Cyber Risk Series - Art of the Impossible: Navigating the Broken CMDB

Unlock CMDB’s hidden potential for cybersecurity

Traditionally viewed as an IT operations tool, the CMDB has long been associated with tasks like tracking hardware and software assets, managing configuration changes, and facilitating IT service management. However, its potential as a security asset often goes overlooked.

Don’t miss this unique opportunity to learn why the CMDB deserves a prime spot in your cybersecurity strategy. You’ll hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate beyond the traditional limitations of the CMDB.

Key topics:

  • Beware Your EoL/EoS Tech Debt
  • De-risking Your External Attack Surface
  • Bringing ITOps & Security Together
  • Asset Inventory Risk

May 8, 2024
9:00 AM – 1:00 PM PT

Something went wrong. Please try again.

Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.

Featuring

Shira Rubinoff
President
Cybersphere

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

Bindu Sundaresan
Director
AT&T Cybersecurity

Beatrice Sirchis
VP Application Security IT – Cybersecurity
IDBNY

Mike Orosz
CISO
Vertiv

Sumedh Thakar
President and CEO
Qualys

Pablo Quiroga
Senior Director of Product Management
CSAM and EASM
Qualys

Kunal Modasiya
VP, Product Management, Attack Surface Management and AppSec
Qualys

Agenda

9:00 AM PT

Welcome to the Cyber Risk Series:
The Art of the Impossible: Navigating the Broken CMDB

Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.

Shira Rubinoff
President
Cybersphere

9:05 AM PT

Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface

Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.

This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption. 

Sumedh Thakar
President and CEO
Qualys

9:30 AM PT

OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

10:00 AM PT

A Fireside Chat: Unlocking the Power of CMDB – Strategies for Overcoming Challenges and Enhancing Cybersecurity Posture

In the modern enterprise, the CMDB is vital yet fraught with challenges. This fireside chat explores the CMDB’s pivotal role in asset management and cybersecurity. It will cover key IT and Security challenges such as:

  • Creating executive buy-in for addressing the impact of flawed CMDB on incident response and compliance.
  • Strategies for immediate assessment, data cleansing, and proactive risk mitigation.
  • The impact of disruptions caused by organizations neglecting CMDB data quality.

Join Shira Rubinoff, renowned cybersecurity advisor, global keynote speaker and influencer for a riveting discussion with Bindu Sundaresan, Director, AT&T Cybersecurity on the challenges of effectively managing the CMDB. Bindu brings extensive leadership and experience spanning over 20 years working with some of the world’s most innovative companies and industry frameworks, including NIST/ISO/HITRUST, regulatory requirements including PCI, NERC, and HIPAA.

Attendees will gain practical insights for CMDB optimization, including integration with IT management systems. Practitioners will learn to chart a path for effective CMDB utilization, bolstering security and operational resilience in today’s digital landscape. 

Shira Rubinoff
President
Cybersphere
Bindu Sundaresan
Director
AT&T Cybersecurity

10:30 AM PT

Fast Track SLAs when Cyber Risk Meets CMDB

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

  • An always-up-to-date inventory in the CMDB 
  • Automated ticket assignment for critical remediation tickets 
  • Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades

Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

______________________________________________________________________________________________________________________________

Beatrice Sirchis
VP Application Security IT – Cybersecurity
IDBNY

11:00 AM PT

The Ultimate Cyber Defense Partnership: Qualys and Your CMDB

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right? 

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

  • Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization
  • Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time
  • Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities

Kunal will be joined in the last session by the CISO of Vertiv, Mike Orosz for a discussion on how he bridges the IT-security gap and the importance of a complete asset inventory.

Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt and AppSec
Qualys

11:20 AM PT

The Step-by-Step Guide to Turbocharging Your CMDB

You know there are blind spots in the CMDB, and it keeps you awake at night. 

Are you missing external assets? What about the IoT/OT devices or BYOD on our network at any given time?

Even if your SecOps team finds those assets and discovers critical risk, your IT team has no records in the CMDB. While your team wastes precious time aligning on where to focus, the window is open for attackers.

Join us to see exactly how to locate these missing cyber assets and add them to the CMDB with comprehensive, real time risk assessment. When security teams identify cyber risk, IT teams will work from the same asset inventory and set of data to take remediation action immediately.

Pablo Quiroga, Senior Director of Product Management at Qualys will demonstrate real-world scenarios of cyber risk response using a bi-directional sync between the Enterprise TruRisk Platform and the CMDB to measure, communicate, and eliminate risk across IT and Security workflows.

Pablo Quiroga
Senior Director of Product Management
CSAM and EASM
Qualys

11:50 AM PT

Fireside Chat: Bridging the IT/Security Gap

Kunal Modasiya and Mike Orosz, CISO of Vertiv, will close out the Cyber Risk Series with a discussion on how Vertiv bridges the IT-security gap and the importance of a complete asset inventory.

Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt and AppSec
Qualys

Mike Orosz
VP, Global Information & Product Security, CISO
Vertiv