protection have helped HCA build new capabilities to initiate risk management for critical vulnerabilities within days instead of weeks, and better adhere to its own security policies.
4:25 – 4:50 PM
Dynamic Web Application Testing in a DevOps World
Dave Ferguson, Director of Product Management, Qualys
The need to test web applications and APIs for vulnerabilities in an automated fashion is greater than ever. Testing resources are scarce and new code is being written at breakneck speed while the business wants it deployed to production immediately. Learn about new tools and capabilities in Qualys Web Application Scanning (WAS) that are being introduced to help you integrate application security testing into this fast-paced, DevOps environment.
5:05 – 5:30 PM
Using Qualys FIM to Identify and Manage Change Incidents
Tim White, Director of Product Management, Qualys
Real-time change detection has become a critical element of maintaining operational hygiene across rapidly changing assets typical of DevOps infrastructure. This talk will introduce how Qualys File Integrity Monitoring identifies and tracks change incidents across global IT environments. Learn how customers are using FIM to efficiently correlate events, quickly identify and filter out noise, and track review of incidents to meet compliance requirements.
Thursday, April 19
10:15 – 10:40 AM
Threat Hunting and Post Breach Detection with Qualys IOC
Chris Carlson, Vice President of Product Management, Qualys
Vulnerability exploits are unavoidable, which is why enterprises must extend visibility beyond anti-virus for successful post-breach detection. This session details the expansion of the Qualys Cloud Platform to include Indication of Compromise (IOC) detection for better threat hunting and indicator of activity attacks. Learn how Qualys IOC detection can help organizations detect and respond to infections and threat activity faster and reduce the time that a potential breach or compromise can occur.
10:55 – 11:20 AM
Rapidly Assessing and Prioritizing Headline Vulnerabilities
Sarah Kennedy, Security Vulnerability Engineer, HCA Healthcare
Robert Sloan, Security Vulnerability Engineer, HCA Healthcare
HCA Healthcare has improved its ability to respond quickly to high-profile vulnerabilities and attacks by leveraging the Qualys Cloud Platform for more accurate and instant assessment on a larger scale. Using real-world examples including its timely responses to the Wannacry and Apache Struts attacks, Sarah Kennedy and Robert Sloan from HCA will discuss how Vulnerability Management and Threat Protection have helped HCA build new capabilities to initiate risk management for critical vulnerabilities within days instead of weeks, and better adhere to its own security policies.
11:35 AM – 12:00 PM
Continuous Security and Visibility of Your Complete Public Cloud Infrastructure
Hari Srinivasan, Director of Product Management, Qualys
Learn how to extend continuous cloud security monitoring beyond instances, and gain total visibility of all your cloud services.
12:30 – 12:55 PM
Continuously Assessing Web Application Security at Scale
Jason Phillips, Vulnerability Management Analyst, General Electric
Qualys Web Application Scanning (WAS) enables application owners to run dynamic application security testing (DAST) operations to continually assess their applications. Jason Phillips, leads WAS operations for General Electric, and will illustrate how GE successfully on boarded its application baseline into Qualys. Jason will cover some best practices and unpack how GE’s security team uses Qualys WAS to efficiently process a high volume of applications. He will discuss the importance of pre-processing your applications prior to import, and tips for providing app owners the reporting and data necessary to remediate and retest findings. This talk will provide practical guidance, highlighting several key features including bulk import, tags, authentication, the scheduler, and more.
1:05 – 1:30 PM
The Art of Vulnerability Management: from Running Scans to Managing Risk
Jimmy Graham, Director of Product Management, Qualys
To address the challenges of vulnerability detections increasing year over year, Qualys is introducing new ways to visualize vulnerability data, layering Real-time Threat Information on top of detected vulnerabilities to provide consistent and automated remediation prioritization.
Qualys is bringing AssetView technology to Qualys Vulnerability Management, allowing users to instantly search across vulnerabilities and create dynamic widgets and dashboards within the VM module. See the new VM Dashboard and instant search capabilities, a demo of Qualys Threat Protection, as well as a sneak peek at our new Reporting Module that will unify reports across the Qualys Cloud Platform.
1:45 – 2:10 PM
Integrating Qualys into DevOps on AWS – Building a Secure AMI Bakery
Emmanuel Enaohwo, Senior Manager, Vulnerability/Configuration Management, Capital One
Capital One is building security into the DevOps process by integrating Qualys Vulnerability Management and Policy Compliance into the EC2 AMIs within the bakery. This method optimizes the security certification process and streamlines rollout by embedding agents within every AMI. Come learn how DevOps teams can use Qualys Agents and the APIs to automate security and get instant visibility into their elastic cloud deployments.
2:35 – 3:00 PM
Get Full Visibility of Both Certificates and Underlying SSL/TLS Configurations and Vulnerabilities
Asif Karel, Director of Product Management, Qualys
Risk management in the age of DevOps and public clouds requires organizations to automate real-time visibility and tracking of their SSL certificate deployments. Learn how Qualys CertView helps customers extend DevSecOps to prevent downtime and disruption, audit and compliance failures, and mitigate risks associated with expired or weak certificates and vulnerable TLS configurations.