Cyber Risk Series - Art of the Impossible: Navigating the Broken CMDB

Learn what industry leaders are tracking on their cyber assets

The modern attack surface is dynamic, and a periodically updated list of assets won’t secure your organization. CISOs and security teams need an actionable, risk-based approach to attack surface management to prioritize their riskiest assets amidst the sprawl.

Don’t miss this unique opportunity to hear industry experts offer their best advice on what security leaders need to know to protect their entire attack surface from growing threats and navigate far beyond the limitations of the CMDB.

Key topics:

  • Beware Your EoL/EoS Tech Debt
  • De-risking Your External Attack Surface
  • Bringing ITOps & Security Together
  • Asset Inventory Risk

May 8, 2024
9:00 AM – 1:00 PM PT

Something went wrong. Please try again.

Join us at the next Cyber Risk Series as we transform the CMDB into a resource for defending evolving attack surfaces.

Featuring

Sumedh Thakar
President and CEO
Qualys

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

Shira Rubinoff
President
Cybersphere

Beatrice Sirchis
VP Application Security IT – Cybersecurity
IDBNY

Kunal Modasiya
VP, Product Management, Attack Surface Management & AppSec
Qualys

Agenda

9:00 AM PT

Welcome to the Cyber Risk Series:
The Art of the Impossible: Navigating the Broken CMDB

Join us as we navigate the Broken CMDB for sessions packed with expert insights, thoughtful discussions and actionable strategies.

Shira Rubinoff
President
Cybersphere

9:05 AM PT

Turbocharging the CMDB to Address the Dynamic Challenges of the Evolving Attack Surface

Today’s rapidly evolving attack surface demands air-tight alignment between cybersecurity and IT teams. CISOs and security teams are working hard to assess risk across a dynamic technology environment. Still, that hard work falls apart if there’s no transparency with IT—the business unit responsible for patches, software upgrades, access controls, and other mitigation steps.

This session explores the critical imperative of turbocharging the CMDB with cyber risk context—allowing organizations to reduce cyber risk while limiting business disruption. 

Sumedh Thakar
President and CEO
Qualys

9:45 AM PT

OpenEoX: Revolutionizing Product Lifecycle Transparency for Cybersecurity

Software and hardware product lifecycles are critical factors for operational security, the OASIS Open OpenEoX initiative emerges as a crucial standardization effort. It aims to revolutionize how End-of-Life (EOL) and End-of-Support (EOS) information is shared and managed across the software and hardware industries. This presentation introduces OpenEoX, a collaborative endeavor supported by leading entities such as Qualys, Cisco, Microsoft, Red Hat, Siemens, BSI, and CISA, alongside an expanding consortium of industry stakeholders.

Through a common framework for EOL and EOS data dissemination, OpenEoX facilitates a more secure IT environment and aids in vulnerability management. This presentation delves into OpenEoX mechanics, showcasing its potential for proactive vulnerability management. It also explores its broader implications for the cybersecurity ecosystem and highlights its compatibility with Software Bill of Materials (SBOM), the Common Security Advisory Framework (CSAF), and Vulnerability Exploitability Exchange (VEX). Join us to discover how OpenEoX is shaping cybersecurity standards and bolstering organizational resilience against cyber threats.

Omar Santos
Cybersecurity and AI Security Research
OASIS Open

10:15 AM PT

Fireside Chat: A CISO’s Perspective on Attack Surface Management and the Limitations of the CMDB

In the ever-evolving landscape of cybersecurity, the traditional approach of relying solely on periodically updated lists of assets is becoming obsolete. The modern attack surface is dynamic and expansive, presenting new challenges for CISOs and security teams. Join us for an insightful fireside chat with a seasoned CISO as we delve into the critical issue of Attack Surface Management and the limitations of the CMDB.

Shira Rubinoff
President
Cybersphere

10:45 AM PT

Fast Track SLAs when Cyber Risk Meets CMDB

Remediation for critical security risks is arguably the most important SLA for your IT team. Reactive responses to security tickets expose the organization to cyber risk and create business disruption.

That’s why IDBNY takes a proactive approach to uniting IT and Security teams. Join this session to learn how Beatrice Sirchis, VP of Application Security at IDBNY connects her CMDB to her security program to achieve:

  • An always-up-to-date inventory in the CMDB 
  • Automated ticket assignment for critical remediation tickets 
  • Mapping EoL/EoS software to the CMDB up to 12 months in advance to prioritize upgrades

Most importantly, learn how her consolidated approach enables IDB Bank to stay agile and ahead of the curve—securely—when it comes to technology and innovation.

______________________________________________________________________________________________________________________________

Beatrice Sirchis
VP Application Security IT – Cybersecurity
IDBNY

11:15 AM PT

Session to be announced

______________________________________________________________________________________________________________________________

11:45 AM PT

The Ultimate Cyber Defense Partnership: Qualys and Your CMDB

The CISO might refer to the asset inventory within the security program while the CIO points to the CMDB. But why can’t they both be right? 

In this session, you’ll learn how the Qualys Enterprise TruRisk Platform leverages bi-directional sync with the CMDB to create a unified source of truth between the two platforms, including:

  • Adding business context from the CMDB to your security program (such as asset criticality, ownership, and support group) to drive accurate TruRisk Scoring and prioritization
  • Eliminating blind spots in your CMDB by adding previously unknown assets from the external attack surface and rogue IoT assets connecting to the network in real time
  • Mapping remediation tickets to the CMDB with 96% accuracy using Qualys tagging, cutting MTTR in half for critical vulnerabilities

Join us in bridging the IT-security gap and proving that the CISO and CIO are correct when it comes to a complete asset inventory.

Kunal Modasiya
VP, Product Mgmt, Attack Surface Mgmt & AppSec
Qualys