QSC 2022: That’s a Wrap!

Over the years, the threat landscape has exploded, and bad actors have become increasingly sophisticated, making the demand for cloud security platforms – that save security teams time and increase efficiency – a must-have for every cyber arsenal. This was underscored last week at QSC 2022 Las Vegas, where it quickly became clear that customers want to get more for their money and use a platform with a suite of integrated solutions that work well together.

Showcased throughout the conference was how Qualys has built up the company with a focus on the customer and the aim to give them what they need, and more importantly, something that works. 

CyberSecurity 2023: 7 Macro Trends That Will Define the Future

Frank Dickson, the Group VP for IDC’s Security & Trust Research arm, kicked off the last day of the conference underscoring that, “we have to get more strategic about security,” and offered seven different trends that he is watching from various survey instruments IDC has completed.

Dickson spoke about how digital transformation has evolved to mean something different to us, especially now that many more businesses are running viable digital-first operations. “Layer 7 – the applications – is the new network layer, so application security is crucial.” Other trends mentioned were a growing sophistication among hackers that are producing more targeted ransomware, hiring the right collection of skilled security professionals and having to wade through numerous security tools. “There are more than 4000 products in the Amazon security marketplace,” he said. This presents challenges for potential security purchases because more buyers are coming from the line of business versus IT departments.  

Get More Efficient: Operationalize Cyber Risk Reduction with Patch Management

Eran Livne, the Senior Director of Endpoint Remediation for Qualys, bemoaned the fact that the security team is often composed of different people from the team that actually fixes the issues found. He introduced one of his customers, Alex Alvanos, the Senior Director of IT Security for Global Lending Services, which like many other companies, had to migrate from an all-onsite to an all-remote staff thanks to Covid. This created all sorts of IT headaches, “we couldn’t do proper scans, we had problems with our VPN implementation, and our patching schedules didn’t work on remote machines.” But thanks to Qualys’ Cloud Agent, they were able to use its powerful automation features to scan and patch everywhere. “We were able to reduce our risks and provide real-time visibility and SLA dashboards to keep us effective and see a 50% improvement in staff time and able to detect and resolve 86% of vulnerabilities within 30 days.”

Panel Discussion on Preventing Software Supply Chain Attacks: An Executive Imperative

A panel discussion amongst security executives, moderated by Jonathan Trull, the CISO & SVP of Security Solution Architecture for Qualys, dove into preventing software supply chain exploits. The session began by discussing the wide range of software supply chain security problems, showing that these can happen at any place along the chain – malware-laden GitHub source codes, compromising and modifying builds, using malicious dependent code or packages and delivering or downloading infected code elements. Trull cited the recent US executive order, mentioning the need to instill trustworthiness and transparency of our digital infrastructure.

The panel amplified his remarks and mentioned some of their struggles this past year on resolving log4j issues, and finding other malicious dependencies throughout their code base. They also unanimously voiced their frustrations with tracking software supply chain issues. 

Get More: Transform Your Web Application Security Program with Qualys WAS

John Delaroderie, the Director of Product Management for Web App Security for Qualys, said that last year’s scans found issues covering broken access controls, various code injections and security misconfigurations. He introduced Besong Tambeagbor, an Application Security Consultant in Threat and Vulnerability Management for Aflac. The insurer is using Qualys WAS to scan 50 different web apps, and is bringing on board many more.

Tambeagbor mentioned some of the reasons why her company went with Qualys, including having useful out of box functionality along with Japanese language support and integration with their SIEM. “This gives us visibility with our leadership and also helps us to measure our success with the software. We reduced by half the highest vulnerability count in the last year and were also able to pinpoint our web app vulnerabilities more precisely. Our developers can read the scan reports and act upon them on their own so there is an instant feedback loop.” 

To find out more about how Qualys solutions can solve security challenges visit the Qualys site. And don’t forget to keep an eye out for the sessions from QSC 2022 Las Vegas available online in the coming days.

This post was first first published on Qualys Security Blog’ website by David Strom. You can view it by clicking here