Black Hat USA 2024
Want to Learn How to Manage Cyber Risk at the Speed of Business?
Visit us at booth 1320 to learn how the Qualys Enterprise TruRiskTM Platform can measure, communicate, and eliminate cyber risk—everywhere.
Qualys Sessions at Black Hat USA
IN-PERSON SESSION:
Business Hall Theater E
Manage Your AI and LLM Attack Surface by De-Risking Your AI Pipeline
August 7, 1:30 PM - 2:30 PM
Shailesh Athalye, Senior Vice President, Product Management, Qualys
AI and Large Language Models (LLMs) offer organizations the promise of security solutions with enhanced threat detection, predictive analytics, and automated responses. However, they also introduce new vulnerabilities and expand the attack surface, presenting unique risk management and remediation challenges.
Join us for an in-depth session exploring the complexities of securing AI and LLM deployments. This presentation will cover:
- Understanding the AI Attack Surface: Identify the potential vulnerabilities and attack vectors unique to AI and LLM systems as defined by tools like the OWASP Top 10 and the MITRE ATT&CK Framework.
- Risk assessment and mitigation strategies: Gain insights into best practices for assessing and mitigating risks associated with AI and LLM technologies.
- Real-world case studies: Examine scenarios where AI and LLM vulnerabilities have been exploited and learn from the successes and challenges faced by organizations in managing these risks.
Attendees will leave with actionable recommendations and tools to enhance the security posture of their AI and LLM initiatives. They will also learn how to effectively communicate the risks and benefits of AI to stakeholders while building a culture of security within their organization.
Booth sessions
10:20 AM
Preventing, Detecting and Responding to Malware and Ransomware Attacks in Cloud With TotalCloud Powered by Deep Learning AI Nayeem Islam, Vice President, Product Management, Qualys
Nayeem Islam's Bio
As cloud adoption has increased and data has moved to the cloud, attackers are increasingly interested in this data. In this presentation, we discuss deep learning AI to detect ransomware from development to runtime. As applications are developed, container registeries registries can be scanned, and at runtime network traffic and cloud logs are inspected using deep learning AI make sure ransomware is detected early. |
11:00 AM
Cintas’ Journey: Achieving Automated, Risk-Based Patch Management Tom Scheffler, Security Operations Manager, Cintas Join Tom Scheffler, Security Operations Manager at Cintas, to explore how Cintas revolutionized its patch management process. Leveraging Qualys Patch Management, TruRisk, and CyberSecurity Asset Management, Cintas achieved automated patching for severe threats within 24 hours, reducing cyber risk by 61%. In this session, you'll discover how these solutions enabled Cintas to:
Learn how Cintas' approach has strengthened its overall security posture against evolving cyber threats. |
11:40 AM
Remediating the Nightmares: Preparing To Reduce Risk Comprehensively With TruRisk Eliminate Eran Livne, Senior Director, Endpoint Remediation, Qualys
Eran Livne's Bio
Explore how Qualys Patch Management boosts enterprise security and compliance through robust, scalable automation and risk-based remediation. This session highlights the platform's ability to automate patching for Windows, Linux, Mac, and third-party apps from a central dashboard, targeting vulnerabilities with up to 90% efficiency. Integrated with VMDR, it maps detected vulnerabilities to the appropriate patches, enabling proactive security measures. We'll delve into zero-touch patching that prioritizes critical threats, optimizing Mean Time To Remediate (MTTR) and allowing IT teams to focus on strategic initiatives. Discover how Qualys enhances security frameworks and complements solutions like SCCM, ensuring comprehensive, risk-focused cybersecurity. |
12:20 PM
Securing AI and LLMs: Integrating Advanced Threats Into Your Vulnerability Management Framework Ashish Kar, Director, Product Management, Qualys Artificial Intelligence (AI) and Large Language Models (LLMs) are transforming industries with their advanced capabilities, but they also introduce new vectors of vulnerabilities and misconfigurations. In this talk, we will explore the critical importance of incorporating AI and LLM-specific security measures into a comprehensive vulnerability management program to allow teams to measure, communicate, and eliminate AI and LLM related risk. Attendees will gain insights into the unique challenges posed by AI applications, models, data, and infrastructure, as well as best practices for identifying and mitigating associated risks. This session will cover how to adapt traditional vulnerability management, asset management, and proactive patching strategies to address the complexities of AI systems, ensuring that your organization can harness the power of AI while maintaining a robust security posture. Join us to learn how to secure the next generation of intelligent technologies and integrate them seamlessly into your vulnerability management framework. |
1:00 PM
Your Cloud De-Risked With Qualys TotalCloud Kubernetes and Container Security Kunal Modasiya, VP, Product Management, Attack Surface Management & AppSec, Qualys In today's digital landscape, securing cloud-native applications is critical. "Your Cloud De-Risked with Qualys TotalCloud Kubernetes and Container Security" explores Qualys TotalCloud's comprehensive security solutions for Kubernetes and container environments. Key highlights include:
Join us to learn best practices for securing containerized applications, mitigating vulnerabilities, and ensuring compliance across cloud environments with Qualys TotalCloud. |
1:40 PM
Attack Surface Management as a Business Growth Driver Beatrice Sirchis, VP Application Security, IDBNY In a competitive financial services industry, IDB Bank invests heavily in technology as a competitive advantage, which comes with demands on the cybersecurity front. Join Beatrice Sirchis (VP of Application Security at IDBNY) to learn how she and her team prioritize asset discovery and continuous cyber risk assessment to enable digital investment for the bank, including:
Join this session to learn how to leverage your attack surface management program to drive positive business outcomes |
2:20 PM
De-Risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys Software Composition Analysis and VMDR Himanshu Kathpal, Senior Director, Product Management, Platform & Sensors, Qualys
Himanshu Kathpal's Bio
In today’s dynamic digital landscape, the rise of open-source components in application development presents both opportunities and challenges. High-profile attacks on widely used software packages underscore the urgent need to address vulnerabilities within the software supply chain. Join our session to discover how Software Composition Analysis (SwCA) with the same Qualys Cloud Agent provides comprehensive visibility into the software components used in your applications. This enables proactive identification and mitigation of vulnerabilities, preparing you for situations like the Log4j outbreak. You can integrate SwCA seamlessly into existing workflows for vulnerability management, ensuring efficient and automated reporting without disruption. Stay ahead of attackers with Qualys SwCA and enhance your software security today. |
3:00 PM
Enhancing Vulnerability Management With Threat Intelligence: A Strategic Approach Sandeep Potdar, Senior Director, Product Management, VMDR, Qualys
Sandeep Potdar
As cyber threats become more sophisticated, integrating threat intelligence into a vulnerability management program is essential for proactively defending against potential attacks. In this session, we will delve into the critical role that threat intelligence plays in identifying, prioritizing, and mitigating vulnerabilities within an organization's IT infrastructure. Attendees will learn how to leverage threat intelligence to enhance the accuracy of vulnerability assessments, improve risk prioritization, and enable more effective remediation strategies. By examining real-world case studies and best practices, this talk will provide actionable insights on how to integrate threat intelligence seamlessly into existing vulnerability management workflows, ultimately strengthening an organization's overall security posture. Join us to discover how to transform your vulnerability management program into a proactive and intelligence-driven defense mechanism against the ever-evolving threat landscape. |
3:40 PM
The Three Step Guide to Isolating Risk on Your External Attack Surface Sidharth Bhatia, Director, Product Management - CSAM & ESAM, Qualys External Attack Surface Management targets a simple goal for cybersecurity teams: Pinpoint the risk to internet-facing assets before attackers can strike. But with outdated scanning technology, the approach is riddled with unconfirmed asset records and false positive vulnerabilities. In this session, Siddharth Bhatia (Director of Product Management, Attack Surface Management), will outline a three-step approach to identify and isolate the most critical risks on your attack surface with a simple approach:
Cancel out the noise on your external attack surface with this interactive booth session! |
4:20 PM
TruRisk/Toxic Combination Session – TotalCloud TruRisk Insights Report Nayeem Islam, Vice President, Product Management, Qualys
Kunal Modasiya's Bio
Prioritizing risk in the cloud is complex, and it's easy to be deluged by signals with differing indications of what to prioritize. In this session, we describe TruRisk Insights, which correlates risk indicators from diverse sources, providing you with a single prioritized view of your cloud risk landscape with actionable insights so you can fix what matters the most... first. TruRisk Insights algorithmically correlates vulnerabilities, misconfigurations, cloud entitlements, and active threats to create a single list of issues to address. |
5:00 PM
Redefining Incident Response in 2024: Integrating Vulnerability Management and EDR Andrew Morrisett, Director, Product Management, Endpoint Security, Qualys In today’s rapidly evolving cyber threat landscape, threat actors are increasingly exploiting Common Vulnerabilities and Exposures (CVEs) as a gateway for initial compromises. Often, Security Operations Center (SOC) teams overlook the critical role of CVEs in the incident response process, resulting in incidents that spread rapidly due to the lack of real-time intelligence and correlation between CVEs and malware. |
Visit us at our booth and win prizes
Stop by booth 1320 to meet with our product managers, technical account managers, and other experts.
Attend one of our in-person booth presentations and enter the chance to win one of our great prizes! Must be present to win.
Meet with a Qualys Expert
Himanshu Kathpal
Sr. Director, Product Management, Platform, Qulays
Himanshu Kathpal is senior director of Product Management at Qualys. He has over 13 years of experience in cybersecurity and product management, with a specialization in vulnerability management, remediation, and next-generation endpoint security. Himanshu is passionate about developing security solutions that align with the company’s cybersecurity product strategy to meet customer needs, reduce the attack surface, and strengthen the organization’s security posture. He holds a master’s degree in engineering from D.Y.Patil University, Pune, as well as an MBA in International Business Management from NMIMS, Mumbai.
Nayeem Islam
Vice President, Product Management, Qualys
Nayeem Islam is the Vice President of Product Management at Qualys for the TotalCloud initiative. Prior to joining he was founder and CEO of Blue Hexagon, a cloud security company that pioneered the use of AI to detect cloud threats. Blue Hexagon is now part of Qualys.
Shailesh Athalye
Senior Vice President, Product Management, Qualys Inc.
As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.
Lavish Jhamb
Sr. Product Manager, Compliance Solutions, Qualys
Lavish Jhamb is Solution Architect for Compliance Solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.
Eran Livne
Senior Director, Endpoint Remediation, Qualys
Eran Livne is Senior Director, Endpoint Remediation at Qualys, leading a team tasked with helping customers improve their security posture through cross-platform vulnerability remediation. He has more than 20-years of product management and computer science experience working in diverse IT and security markets. In 2014, Eran founded mobile security company, LetMobile, acquired by Ivanti. Following the acquisition, he drove Ivanti’s enterprise security and endpoint security and management solutions. Eran holds a bachelor’s degree in computer science from Tel Aviv University and an MBA in high-tech business administration from Technion - Israel Institute of Technology.
Kunal Modasiya
Vice President, Product Management, Attack Surface Management & AppSec, Qualys
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.
Sandeep Potdar
Senior Director, Product Management, VMDR, Qualys
As Senior Director of Product Management, Sandeep Potdar leads product strategy and its execution for the Qualys VMDR product portfolio. He is an Engineer-turned-Architect-turned-PM, with close to 2 decades of experience in Enterprise Software and Cybersecurity domains and an extensive consulting experience in various Retail, Banking, Insurance, Travel, and Manufacturing Fortune 500 companies. Prior to joining Qualys, he led Platform and Product Management at Tenable. Before that, he led Product Management at WhiteHat Security and launched several Application Security products. Sandeep has a bachelor’s in computer science engineering from Visvesvaraya Technological University, India and a certificate of business excellence from Haas School of Business, University of California, Berkeley.