Vulnerability Management: Moving your organization from a tactical to a strategic posture

On-Demand Event

Earn up to 3 CPE credits by attending this virtual conference.

Vulnerability management is a core cybersecurity discipline that encompasses scanning, assessment and prioritization. Scanning for weaknesses is not enough, especially when businesses are expanding their work-from-home populations, adopting cloud-first postures and introduce new technologies. Successful vulnerability management requires a coordinated program, continuously executed, from detection to remediation.

SC Media will host a one-day virtual event on this important topic on July 20. Join our faculty of vulnerability management experts as they share their experience and explore the essentials, including:

  • Designing a vulnerability management process from the ground up
  • Identifying the tools, resources and processes that work best for your organization
  • Setting risk-acceptance criteria

Establishing a vulnerability management program is a key step in your organization’s progress toward its ideal state of cybersecurity. Register now.


11:00 AM ET
KEYNOTE | Real Life Applications of Privacy Risk and Threat Modeling
James Burd, Chief Privacy Officer, Cybersecurity and Infrastructure Security Agency (CISA) 

The regulatory approach to privacy has naturally resulted in organizations implementing “privacy protections by checklist,” making sure rigid and strict boxes are checked to achieve compliance, but that usually fails to account for the creativity of our adversaries. While a comprehensive list is good to have, the best way to combat privacy risks is to employ a similar model to what you currently use to approach security and supply chain risks — model your threats and develop strategies to combat them. 
Attendees to this session will learn:

  • How creative types of threats to privacy are not identified in checklists but through threat modeling
  • Examples of how privacy risks can be addressed in threat modeling 
  • How NIST’s Privacy Risk Framework can be used to mitigate those threats found during modeling.

11:30 AM ET
Visit exhibit hall

11:40 AM ET
Using automation to proactively reduce and manage vulnerability risk 
Jane Man, Director of Product Management-VRM, Rapid7 
Aniket Menon, Director of Product Management-SOAR, Rapid7 

The number and types of cyberattacks have been increasing dramatically while infosec personnel have been challenged to keep pace with all the vulnerabilities and incidents they now face. Since 76 percent of security leaders face a skills shortage, they are looking to vulnerability management automation to fill the gap. Automation is not just for the largest enterprises – we’ll discuss how small to mid-size organizations can get started on the automation journey and benefit from a more effective vulnerability management program. Join us to hear about how automation can help security teams: 

  • Address vulnerabilities and potential threats more quickly and efficiently
  • Improve collaboration and lessen the friction between IT and infosec teams 
  • Reduce manual repetitive tasks so they can focus on more critical activities. 

12:10 PM ET
Visit exhibit hall 

12:20 PM ET
The state of open-source vulnerabilities 2021 
Shiri Arad Ivtsan, Director of Product, WhiteSource Software 
Lena Kleyner, Product Manager, WhiteSource Software 

The pandemic in 2020 raised a lot of uncertainty in the software development industry and the overnight shift to work from home introduced new security threats.
WhiteSource ran research and took a deep dive into its extensive vulnerabilities database to gain valuable insights into the state of open-source security and learn how to keep up with the rapid pace of software development without leaving security behind.

Join Shiri Ivtsan, director of product, and Lena Kleyner, product manager, as they discuss:  

  • The reasons behind the 50% rise in the number of reported open-source vulnerabilities in 2020 
  • The importance of implementing secure coding from the earliest stages of the DevOps pipeline 
  • Why it’s crucial for security and development teams to prioritize security alert. 

12:50 PM ET 
Visit exhibit hall  
1:00 PM ET 
How to use intelligence for risk-based vulnerability management 
Justin Glatz, Sales Engineer II, Recorded Future  

Warnings of zero-day flaws in popular products by Microsoft, Adobe, Citrix, and many others make headlines seemingly every week. Yet zero-day threats don’t always equal top priority, and severity scores don’t tell the whole story. With less than 6% of vulnerabilities ever actually being exploited in the wild, security teams are wasting time on vulnerabilities that pose little or no risk.
Without timely context on exploitation trends, security teams struggle to identify and prioritize patching the most relevant vulnerabilities. Vulnerability intelligence is poised to solve the problem. By providing insights on what vulnerabilities are exploited in the wild, have proof of concept code, or are linked to malware, defenders can prioritize patching based on real risk.

Join this session to learn how to: 

  • Embed vulnerability intelligence directly into your existing workflows 
  • Empower your security team to defend against the vulnerabilities that pose the most risk to your organization 
  • Justify patching decisions to internal stakeholders. 

1:30 PM ET
Visit exhibit hall 

1:40 PM ET 
The top 5 mistakes everybody makes in vulnerability management and how to avoid them 
Yaniv Bar-Dayan, Co-Founder and CEO, Vulcan Cyber 

Vulnerability management initiatives too often fall short of the objective to secure digital infrastructure. Lots of scanning and vulnerability prioritization, but not a lot of actual remediation. Admittedly, moving from simple vulnerability management to deliberate vulnerability remediation isn’t easy. There are so many moving parts, with dozens of stakeholders and a crush of infrastructure with related vulnerabilities growing exponentially. 
Join Yaniv Bar Dayan, Vulcan Cyber co-founder and CEO, to learn how to avoid the top five mistakes everybody is making in vulnerability management.
You’ll learn: 

  • How you can avoid these mistakes by shifting the objectives from vulnerability management to vulnerability remediation 
  • How the Vulcan Cyber platform can help your team get fixes done through scan-to-fix risk and vulnerability remediation orchestration.

2:10 PM ET
Visit exhibit hall