9:00 AM PT

Welcome to the Cyber Risk Series:
The Art of the Impossible: Navigating the Broken CMDB

Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.

9:05 AM PT

Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface

Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.

This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption. 

9:45 AM PT

OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

10:15 AM PT

Fireside Chat: A CISO’s Perspective on Attack Surface Management and the Limitations of the CMDB

In the ever-evolving landscape of cybersecurity, the traditional approach of relying solely on periodically updated lists of assets is becoming obsolete. The modern attack surface is dynamic and expansive, presenting new challenges for CISOs and security teams. Join us for an insightful fireside chat with a seasoned CISO as we delve into the critical issue of Attack Surface Management and the limitations of the CMDB.

10:45 AM PT

Fast Track SLAs when Cyber Risk Meets CMDB

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

• An always-up-to-date inventory in the CMDB 
• Automated ticket assignment for critical remediation tickets 
• Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades

Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

______________________________________________________________________________________________________________________________

11:15 AM PT

Session to be announced

______________________________________________________________________________________________________________________________

11:45 AM PT

The Ultimate Cyber Defense Partnership: Qualys and Your CMDB

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right? 

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

• Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization
• Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time
• Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities

Join us in bridging the IT-security gap and proving that the CISO and CIO are correct when it comes to a complete asset inventory.